Patch Management Report
Back to summary report
Company: Example, Inc.
F
Bad
Scan Date: October 05, 2017
Description: Company asset system versions are collected from internet-wide scanners like Censys, Shodan, Zoomeye etc. These version numbers are converted into the corresponding common platform enumeration number (CPE-ID) and are correlated with NIST NVD and MITRE CVSS databases to detect and approximate any unmitigated known vulnerabilities.
This report category has 8% effect on total scan score.
Contents:

Patch Management Overview

Domain # of Asset(s) Total CVSS Score Total # of Vuln(s)
example.com 10 913.1 154

Top Riskiest Assets (10)

Domain Asset(s) Service(s) Total CVSS Score # of Vuln(s)
example.com

192.168.102.102

    openssl/1.0.1
    apache/2.2.15
    124.0 20
    example.com

    192.168.102.101

      openssl/1.0.1
      apache/2.2.15
      124.0 20
      example.com

      teachin.example.com

      • 162.243.156.217
      php/5.5.9
      apache/2.4.7
      114.3 20
      example.com

      192.168.90.91

        php/5.2.6
        apache/2.2.10
        97.8 18
        example.com

        192.168.27.5

          apache/2.2.6
          openssl/0.9.8
          95.7 19
          example.com

          192.168.27.4

            apache/2.2.6
            openssl/0.9.8
            95.7 19
            example.com

            mmdapply.example.com

            • 170.104.63.132
            microsoft .net_framework/4.0
            microsoft iis/7.5
            68.6 9
            example.com

            ommpsystem.example.com

            • 170.104.63.8
            microsoft .net_framework/4.0
            microsoft iis/7.5
            68.6 9
            example.com

            192.168.112.10

            • hscourses.hecc.example.com
            php/7.0.10 62.5 10
            example.com

            192.168.101.147

              apache/2.2.3 61.9 10


              Possible Vulnerabilities (457)

              Asset(s) Service / Application Version
              CPE ID
              CVE/CWE ID CVSS
              example.com

              192.168.81.15

              • mobile.uc.example.com

              Service Version:

              apache coyote/1.1
              cpe:/a:apache:coyote_http_connector:1.1
              CVE-2005-2090 4.3

              Description:

              Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

              References:

              https://nvd.nist.gov/vuln/detail/CVE-2005-2090
              example.com

              192.168.89.83

                Service Version:

                apache coyote/1.1
                cpe:/a:apache:coyote_http_connector:1.1
                CVE-2005-2090 4.3

                Description:

                Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

                References:

                https://nvd.nist.gov/vuln/detail/CVE-2005-2090
                example.com

                192.168.96.231

                  Service Version:

                  apache coyote/1.1
                  cpe:/a:apache:coyote_http_connector:1.1
                  CVE-2005-2090 4.3

                  Description:

                  Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

                  References:

                  https://nvd.nist.gov/vuln/detail/CVE-2005-2090
                  example.com

                  192.168.102.94

                    Service Version:

                    apache coyote/1.1
                    cpe:/a:apache:coyote_http_connector:1.1
                    CVE-2005-2090 4.3

                    Description:

                    Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

                    References:

                    https://nvd.nist.gov/vuln/detail/CVE-2005-2090
                    example.com

                    appellate-public.courts.example.com

                      Service Version:

                      apache coyote/1.1
                      cpe:/a:apache:coyote_http_connector:1.1
                      CVE-2005-2090 4.3

                      Description:

                      Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

                      References:

                      https://nvd.nist.gov/vuln/detail/CVE-2005-2090
                      example.com

                      192.168.100.157

                        Service Version:

                        microsoft iis/7.0
                        cpe:/a:microsoft:iis:7.0
                        CVE-2008-0074 7.2

                        Description:

                        Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

                        References:

                        http://www.us-cert.gov/cas/techalerts/TA08-043C.html
                        http://www.vupen.com/english/advisories/2008/0507/references
                        http://marc.info/?l=bugtraq&m=120361015026386&w=2
                        example.com

                        192.168.100.158

                          Service Version:

                          microsoft iis/7.0
                          cpe:/a:microsoft:iis:7.0
                          CVE-2008-0074 7.2

                          Description:

                          Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

                          References:

                          http://www.securityfocus.com/bid/27101
                          https://nvd.nist.gov/vuln/detail/CVE-2008-0074
                          http://www.securitytracker.com/id?1019384
                          example.com

                          192.168.100.159

                            Service Version:

                            microsoft iis/7.0
                            cpe:/a:microsoft:iis:7.0
                            CVE-2008-0074 7.2

                            Description:

                            Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

                            References:

                            http://www.us-cert.gov/cas/techalerts/TA08-043C.html
                            http://www.vupen.com/english/advisories/2008/0507/references
                            http://marc.info/?l=bugtraq&m=120361015026386&w=2
                            example.com

                            192.168.100.180

                              Service Version:

                              microsoft iis/7.0
                              cpe:/a:microsoft:iis:7.0
                              CVE-2008-0074 7.2

                              Description:

                              Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

                              References:

                              http://www.securityfocus.com/bid/27101
                              https://nvd.nist.gov/vuln/detail/CVE-2008-0074
                              http://www.securitytracker.com/id?1019384
                              example.com

                              192.168.100.181

                              • tspc.example.com

                              Service Version:

                              microsoft iis/7.0
                              cpe:/a:microsoft:iis:7.0
                              CVE-2008-0074 7.2

                              Description:

                              Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

                              References:

                              http://www.us-cert.gov/cas/techalerts/TA08-043C.html
                              http://www.vupen.com/english/advisories/2008/0507/references
                              http://marc.info/?l=bugtraq&m=120361015026386&w=2
                              example.com

                              192.168.100.184

                                Service Version:

                                microsoft iis/7.0
                                cpe:/a:microsoft:iis:7.0
                                CVE-2008-0074 7.2

                                Description:

                                Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

                                References:

                                http://www.securityfocus.com/bid/27101
                                https://nvd.nist.gov/vuln/detail/CVE-2008-0074
                                http://www.securitytracker.com/id?1019384
                                example.com

                                licensesonline.dcbs.example.com

                                  Service Version:

                                  microsoft iis/7.0
                                  cpe:/a:microsoft:iis:7.0
                                  CVE-2008-0074 7.2

                                  Description:

                                  Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

                                  References:

                                  http://www.us-cert.gov/cas/techalerts/TA08-043C.html
                                  http://www.vupen.com/english/advisories/2008/0507/references
                                  http://marc.info/?l=bugtraq&m=120361015026386&w=2
                                  example.com

                                  192.168.100.157

                                    Service Version:

                                    microsoft iis/7.0
                                    cpe:/a:microsoft:iis:7.0
                                    CVE-2008-1446 9.0

                                    Description:

                                    Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."

                                    References:

                                    http://www.us-cert.gov/cas/techalerts/TA08-288A.html
                                    http://www.kb.cert.org/vuls/id/793233
                                    http://www.securityfocus.com/bid/31682
                                    example.com

                                    192.168.100.158

                                      Service Version:

                                      microsoft iis/7.0
                                      cpe:/a:microsoft:iis:7.0
                                      CVE-2008-1446 9.0

                                      Description:

                                      Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."

                                      References:

                                      https://nvd.nist.gov/vuln/detail/CVE-2008-1446
                                      http://marc.info/?l=bugtraq&m=122479227205998&w=2
                                      http://www.securitytracker.com/id?1021048
                                      example.com

                                      192.168.100.159

                                        Service Version:

                                        microsoft iis/7.0
                                        cpe:/a:microsoft:iis:7.0
                                        CVE-2008-1446 9.0

                                        Description:

                                        Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."

                                        References:

                                        http://www.us-cert.gov/cas/techalerts/TA08-288A.html
                                        http://www.kb.cert.org/vuls/id/793233
                                        http://www.securityfocus.com/bid/31682
                                        example.com

                                        192.168.100.180

                                          Service Version:

                                          microsoft iis/7.0
                                          cpe:/a:microsoft:iis:7.0
                                          CVE-2008-1446 9.0

                                          Description:

                                          Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."

                                          References:

                                          https://nvd.nist.gov/vuln/detail/CVE-2008-1446
                                          http://marc.info/?l=bugtraq&m=122479227205998&w=2
                                          http://www.securitytracker.com/id?1021048
                                          example.com

                                          192.168.100.181

                                          • tspc.example.com

                                          Service Version:

                                          microsoft iis/7.0
                                          cpe:/a:microsoft:iis:7.0
                                          CVE-2008-1446 9.0

                                          Description:

                                          Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."

                                          References:

                                          http://www.us-cert.gov/cas/techalerts/TA08-288A.html
                                          http://www.kb.cert.org/vuls/id/793233
                                          http://www.securityfocus.com/bid/31682
                                          example.com

                                          192.168.100.184

                                            Service Version:

                                            microsoft iis/7.0
                                            cpe:/a:microsoft:iis:7.0
                                            CVE-2008-1446 9.0

                                            Description:

                                            Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."

                                            References:

                                            https://nvd.nist.gov/vuln/detail/CVE-2008-1446
                                            http://marc.info/?l=bugtraq&m=122479227205998&w=2
                                            http://www.securitytracker.com/id?1021048
                                            example.com

                                            192.168.114.17

                                              Service Version:

                                              microsoft iis/6.0
                                              cpe:/a:microsoft:iis:6.0
                                              CVE-2008-1446 9.0

                                              Description:

                                              Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."

                                              References:

                                              http://www.us-cert.gov/cas/techalerts/TA08-288A.html
                                              http://www.kb.cert.org/vuls/id/793233
                                              http://www.securityfocus.com/bid/31682
                                              example.com

                                              licensesonline.dcbs.example.com

                                                Service Version:

                                                microsoft iis/7.0
                                                cpe:/a:microsoft:iis:7.0
                                                CVE-2008-1446 9.0

                                                Description:

                                                Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."

                                                References:

                                                https://nvd.nist.gov/vuln/detail/CVE-2008-1446
                                                http://marc.info/?l=bugtraq&m=122479227205998&w=2
                                                http://www.securitytracker.com/id?1021048
                                                example.com

                                                192.168.114.17

                                                  Service Version:

                                                  microsoft iis/6.0
                                                  cpe:/a:microsoft:iis:6.0
                                                  CVE-2009-1535 7.6

                                                  Description:

                                                  The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.

                                                  References:

                                                  https://capec.mitre.org/data/definitions/115.html
                                                  https://nvd.nist.gov/vuln/detail/CVE-2009-1535
                                                  https://capec.mitre.org/data/definitions/57.html
                                                  example.com

                                                  192.168.114.17

                                                    Service Version:

                                                    microsoft iis/6.0
                                                    cpe:/a:microsoft:iis:6.0
                                                    CVE-2009-3023 9.3

                                                    Description:

                                                    Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."

                                                    References:

                                                    https://nvd.nist.gov/vuln/detail/CVE-2009-3023
                                                    https://capec.mitre.org/data/definitions/14.html
                                                    https://capec.mitre.org/data/definitions/44.html
                                                    example.com

                                                    192.168.100.157

                                                      Service Version:

                                                      microsoft iis/7.0
                                                      cpe:/a:microsoft:iis:7.0
                                                      CVE-2009-3555 5.8

                                                      Description:

                                                      The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

                                                      References:

                                                      http://www.redhat.com/support/errata/RHSA-2010-0987.html
                                                      http://www.redhat.com/support/errata/RHSA-2010-0986.html
                                                      http://www.redhat.com/support/errata/RHSA-2010-0865.html
                                                      example.com

                                                      192.168.100.158

                                                        Service Version:

                                                        microsoft iis/7.0
                                                        cpe:/a:microsoft:iis:7.0
                                                        CVE-2009-3555 5.8

                                                        Description:

                                                        The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

                                                        References:

                                                        http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
                                                        http://www.redhat.com/support/errata/RHSA-2011-0880.html
                                                        http://www.securityfocus.com/archive/1/522176
                                                        example.com

                                                        192.168.100.159

                                                          Service Version:

                                                          microsoft iis/7.0
                                                          cpe:/a:microsoft:iis:7.0
                                                          CVE-2009-3555 5.8

                                                          Description:

                                                          The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

                                                          References:

                                                          http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
                                                          http://www.securitytracker.com/id?1023204
                                                          http://www.securitytracker.com/id?1023163
                                                          example.com

                                                          192.168.100.180

                                                            Service Version:

                                                            microsoft iis/7.0
                                                            cpe:/a:microsoft:iis:7.0
                                                            CVE-2009-3555 5.8

                                                            Description:

                                                            The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

                                                            References:

                                                            http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
                                                            http://www.redhat.com/support/errata/RHSA-2011-0880.html
                                                            http://www.securityfocus.com/archive/1/522176
                                                            example.com

                                                            192.168.100.181

                                                            • tspc.example.com

                                                            Service Version:

                                                            microsoft iis/7.0
                                                            cpe:/a:microsoft:iis:7.0
                                                            CVE-2009-3555 5.8

                                                            Description:

                                                            The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

                                                            References:

                                                            http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
                                                            http://www.securitytracker.com/id?1023204
                                                            http://www.securitytracker.com/id?1023163
                                                            example.com

                                                            192.168.100.184

                                                              Service Version:

                                                              microsoft iis/7.0
                                                              cpe:/a:microsoft:iis:7.0
                                                              CVE-2009-3555 5.8

                                                              Description:

                                                              The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

                                                              References:

                                                              http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
                                                              http://www.redhat.com/support/errata/RHSA-2011-0880.html
                                                              http://www.securityfocus.com/archive/1/522176
                                                              example.com

                                                              licensesonline.dcbs.example.com

                                                                Service Version:

                                                                microsoft iis/7.0
                                                                cpe:/a:microsoft:iis:7.0
                                                                CVE-2009-3555 5.8

                                                                Description:

                                                                The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

                                                                References:

                                                                http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
                                                                http://www.securitytracker.com/id?1023204
                                                                http://www.securitytracker.com/id?1023163
                                                                example.com

                                                                192.168.114.17

                                                                  Service Version:

                                                                  microsoft iis/6.0
                                                                  cpe:/a:microsoft:iis:6.0
                                                                  CVE-2009-4444 6.0

                                                                  Description:

                                                                  Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension, followed by a semicolon and a safe extension, as demonstrated by the use of asp.dll to handle a .asp;.jpg file.

                                                                  References:

                                                                  http://www.vupen.com/english/advisories/2009/3634
                                                                  http://www.securityfocus.com/bid/37460
                                                                  http://soroush.secproject.com/downloadable/iis-semicolon-report.pdf
                                                                  example.com

                                                                  192.168.3.51

                                                                    Service Version:

                                                                    microsoft iis/7.5
                                                                    cpe:/a:microsoft:iis:7.5
                                                                    CVE-2010-1256 8.5

                                                                    Description:

                                                                    Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                    References:

                                                                    https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                    https://capec.mitre.org/data/definitions/77.html
                                                                    https://capec.mitre.org/data/definitions/35.html
                                                                    example.com

                                                                    192.168.17.12

                                                                      Service Version:

                                                                      microsoft iis/7.5
                                                                      cpe:/a:microsoft:iis:7.5
                                                                      CVE-2010-1256 8.5

                                                                      Description:

                                                                      Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                      References:

                                                                      http://www.securityfocus.com/bid/40573
                                                                      http://xforce.iss.net/xforce/xfdb/58864
                                                                      http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                      example.com

                                                                      192.168.34.217

                                                                        Service Version:

                                                                        microsoft iis/7.5
                                                                        cpe:/a:microsoft:iis:7.5
                                                                        CVE-2010-1256 8.5

                                                                        Description:

                                                                        Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                        References:

                                                                        https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                        https://capec.mitre.org/data/definitions/77.html
                                                                        https://capec.mitre.org/data/definitions/35.html
                                                                        example.com

                                                                        192.168.61.2

                                                                          Service Version:

                                                                          microsoft iis/7.5
                                                                          cpe:/a:microsoft:iis:7.5
                                                                          CVE-2010-1256 8.5

                                                                          Description:

                                                                          Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                          References:

                                                                          http://www.securityfocus.com/bid/40573
                                                                          http://xforce.iss.net/xforce/xfdb/58864
                                                                          http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                          example.com

                                                                          192.168.61.3

                                                                            Service Version:

                                                                            microsoft iis/7.5
                                                                            cpe:/a:microsoft:iis:7.5
                                                                            CVE-2010-1256 8.5

                                                                            Description:

                                                                            Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                            References:

                                                                            https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                            https://capec.mitre.org/data/definitions/77.html
                                                                            https://capec.mitre.org/data/definitions/35.html
                                                                            example.com

                                                                            192.168.66.8

                                                                              Service Version:

                                                                              microsoft iis/7.5
                                                                              cpe:/a:microsoft:iis:7.5
                                                                              CVE-2010-1256 8.5

                                                                              Description:

                                                                              Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                              References:

                                                                              http://www.securityfocus.com/bid/40573
                                                                              http://xforce.iss.net/xforce/xfdb/58864
                                                                              http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                              example.com

                                                                              192.168.66.29

                                                                                Service Version:

                                                                                microsoft iis/7.5
                                                                                cpe:/a:microsoft:iis:7.5
                                                                                CVE-2010-1256 8.5

                                                                                Description:

                                                                                Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                References:

                                                                                https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                                https://capec.mitre.org/data/definitions/77.html
                                                                                https://capec.mitre.org/data/definitions/35.html
                                                                                example.com

                                                                                192.168.86.10

                                                                                • email-archive.example.com

                                                                                Service Version:

                                                                                microsoft iis/7.5
                                                                                cpe:/a:microsoft:iis:7.5
                                                                                CVE-2010-1256 8.5

                                                                                Description:

                                                                                Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                References:

                                                                                http://www.securityfocus.com/bid/40573
                                                                                http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                                http://xforce.iss.net/xforce/xfdb/58864
                                                                                example.com

                                                                                192.168.86.14

                                                                                  Service Version:

                                                                                  microsoft iis/7.5
                                                                                  cpe:/a:microsoft:iis:7.5
                                                                                  CVE-2010-1256 8.5

                                                                                  Description:

                                                                                  Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                  References:

                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                                  https://capec.mitre.org/data/definitions/77.html
                                                                                  https://capec.mitre.org/data/definitions/35.html
                                                                                  example.com

                                                                                  192.168.87.22

                                                                                    Service Version:

                                                                                    microsoft iis/7.5
                                                                                    cpe:/a:microsoft:iis:7.5
                                                                                    CVE-2010-1256 8.5

                                                                                    Description:

                                                                                    Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                    References:

                                                                                    http://www.securityfocus.com/bid/40573
                                                                                    http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                                    http://xforce.iss.net/xforce/xfdb/58864
                                                                                    example.com

                                                                                    192.168.87.25

                                                                                      Service Version:

                                                                                      microsoft iis/7.5
                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                      CVE-2010-1256 8.5

                                                                                      Description:

                                                                                      Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                      References:

                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                                      https://capec.mitre.org/data/definitions/77.html
                                                                                      https://capec.mitre.org/data/definitions/35.html
                                                                                      example.com

                                                                                      192.168.87.26

                                                                                      • obop.example.com

                                                                                      Service Version:

                                                                                      microsoft iis/7.5
                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                      CVE-2010-1256 8.5

                                                                                      Description:

                                                                                      Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                      References:

                                                                                      http://www.securityfocus.com/bid/40573
                                                                                      http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                                      http://xforce.iss.net/xforce/xfdb/58864
                                                                                      example.com

                                                                                      192.168.89.89

                                                                                      • www.yourwater.example.com

                                                                                      Service Version:

                                                                                      microsoft iis/7.5
                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                      CVE-2010-1256 8.5

                                                                                      Description:

                                                                                      Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                      References:

                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                                      https://capec.mitre.org/data/definitions/77.html
                                                                                      https://capec.mitre.org/data/definitions/35.html
                                                                                      example.com

                                                                                      192.168.89.98

                                                                                        Service Version:

                                                                                        microsoft iis/7.5
                                                                                        cpe:/a:microsoft:iis:7.5
                                                                                        CVE-2010-1256 8.5

                                                                                        Description:

                                                                                        Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                        References:

                                                                                        http://www.securityfocus.com/bid/40573
                                                                                        http://xforce.iss.net/xforce/xfdb/58864
                                                                                        http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                                        example.com

                                                                                        192.168.89.108

                                                                                          Service Version:

                                                                                          microsoft iis/7.5
                                                                                          cpe:/a:microsoft:iis:7.5
                                                                                          CVE-2010-1256 8.5

                                                                                          Description:

                                                                                          Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                          References:

                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                                          https://capec.mitre.org/data/definitions/77.html
                                                                                          https://capec.mitre.org/data/definitions/35.html
                                                                                          example.com

                                                                                          192.168.89.109

                                                                                            Service Version:

                                                                                            microsoft iis/7.5
                                                                                            cpe:/a:microsoft:iis:7.5
                                                                                            CVE-2010-1256 8.5

                                                                                            Description:

                                                                                            Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                            References:

                                                                                            http://www.securityfocus.com/bid/40573
                                                                                            http://xforce.iss.net/xforce/xfdb/58864
                                                                                            http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                                            example.com

                                                                                            192.168.90.100

                                                                                            • billing.ets.example.com

                                                                                            Service Version:

                                                                                            microsoft iis/7.5
                                                                                            cpe:/a:microsoft:iis:7.5
                                                                                            CVE-2010-1256 8.5

                                                                                            Description:

                                                                                            Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                            References:

                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                                            https://capec.mitre.org/data/definitions/77.html
                                                                                            https://capec.mitre.org/data/definitions/35.html
                                                                                            example.com

                                                                                            192.168.100.104

                                                                                              Service Version:

                                                                                              microsoft iis/7.5
                                                                                              cpe:/a:microsoft:iis:7.5
                                                                                              CVE-2010-1256 8.5

                                                                                              Description:

                                                                                              Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                              References:

                                                                                              http://www.securityfocus.com/bid/40573
                                                                                              http://xforce.iss.net/xforce/xfdb/58864
                                                                                              http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                                              example.com

                                                                                              192.168.100.157

                                                                                                Service Version:

                                                                                                microsoft iis/7.0
                                                                                                cpe:/a:microsoft:iis:7.0
                                                                                                CVE-2010-1256 8.5

                                                                                                Description:

                                                                                                Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                References:

                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                                                https://capec.mitre.org/data/definitions/77.html
                                                                                                https://capec.mitre.org/data/definitions/35.html
                                                                                                example.com

                                                                                                192.168.100.158

                                                                                                  Service Version:

                                                                                                  microsoft iis/7.0
                                                                                                  cpe:/a:microsoft:iis:7.0
                                                                                                  CVE-2010-1256 8.5

                                                                                                  Description:

                                                                                                  Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                  References:

                                                                                                  http://www.securityfocus.com/bid/40573
                                                                                                  http://xforce.iss.net/xforce/xfdb/58864
                                                                                                  http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                                                  example.com

                                                                                                  192.168.100.159

                                                                                                    Service Version:

                                                                                                    microsoft iis/7.0
                                                                                                    cpe:/a:microsoft:iis:7.0
                                                                                                    CVE-2010-1256 8.5

                                                                                                    Description:

                                                                                                    Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                    References:

                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                                                    https://capec.mitre.org/data/definitions/77.html
                                                                                                    https://capec.mitre.org/data/definitions/35.html
                                                                                                    example.com

                                                                                                    192.168.100.164

                                                                                                      Service Version:

                                                                                                      microsoft iis/7.5
                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                      CVE-2010-1256 8.5

                                                                                                      Description:

                                                                                                      Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                      References:

                                                                                                      http://www.securityfocus.com/bid/40573
                                                                                                      http://xforce.iss.net/xforce/xfdb/58864
                                                                                                      http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                                                      example.com

                                                                                                      192.168.100.178

                                                                                                      • ilearn-test.example.com

                                                                                                      Service Version:

                                                                                                      microsoft iis/7.5
                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                      CVE-2010-1256 8.5

                                                                                                      Description:

                                                                                                      Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                      References:

                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                                                      https://capec.mitre.org/data/definitions/77.html
                                                                                                      https://capec.mitre.org/data/definitions/35.html
                                                                                                      example.com

                                                                                                      192.168.100.180

                                                                                                        Service Version:

                                                                                                        microsoft iis/7.0
                                                                                                        cpe:/a:microsoft:iis:7.0
                                                                                                        CVE-2010-1256 8.5

                                                                                                        Description:

                                                                                                        Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                        References:

                                                                                                        http://www.securityfocus.com/bid/40573
                                                                                                        http://xforce.iss.net/xforce/xfdb/58864
                                                                                                        http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                                                        example.com

                                                                                                        192.168.100.181

                                                                                                        • tspc.example.com

                                                                                                        Service Version:

                                                                                                        microsoft iis/7.0
                                                                                                        cpe:/a:microsoft:iis:7.0
                                                                                                        CVE-2010-1256 8.5

                                                                                                        Description:

                                                                                                        Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                        References:

                                                                                                        https://capec.mitre.org/data/definitions/77.html
                                                                                                        https://capec.mitre.org/data/definitions/35.html
                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                                                        example.com

                                                                                                        192.168.100.184

                                                                                                          Service Version:

                                                                                                          microsoft iis/7.0
                                                                                                          cpe:/a:microsoft:iis:7.0
                                                                                                          CVE-2010-1256 8.5

                                                                                                          Description:

                                                                                                          Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                          References:

                                                                                                          http://www.securityfocus.com/bid/40573
                                                                                                          http://xforce.iss.net/xforce/xfdb/58864
                                                                                                          http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                                                          example.com

                                                                                                          192.168.101.6

                                                                                                            Service Version:

                                                                                                            microsoft iis/7.5
                                                                                                            cpe:/a:microsoft:iis:7.5
                                                                                                            CVE-2010-1256 8.5

                                                                                                            Description:

                                                                                                            Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                            References:

                                                                                                            https://capec.mitre.org/data/definitions/77.html
                                                                                                            https://capec.mitre.org/data/definitions/35.html
                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                                                            example.com

                                                                                                            192.168.110.22

                                                                                                            • broadband.example.com

                                                                                                            Service Version:

                                                                                                            microsoft iis/7.5
                                                                                                            cpe:/a:microsoft:iis:7.5
                                                                                                            CVE-2010-1256 8.5

                                                                                                            Description:

                                                                                                            Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                            References:

                                                                                                            http://www.securityfocus.com/bid/40573
                                                                                                            http://xforce.iss.net/xforce/xfdb/58864
                                                                                                            http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                                                            example.com

                                                                                                            192.168.110.30

                                                                                                              Service Version:

                                                                                                              microsoft iis/7.5
                                                                                                              cpe:/a:microsoft:iis:7.5
                                                                                                              CVE-2010-1256 8.5

                                                                                                              Description:

                                                                                                              Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                              References:

                                                                                                              https://capec.mitre.org/data/definitions/77.html
                                                                                                              https://capec.mitre.org/data/definitions/35.html
                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                                                              example.com

                                                                                                              192.168.110.31

                                                                                                                Service Version:

                                                                                                                microsoft iis/7.5
                                                                                                                cpe:/a:microsoft:iis:7.5
                                                                                                                CVE-2010-1256 8.5

                                                                                                                Description:

                                                                                                                Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                                References:

                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                                                                https://capec.mitre.org/data/definitions/35.html
                                                                                                                https://capec.mitre.org/data/definitions/77.html
                                                                                                                example.com

                                                                                                                192.168.110.136

                                                                                                                • inside.das.example.com

                                                                                                                Service Version:

                                                                                                                microsoft iis/7.5
                                                                                                                cpe:/a:microsoft:iis:7.5
                                                                                                                CVE-2010-1256 8.5

                                                                                                                Description:

                                                                                                                Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                                References:

                                                                                                                http://www.us-cert.gov/cas/techalerts/TA10-159B.html
                                                                                                                http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                                                                http://xforce.iss.net/xforce/xfdb/58864
                                                                                                                example.com

                                                                                                                192.168.113.15

                                                                                                                  Service Version:

                                                                                                                  microsoft iis/7.5
                                                                                                                  cpe:/a:microsoft:iis:7.5
                                                                                                                  CVE-2010-1256 8.5

                                                                                                                  Description:

                                                                                                                  Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                                  References:

                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                                                                  https://capec.mitre.org/data/definitions/35.html
                                                                                                                  https://capec.mitre.org/data/definitions/77.html
                                                                                                                  example.com

                                                                                                                  192.168.113.242

                                                                                                                    Service Version:

                                                                                                                    microsoft iis/7.5
                                                                                                                    cpe:/a:microsoft:iis:7.5
                                                                                                                    CVE-2010-1256 8.5

                                                                                                                    Description:

                                                                                                                    Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                                    References:

                                                                                                                    http://www.us-cert.gov/cas/techalerts/TA10-159B.html
                                                                                                                    http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                                                                    http://xforce.iss.net/xforce/xfdb/58864
                                                                                                                    example.com

                                                                                                                    192.168.113.254

                                                                                                                      Service Version:

                                                                                                                      microsoft iis/7.5
                                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                                      CVE-2010-1256 8.5

                                                                                                                      Description:

                                                                                                                      Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                                      References:

                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                                                                      https://capec.mitre.org/data/definitions/35.html
                                                                                                                      https://capec.mitre.org/data/definitions/77.html
                                                                                                                      example.com

                                                                                                                      192.168.114.17

                                                                                                                        Service Version:

                                                                                                                        microsoft iis/6.0
                                                                                                                        cpe:/a:microsoft:iis:6.0
                                                                                                                        CVE-2010-1256 8.5

                                                                                                                        Description:

                                                                                                                        Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                                        References:

                                                                                                                        http://www.us-cert.gov/cas/techalerts/TA10-159B.html
                                                                                                                        http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                                                                        http://xforce.iss.net/xforce/xfdb/58864
                                                                                                                        example.com

                                                                                                                        licensesonline.dcbs.example.com

                                                                                                                          Service Version:

                                                                                                                          microsoft iis/7.0
                                                                                                                          cpe:/a:microsoft:iis:7.0
                                                                                                                          CVE-2010-1256 8.5

                                                                                                                          Description:

                                                                                                                          Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                                          References:

                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                                                                          https://capec.mitre.org/data/definitions/35.html
                                                                                                                          https://capec.mitre.org/data/definitions/77.html
                                                                                                                          example.com

                                                                                                                          crimstest.example.com

                                                                                                                            Service Version:

                                                                                                                            microsoft iis/7.5
                                                                                                                            cpe:/a:microsoft:iis:7.5
                                                                                                                            CVE-2010-1256 8.5

                                                                                                                            Description:

                                                                                                                            Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                                            References:

                                                                                                                            http://www.us-cert.gov/cas/techalerts/TA10-159B.html
                                                                                                                            http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                                                                            http://xforce.iss.net/xforce/xfdb/58864
                                                                                                                            example.com

                                                                                                                            crims.example.com

                                                                                                                              Service Version:

                                                                                                                              microsoft iis/7.5
                                                                                                                              cpe:/a:microsoft:iis:7.5
                                                                                                                              CVE-2010-1256 8.5

                                                                                                                              Description:

                                                                                                                              Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                                              References:

                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                                                                              https://capec.mitre.org/data/definitions/35.html
                                                                                                                              https://capec.mitre.org/data/definitions/77.html
                                                                                                                              example.com

                                                                                                                              ommpsystem.example.com

                                                                                                                                Service Version:

                                                                                                                                microsoft iis/7.5
                                                                                                                                cpe:/a:microsoft:iis:7.5
                                                                                                                                CVE-2010-1256 8.5

                                                                                                                                Description:

                                                                                                                                Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                                                References:

                                                                                                                                http://www.us-cert.gov/cas/techalerts/TA10-159B.html
                                                                                                                                http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
                                                                                                                                http://xforce.iss.net/xforce/xfdb/58864
                                                                                                                                example.com

                                                                                                                                mmdapply.example.com

                                                                                                                                  Service Version:

                                                                                                                                  microsoft iis/7.5
                                                                                                                                  cpe:/a:microsoft:iis:7.5
                                                                                                                                  CVE-2010-1256 8.5

                                                                                                                                  Description:

                                                                                                                                  Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

                                                                                                                                  References:

                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2010-1256
                                                                                                                                  https://capec.mitre.org/data/definitions/35.html
                                                                                                                                  https://capec.mitre.org/data/definitions/77.html
                                                                                                                                  example.com

                                                                                                                                  192.168.3.51

                                                                                                                                    Service Version:

                                                                                                                                    microsoft iis/7.5
                                                                                                                                    cpe:/a:microsoft:iis:7.5
                                                                                                                                    CVE-2010-1899 4.3

                                                                                                                                    Description:

                                                                                                                                    Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                    References:

                                                                                                                                    http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                    https://capec.mitre.org/data/definitions/24.html
                                                                                                                                    example.com

                                                                                                                                    192.168.17.12

                                                                                                                                      Service Version:

                                                                                                                                      microsoft iis/7.5
                                                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                                                      CVE-2010-1899 4.3

                                                                                                                                      Description:

                                                                                                                                      Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                      References:

                                                                                                                                      http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                      https://capec.mitre.org/data/definitions/8.html
                                                                                                                                      https://capec.mitre.org/data/definitions/42.html
                                                                                                                                      example.com

                                                                                                                                      192.168.34.217

                                                                                                                                        Service Version:

                                                                                                                                        microsoft iis/7.5
                                                                                                                                        cpe:/a:microsoft:iis:7.5
                                                                                                                                        CVE-2010-1899 4.3

                                                                                                                                        Description:

                                                                                                                                        Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                        References:

                                                                                                                                        http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                        https://capec.mitre.org/data/definitions/24.html
                                                                                                                                        example.com

                                                                                                                                        192.168.61.2

                                                                                                                                          Service Version:

                                                                                                                                          microsoft iis/7.5
                                                                                                                                          cpe:/a:microsoft:iis:7.5
                                                                                                                                          CVE-2010-1899 4.3

                                                                                                                                          Description:

                                                                                                                                          Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                          References:

                                                                                                                                          http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                          https://capec.mitre.org/data/definitions/8.html
                                                                                                                                          https://capec.mitre.org/data/definitions/42.html
                                                                                                                                          example.com

                                                                                                                                          192.168.61.3

                                                                                                                                            Service Version:

                                                                                                                                            microsoft iis/7.5
                                                                                                                                            cpe:/a:microsoft:iis:7.5
                                                                                                                                            CVE-2010-1899 4.3

                                                                                                                                            Description:

                                                                                                                                            Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                            References:

                                                                                                                                            http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                            https://capec.mitre.org/data/definitions/24.html
                                                                                                                                            example.com

                                                                                                                                            192.168.66.8

                                                                                                                                              Service Version:

                                                                                                                                              microsoft iis/7.5
                                                                                                                                              cpe:/a:microsoft:iis:7.5
                                                                                                                                              CVE-2010-1899 4.3

                                                                                                                                              Description:

                                                                                                                                              Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                              References:

                                                                                                                                              http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                              https://capec.mitre.org/data/definitions/8.html
                                                                                                                                              https://capec.mitre.org/data/definitions/42.html
                                                                                                                                              example.com

                                                                                                                                              192.168.66.29

                                                                                                                                                Service Version:

                                                                                                                                                microsoft iis/7.5
                                                                                                                                                cpe:/a:microsoft:iis:7.5
                                                                                                                                                CVE-2010-1899 4.3

                                                                                                                                                Description:

                                                                                                                                                Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                References:

                                                                                                                                                http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                                https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                example.com

                                                                                                                                                192.168.86.10

                                                                                                                                                • email-archive.example.com

                                                                                                                                                Service Version:

                                                                                                                                                microsoft iis/7.5
                                                                                                                                                cpe:/a:microsoft:iis:7.5
                                                                                                                                                CVE-2010-1899 4.3

                                                                                                                                                Description:

                                                                                                                                                Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                References:

                                                                                                                                                http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                https://capec.mitre.org/data/definitions/42.html
                                                                                                                                                example.com

                                                                                                                                                192.168.86.14

                                                                                                                                                  Service Version:

                                                                                                                                                  microsoft iis/7.5
                                                                                                                                                  cpe:/a:microsoft:iis:7.5
                                                                                                                                                  CVE-2010-1899 4.3

                                                                                                                                                  Description:

                                                                                                                                                  Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                  References:

                                                                                                                                                  http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                                  https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                  example.com

                                                                                                                                                  192.168.87.22

                                                                                                                                                    Service Version:

                                                                                                                                                    microsoft iis/7.5
                                                                                                                                                    cpe:/a:microsoft:iis:7.5
                                                                                                                                                    CVE-2010-1899 4.3

                                                                                                                                                    Description:

                                                                                                                                                    Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                    References:

                                                                                                                                                    http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                    https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                    https://capec.mitre.org/data/definitions/42.html
                                                                                                                                                    example.com

                                                                                                                                                    192.168.87.25

                                                                                                                                                      Service Version:

                                                                                                                                                      microsoft iis/7.5
                                                                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                                                                      CVE-2010-1899 4.3

                                                                                                                                                      Description:

                                                                                                                                                      Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                      References:

                                                                                                                                                      http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                                      https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                      example.com

                                                                                                                                                      192.168.87.26

                                                                                                                                                      • obop.example.com

                                                                                                                                                      Service Version:

                                                                                                                                                      microsoft iis/7.5
                                                                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                                                                      CVE-2010-1899 4.3

                                                                                                                                                      Description:

                                                                                                                                                      Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                      References:

                                                                                                                                                      http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                      https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                      https://capec.mitre.org/data/definitions/42.html
                                                                                                                                                      example.com

                                                                                                                                                      192.168.89.89

                                                                                                                                                      • www.yourwater.example.com

                                                                                                                                                      Service Version:

                                                                                                                                                      microsoft iis/7.5
                                                                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                                                                      CVE-2010-1899 4.3

                                                                                                                                                      Description:

                                                                                                                                                      Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                      References:

                                                                                                                                                      http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                                      https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                      example.com

                                                                                                                                                      192.168.89.98

                                                                                                                                                        Service Version:

                                                                                                                                                        microsoft iis/7.5
                                                                                                                                                        cpe:/a:microsoft:iis:7.5
                                                                                                                                                        CVE-2010-1899 4.3

                                                                                                                                                        Description:

                                                                                                                                                        Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                        References:

                                                                                                                                                        http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                        https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                        https://capec.mitre.org/data/definitions/42.html
                                                                                                                                                        example.com

                                                                                                                                                        192.168.89.108

                                                                                                                                                          Service Version:

                                                                                                                                                          microsoft iis/7.5
                                                                                                                                                          cpe:/a:microsoft:iis:7.5
                                                                                                                                                          CVE-2010-1899 4.3

                                                                                                                                                          Description:

                                                                                                                                                          Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                          References:

                                                                                                                                                          http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                                          https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                          example.com

                                                                                                                                                          192.168.89.109

                                                                                                                                                            Service Version:

                                                                                                                                                            microsoft iis/7.5
                                                                                                                                                            cpe:/a:microsoft:iis:7.5
                                                                                                                                                            CVE-2010-1899 4.3

                                                                                                                                                            Description:

                                                                                                                                                            Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                            References:

                                                                                                                                                            http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                            https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                            https://capec.mitre.org/data/definitions/42.html
                                                                                                                                                            example.com

                                                                                                                                                            192.168.90.100

                                                                                                                                                            • billing.ets.example.com

                                                                                                                                                            Service Version:

                                                                                                                                                            microsoft iis/7.5
                                                                                                                                                            cpe:/a:microsoft:iis:7.5
                                                                                                                                                            CVE-2010-1899 4.3

                                                                                                                                                            Description:

                                                                                                                                                            Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                            References:

                                                                                                                                                            http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                                            https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                            example.com

                                                                                                                                                            192.168.100.104

                                                                                                                                                              Service Version:

                                                                                                                                                              microsoft iis/7.5
                                                                                                                                                              cpe:/a:microsoft:iis:7.5
                                                                                                                                                              CVE-2010-1899 4.3

                                                                                                                                                              Description:

                                                                                                                                                              Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                              References:

                                                                                                                                                              http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                              https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                              https://capec.mitre.org/data/definitions/42.html
                                                                                                                                                              example.com

                                                                                                                                                              192.168.100.157

                                                                                                                                                                Service Version:

                                                                                                                                                                microsoft iis/7.0
                                                                                                                                                                cpe:/a:microsoft:iis:7.0
                                                                                                                                                                CVE-2010-1899 4.3

                                                                                                                                                                Description:

                                                                                                                                                                Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                References:

                                                                                                                                                                http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                                                https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                example.com

                                                                                                                                                                192.168.100.158

                                                                                                                                                                  Service Version:

                                                                                                                                                                  microsoft iis/7.0
                                                                                                                                                                  cpe:/a:microsoft:iis:7.0
                                                                                                                                                                  CVE-2010-1899 4.3

                                                                                                                                                                  Description:

                                                                                                                                                                  Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                  References:

                                                                                                                                                                  http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                  https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                  https://capec.mitre.org/data/definitions/42.html
                                                                                                                                                                  example.com

                                                                                                                                                                  192.168.100.159

                                                                                                                                                                    Service Version:

                                                                                                                                                                    microsoft iis/7.0
                                                                                                                                                                    cpe:/a:microsoft:iis:7.0
                                                                                                                                                                    CVE-2010-1899 4.3

                                                                                                                                                                    Description:

                                                                                                                                                                    Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                    References:

                                                                                                                                                                    http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                                                    https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                    example.com

                                                                                                                                                                    192.168.100.164

                                                                                                                                                                      Service Version:

                                                                                                                                                                      microsoft iis/7.5
                                                                                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                                                                                      CVE-2010-1899 4.3

                                                                                                                                                                      Description:

                                                                                                                                                                      Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                      References:

                                                                                                                                                                      http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                      https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                      https://capec.mitre.org/data/definitions/42.html
                                                                                                                                                                      example.com

                                                                                                                                                                      192.168.100.178

                                                                                                                                                                      • ilearn-test.example.com

                                                                                                                                                                      Service Version:

                                                                                                                                                                      microsoft iis/7.5
                                                                                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                                                                                      CVE-2010-1899 4.3

                                                                                                                                                                      Description:

                                                                                                                                                                      Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                      References:

                                                                                                                                                                      http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                                                      https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                      example.com

                                                                                                                                                                      192.168.100.180

                                                                                                                                                                        Service Version:

                                                                                                                                                                        microsoft iis/7.0
                                                                                                                                                                        cpe:/a:microsoft:iis:7.0
                                                                                                                                                                        CVE-2010-1899 4.3

                                                                                                                                                                        Description:

                                                                                                                                                                        Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                        References:

                                                                                                                                                                        http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                        https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                        https://capec.mitre.org/data/definitions/42.html
                                                                                                                                                                        example.com

                                                                                                                                                                        192.168.100.181

                                                                                                                                                                        • tspc.example.com

                                                                                                                                                                        Service Version:

                                                                                                                                                                        microsoft iis/7.0
                                                                                                                                                                        cpe:/a:microsoft:iis:7.0
                                                                                                                                                                        CVE-2010-1899 4.3

                                                                                                                                                                        Description:

                                                                                                                                                                        Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                        References:

                                                                                                                                                                        http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                                                        https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                        example.com

                                                                                                                                                                        192.168.100.184

                                                                                                                                                                          Service Version:

                                                                                                                                                                          microsoft iis/7.0
                                                                                                                                                                          cpe:/a:microsoft:iis:7.0
                                                                                                                                                                          CVE-2010-1899 4.3

                                                                                                                                                                          Description:

                                                                                                                                                                          Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                          References:

                                                                                                                                                                          https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                                                          http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                          example.com

                                                                                                                                                                          192.168.101.6

                                                                                                                                                                            Service Version:

                                                                                                                                                                            microsoft iis/7.5
                                                                                                                                                                            cpe:/a:microsoft:iis:7.5
                                                                                                                                                                            CVE-2010-1899 4.3

                                                                                                                                                                            Description:

                                                                                                                                                                            Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                            References:

                                                                                                                                                                            http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                                                            https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                            example.com

                                                                                                                                                                            192.168.110.22

                                                                                                                                                                            • broadband.example.com

                                                                                                                                                                            Service Version:

                                                                                                                                                                            microsoft iis/7.5
                                                                                                                                                                            cpe:/a:microsoft:iis:7.5
                                                                                                                                                                            CVE-2010-1899 4.3

                                                                                                                                                                            Description:

                                                                                                                                                                            Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                            References:

                                                                                                                                                                            http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                            https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                            https://capec.mitre.org/data/definitions/42.html
                                                                                                                                                                            example.com

                                                                                                                                                                            192.168.110.30

                                                                                                                                                                              Service Version:

                                                                                                                                                                              microsoft iis/7.5
                                                                                                                                                                              cpe:/a:microsoft:iis:7.5
                                                                                                                                                                              CVE-2010-1899 4.3

                                                                                                                                                                              Description:

                                                                                                                                                                              Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                              References:

                                                                                                                                                                              http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                                                              https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                              example.com

                                                                                                                                                                              192.168.110.31

                                                                                                                                                                                Service Version:

                                                                                                                                                                                microsoft iis/7.5
                                                                                                                                                                                cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                CVE-2010-1899 4.3

                                                                                                                                                                                Description:

                                                                                                                                                                                Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                                References:

                                                                                                                                                                                http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                                https://capec.mitre.org/data/definitions/42.html
                                                                                                                                                                                example.com

                                                                                                                                                                                192.168.110.136

                                                                                                                                                                                • inside.das.example.com

                                                                                                                                                                                Service Version:

                                                                                                                                                                                microsoft iis/7.5
                                                                                                                                                                                cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                CVE-2010-1899 4.3

                                                                                                                                                                                Description:

                                                                                                                                                                                Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                                References:

                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                                                                https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                                example.com

                                                                                                                                                                                192.168.113.15

                                                                                                                                                                                  Service Version:

                                                                                                                                                                                  microsoft iis/7.5
                                                                                                                                                                                  cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                  CVE-2010-1899 4.3

                                                                                                                                                                                  Description:

                                                                                                                                                                                  Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                                  References:

                                                                                                                                                                                  http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                  https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                                  https://capec.mitre.org/data/definitions/42.html
                                                                                                                                                                                  example.com

                                                                                                                                                                                  192.168.113.242

                                                                                                                                                                                    Service Version:

                                                                                                                                                                                    microsoft iis/7.5
                                                                                                                                                                                    cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                    CVE-2010-1899 4.3

                                                                                                                                                                                    Description:

                                                                                                                                                                                    Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                                    References:

                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                                                                    https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                    http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                                    example.com

                                                                                                                                                                                    192.168.113.254

                                                                                                                                                                                      Service Version:

                                                                                                                                                                                      microsoft iis/7.5
                                                                                                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                      CVE-2010-1899 4.3

                                                                                                                                                                                      Description:

                                                                                                                                                                                      Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                                      References:

                                                                                                                                                                                      http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                      https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                                      https://capec.mitre.org/data/definitions/42.html
                                                                                                                                                                                      example.com

                                                                                                                                                                                      192.168.114.17

                                                                                                                                                                                        Service Version:

                                                                                                                                                                                        microsoft iis/6.0
                                                                                                                                                                                        cpe:/a:microsoft:iis:6.0
                                                                                                                                                                                        CVE-2010-1899 4.3

                                                                                                                                                                                        Description:

                                                                                                                                                                                        Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                                        References:

                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                                                                        https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                        http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                                        example.com

                                                                                                                                                                                        licensesonline.dcbs.example.com

                                                                                                                                                                                          Service Version:

                                                                                                                                                                                          microsoft iis/7.0
                                                                                                                                                                                          cpe:/a:microsoft:iis:7.0
                                                                                                                                                                                          CVE-2010-1899 4.3

                                                                                                                                                                                          Description:

                                                                                                                                                                                          Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                                          References:

                                                                                                                                                                                          http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                          https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                                          https://capec.mitre.org/data/definitions/42.html
                                                                                                                                                                                          example.com

                                                                                                                                                                                          crimstest.example.com

                                                                                                                                                                                            Service Version:

                                                                                                                                                                                            microsoft iis/7.5
                                                                                                                                                                                            cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                            CVE-2010-1899 4.3

                                                                                                                                                                                            Description:

                                                                                                                                                                                            Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                                            References:

                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                                                                            https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                            http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                                            example.com

                                                                                                                                                                                            crims.example.com

                                                                                                                                                                                              Service Version:

                                                                                                                                                                                              microsoft iis/7.5
                                                                                                                                                                                              cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                              CVE-2010-1899 4.3

                                                                                                                                                                                              Description:

                                                                                                                                                                                              Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                                              References:

                                                                                                                                                                                              http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                              https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                                              https://capec.mitre.org/data/definitions/42.html
                                                                                                                                                                                              example.com

                                                                                                                                                                                              ommpsystem.example.com

                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                microsoft iis/7.5
                                                                                                                                                                                                cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                CVE-2010-1899 4.3

                                                                                                                                                                                                Description:

                                                                                                                                                                                                Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                                                References:

                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2010-1899
                                                                                                                                                                                                https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                                                example.com

                                                                                                                                                                                                mmdapply.example.com

                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                  microsoft iis/7.5
                                                                                                                                                                                                  cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                  CVE-2010-1899 4.3

                                                                                                                                                                                                  Description:

                                                                                                                                                                                                  Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

                                                                                                                                                                                                  References:

                                                                                                                                                                                                  http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/42.html
                                                                                                                                                                                                  example.com

                                                                                                                                                                                                  192.168.3.51

                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                    microsoft iis/7.5
                                                                                                                                                                                                    cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                    CVE-2010-2730 9.3

                                                                                                                                                                                                    Description:

                                                                                                                                                                                                    Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                    References:

                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2010-2730
                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                    example.com

                                                                                                                                                                                                    192.168.17.12

                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                      microsoft iis/7.5
                                                                                                                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                      CVE-2010-2730 9.3

                                                                                                                                                                                                      Description:

                                                                                                                                                                                                      Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                      References:

                                                                                                                                                                                                      http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                                                      http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                                                      example.com

                                                                                                                                                                                                      192.168.34.217

                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                        microsoft iis/7.5
                                                                                                                                                                                                        cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                        CVE-2010-2730 9.3

                                                                                                                                                                                                        Description:

                                                                                                                                                                                                        Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                        References:

                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2010-2730
                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                        example.com

                                                                                                                                                                                                        192.168.61.2

                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                          microsoft iis/7.5
                                                                                                                                                                                                          cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                          CVE-2010-2730 9.3

                                                                                                                                                                                                          Description:

                                                                                                                                                                                                          Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                          References:

                                                                                                                                                                                                          http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                                                          http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                                                          example.com

                                                                                                                                                                                                          192.168.61.3

                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                            microsoft iis/7.5
                                                                                                                                                                                                            cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                            CVE-2010-2730 9.3

                                                                                                                                                                                                            Description:

                                                                                                                                                                                                            Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                            References:

                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2010-2730
                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                            example.com

                                                                                                                                                                                                            192.168.66.8

                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                              microsoft iis/7.5
                                                                                                                                                                                                              cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                              CVE-2010-2730 9.3

                                                                                                                                                                                                              Description:

                                                                                                                                                                                                              Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                              References:

                                                                                                                                                                                                              http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                                                              http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                                                              example.com

                                                                                                                                                                                                              192.168.66.29

                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                microsoft iis/7.5
                                                                                                                                                                                                                cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                CVE-2010-2730 9.3

                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                References:

                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2010-2730
                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                192.168.86.10

                                                                                                                                                                                                                • email-archive.example.com

                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                microsoft iis/7.5
                                                                                                                                                                                                                cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                CVE-2010-2730 9.3

                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                References:

                                                                                                                                                                                                                http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                                                                http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                192.168.86.14

                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                  microsoft iis/7.5
                                                                                                                                                                                                                  cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                  CVE-2010-2730 9.3

                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                  Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2010-2730
                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                  192.168.87.22

                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                    microsoft iis/7.5
                                                                                                                                                                                                                    cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                    CVE-2010-2730 9.3

                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                    Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                    http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                                                                    http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                    192.168.87.25

                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                      microsoft iis/7.5
                                                                                                                                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                      CVE-2010-2730 9.3

                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                      Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2010-2730
                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                      192.168.87.26

                                                                                                                                                                                                                      • obop.example.com

                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                      microsoft iis/7.5
                                                                                                                                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                      CVE-2010-2730 9.3

                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                      Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                      http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                                                                      http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                      192.168.89.89

                                                                                                                                                                                                                      • www.yourwater.example.com

                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                      microsoft iis/7.5
                                                                                                                                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                      CVE-2010-2730 9.3

                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                      Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2010-2730
                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                      192.168.89.98

                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                        microsoft iis/7.5
                                                                                                                                                                                                                        cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                        CVE-2010-2730 9.3

                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                        Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                        http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                                                                        http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                        192.168.89.108

                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                          microsoft iis/7.5
                                                                                                                                                                                                                          cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                          CVE-2010-2730 9.3

                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                          Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2010-2730
                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                          192.168.89.109

                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                            microsoft iis/7.5
                                                                                                                                                                                                                            cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                            CVE-2010-2730 9.3

                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                            Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2010-2730
                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/46.html
                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                            192.168.90.100

                                                                                                                                                                                                                            • billing.ets.example.com

                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                            microsoft iis/7.5
                                                                                                                                                                                                                            cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                            CVE-2010-2730 9.3

                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                            Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                            http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/14.html
                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                            192.168.100.104

                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                              microsoft iis/7.5
                                                                                                                                                                                                                              cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                              CVE-2010-2730 9.3

                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                              Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2010-2730
                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/46.html
                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                              192.168.100.164

                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                microsoft iis/7.5
                                                                                                                                                                                                                                cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                CVE-2010-2730 9.3

                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/14.html
                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/44.html
                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                192.168.100.178

                                                                                                                                                                                                                                • ilearn-test.example.com

                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                microsoft iis/7.5
                                                                                                                                                                                                                                cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                CVE-2010-2730 9.3

                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2010-2730
                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/46.html
                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                192.168.101.6

                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                  microsoft iis/7.5
                                                                                                                                                                                                                                  cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                  CVE-2010-2730 9.3

                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                  Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/14.html
                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/44.html
                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                  192.168.110.22

                                                                                                                                                                                                                                  • broadband.example.com

                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                  microsoft iis/7.5
                                                                                                                                                                                                                                  cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                  CVE-2010-2730 9.3

                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                  Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2010-2730
                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/46.html
                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                  192.168.110.30

                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                    microsoft iis/7.5
                                                                                                                                                                                                                                    cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                    CVE-2010-2730 9.3

                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                    Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/14.html
                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/44.html
                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                    192.168.110.31

                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                      microsoft iis/7.5
                                                                                                                                                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                      CVE-2010-2730 9.3

                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                      Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2010-2730
                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/46.html
                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                      192.168.110.136

                                                                                                                                                                                                                                      • inside.das.example.com

                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                      microsoft iis/7.5
                                                                                                                                                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                      CVE-2010-2730 9.3

                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                      Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/14.html
                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/44.html
                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                      192.168.113.15

                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                        microsoft iis/7.5
                                                                                                                                                                                                                                        cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                        CVE-2010-2730 9.3

                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                        Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2010-2730
                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/46.html
                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                        192.168.113.242

                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                          microsoft iis/7.5
                                                                                                                                                                                                                                          cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                          CVE-2010-2730 9.3

                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                          Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/14.html
                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/44.html
                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                          192.168.113.254

                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                            microsoft iis/7.5
                                                                                                                                                                                                                                            cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                            CVE-2010-2730 9.3

                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                            Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2010-2730
                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/46.html
                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                            crimstest.example.com

                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                              microsoft iis/7.5
                                                                                                                                                                                                                                              cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                              CVE-2010-2730 9.3

                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                              Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/14.html
                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/44.html
                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                              crims.example.com

                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                microsoft iis/7.5
                                                                                                                                                                                                                                                cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                CVE-2010-2730 9.3

                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2010-2730
                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/46.html
                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                ommpsystem.example.com

                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                  microsoft iis/7.5
                                                                                                                                                                                                                                                  cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                  CVE-2010-2730 9.3

                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                  Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/14.html
                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/44.html
                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/100.html
                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                  mmdapply.example.com

                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                    microsoft iis/7.5
                                                                                                                                                                                                                                                    cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                    CVE-2010-2730 9.3

                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                    Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2010-2730
                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/46.html
                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                    192.168.3.51

                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                      microsoft iis/7.5
                                                                                                                                                                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                      CVE-2010-3972 10.0

                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                      Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2010-3972
                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                      192.168.17.12

                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                        microsoft iis/7.5
                                                                                                                                                                                                                                                        cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                        CVE-2010-3972 10.0

                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                        Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                        http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
                                                                                                                                                                                                                                                        http://www.exploit-db.com/exploits/15803
                                                                                                                                                                                                                                                        http://www.microsoft.com/technet/security/Bulletin/MS11-004.mspx
                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                        192.168.34.217

                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                          microsoft iis/7.5
                                                                                                                                                                                                                                                          cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                          CVE-2010-3972 10.0

                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                          Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2010-3972
                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                          192.168.61.2

                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                            microsoft iis/7.5
                                                                                                                                                                                                                                                            cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                            CVE-2010-3972 10.0

                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                            Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                            http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
                                                                                                                                                                                                                                                            http://www.exploit-db.com/exploits/15803
                                                                                                                                                                                                                                                            http://www.microsoft.com/technet/security/Bulletin/MS11-004.mspx
                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                            192.168.61.3

                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                              microsoft iis/7.5
                                                                                                                                                                                                                                                              cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                              CVE-2010-3972 10.0

                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                              Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2010-3972
                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                              192.168.66.8

                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                microsoft iis/7.5
                                                                                                                                                                                                                                                                cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
                                                                                                                                                                                                                                                                http://www.exploit-db.com/exploits/15803
                                                                                                                                                                                                                                                                http://www.microsoft.com/technet/security/Bulletin/MS11-004.mspx
                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                192.168.66.29

                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                  microsoft iis/7.5
                                                                                                                                                                                                                                                                  cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                  CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                  Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2010-3972
                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                  192.168.86.10

                                                                                                                                                                                                                                                                  • email-archive.example.com

                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                  microsoft iis/7.5
                                                                                                                                                                                                                                                                  cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                  CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                  Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                  http://www.exploit-db.com/exploits/15803
                                                                                                                                                                                                                                                                  http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
                                                                                                                                                                                                                                                                  http://www.microsoft.com/technet/security/Bulletin/MS11-004.mspx
                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                  192.168.86.14

                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                    microsoft iis/7.5
                                                                                                                                                                                                                                                                    cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                    CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                    Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2010-3972
                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                    192.168.87.22

                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                      microsoft iis/7.5
                                                                                                                                                                                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                      CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                      Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                      http://www.exploit-db.com/exploits/15803
                                                                                                                                                                                                                                                                      http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
                                                                                                                                                                                                                                                                      http://www.microsoft.com/technet/security/Bulletin/MS11-004.mspx
                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                      192.168.87.25

                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                        microsoft iis/7.5
                                                                                                                                                                                                                                                                        cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                        CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                        Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2010-3972
                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                        192.168.87.26

                                                                                                                                                                                                                                                                        • obop.example.com

                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                        microsoft iis/7.5
                                                                                                                                                                                                                                                                        cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                        CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                        Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                        http://www.exploit-db.com/exploits/15803
                                                                                                                                                                                                                                                                        http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
                                                                                                                                                                                                                                                                        http://www.microsoft.com/technet/security/Bulletin/MS11-004.mspx
                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                        192.168.89.89

                                                                                                                                                                                                                                                                        • www.yourwater.example.com

                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                        microsoft iis/7.5
                                                                                                                                                                                                                                                                        cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                        CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                        Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2010-3972
                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/10.html
                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                        192.168.89.98

                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                          microsoft iis/7.5
                                                                                                                                                                                                                                                                          cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                          CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                          Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                          http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
                                                                                                                                                                                                                                                                          http://www.microsoft.com/technet/security/Bulletin/MS11-004.mspx
                                                                                                                                                                                                                                                                          http://www.exploit-db.com/exploits/15803
                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                          192.168.89.108

                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                            microsoft iis/7.5
                                                                                                                                                                                                                                                                            cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                            CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                            Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2010-3972
                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/10.html
                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                            192.168.89.109

                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                              microsoft iis/7.5
                                                                                                                                                                                                                                                                              cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                              CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                              Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                              http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
                                                                                                                                                                                                                                                                              http://www.microsoft.com/technet/security/Bulletin/MS11-004.mspx
                                                                                                                                                                                                                                                                              http://www.exploit-db.com/exploits/15803
                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                              192.168.90.100

                                                                                                                                                                                                                                                                              • billing.ets.example.com

                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                              microsoft iis/7.5
                                                                                                                                                                                                                                                                              cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                              CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                              Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2010-3972
                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/10.html
                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                              192.168.100.104

                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                microsoft iis/7.5
                                                                                                                                                                                                                                                                                cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                                CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2010-3972
                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                192.168.100.164

                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                  microsoft iis/7.5
                                                                                                                                                                                                                                                                                  cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                                  CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                  Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                  http://www.exploit-db.com/exploits/15803
                                                                                                                                                                                                                                                                                  http://www.microsoft.com/technet/security/Bulletin/MS11-004.mspx
                                                                                                                                                                                                                                                                                  http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                  192.168.100.178

                                                                                                                                                                                                                                                                                  • ilearn-test.example.com

                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                  microsoft iis/7.5
                                                                                                                                                                                                                                                                                  cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                                  CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                  Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2010-3972
                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                  192.168.101.6

                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                    microsoft iis/7.5
                                                                                                                                                                                                                                                                                    cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                                    CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                    Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                    http://www.exploit-db.com/exploits/15803
                                                                                                                                                                                                                                                                                    http://www.microsoft.com/technet/security/Bulletin/MS11-004.mspx
                                                                                                                                                                                                                                                                                    http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                    192.168.110.22

                                                                                                                                                                                                                                                                                    • broadband.example.com

                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                    microsoft iis/7.5
                                                                                                                                                                                                                                                                                    cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                                    CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                    Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2010-3972
                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                    192.168.110.30

                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                      microsoft iis/7.5
                                                                                                                                                                                                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                                      CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                      Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                      http://www.exploit-db.com/exploits/15803
                                                                                                                                                                                                                                                                                      http://www.microsoft.com/technet/security/Bulletin/MS11-004.mspx
                                                                                                                                                                                                                                                                                      http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                      192.168.110.31

                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                        microsoft iis/7.5
                                                                                                                                                                                                                                                                                        cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                                        CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                        Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2010-3972
                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                        192.168.110.136

                                                                                                                                                                                                                                                                                        • inside.das.example.com

                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                        microsoft iis/7.5
                                                                                                                                                                                                                                                                                        cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                                        CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                        Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                        http://www.exploit-db.com/exploits/15803
                                                                                                                                                                                                                                                                                        http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/44.html
                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                        192.168.113.15

                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                          microsoft iis/7.5
                                                                                                                                                                                                                                                                                          cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                                          CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                          Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2010-3972
                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                          192.168.113.242

                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                            microsoft iis/7.5
                                                                                                                                                                                                                                                                                            cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                                            CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                            Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2010-3972
                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                            192.168.113.254

                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                              microsoft iis/7.5
                                                                                                                                                                                                                                                                                              cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                                              CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                              Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                              http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
                                                                                                                                                                                                                                                                                              http://www.exploit-db.com/exploits/15803
                                                                                                                                                                                                                                                                                              http://www.microsoft.com/technet/security/Bulletin/MS11-004.mspx
                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                              crimstest.example.com

                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                microsoft iis/7.5
                                                                                                                                                                                                                                                                                                cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                                                CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2010-3972
                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                crims.example.com

                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                  microsoft iis/7.5
                                                                                                                                                                                                                                                                                                  cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                                                  CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                  Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                  http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
                                                                                                                                                                                                                                                                                                  http://www.exploit-db.com/exploits/15803
                                                                                                                                                                                                                                                                                                  http://www.microsoft.com/technet/security/Bulletin/MS11-004.mspx
                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                  ommpsystem.example.com

                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                    microsoft iis/7.5
                                                                                                                                                                                                                                                                                                    cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                                                    CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                    Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2010-3972
                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                    mmdapply.example.com

                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                      microsoft iis/7.5
                                                                                                                                                                                                                                                                                                      cpe:/a:microsoft:iis:7.5
                                                                                                                                                                                                                                                                                                      CVE-2010-3972 10.0

                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                      Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                      http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
                                                                                                                                                                                                                                                                                                      http://www.exploit-db.com/exploits/15803
                                                                                                                                                                                                                                                                                                      http://www.microsoft.com/technet/security/Bulletin/MS11-004.mspx
                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                      192.168.27.4

                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                        apache/2.2.6
                                                                                                                                                                                                                                                                                                        cpe:/a:apache:http_server:2.2.6
                                                                                                                                                                                                                                                                                                        CVE-2012-0883 6.9

                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                        envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.

                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                        http://svn.apache.org/viewvc?view=revision&revision=1296428
                                                                                                                                                                                                                                                                                                        https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
                                                                                                                                                                                                                                                                                                        http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                        192.168.27.5

                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                          apache/2.2.6
                                                                                                                                                                                                                                                                                                          cpe:/a:apache:http_server:2.2.6
                                                                                                                                                                                                                                                                                                          CVE-2012-0883 6.9

                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                          envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.

                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                          https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2012-0883
                                                                                                                                                                                                                                                                                                          http://article.gmane.org/gmane.comp.apache.devel/48158
                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                          192.168.90.91

                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                            apache/2.2.10
                                                                                                                                                                                                                                                                                                            cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                            CVE-2012-0883 6.9

                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                            envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.

                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                            http://svn.apache.org/viewvc?view=revision&revision=1296428
                                                                                                                                                                                                                                                                                                            https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
                                                                                                                                                                                                                                                                                                            http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                            192.168.100.156

                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                              apache/2.2.10
                                                                                                                                                                                                                                                                                                              cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                              CVE-2012-0883 6.9

                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                              envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.

                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                              https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2012-0883
                                                                                                                                                                                                                                                                                                              http://article.gmane.org/gmane.comp.apache.devel/48158
                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                              192.168.102.78

                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                apache/2.2.10
                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                CVE-2012-0883 6.9

                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.

                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                http://svn.apache.org/viewvc?view=revision&revision=1296428
                                                                                                                                                                                                                                                                                                                https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
                                                                                                                                                                                                                                                                                                                http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                192.168.27.4

                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                  apache/2.2.6
                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.2.6
                                                                                                                                                                                                                                                                                                                  CVE-2012-3499 4.3

                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                  Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.

                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                  http://www.securityfocus.com/bid/64758
                                                                                                                                                                                                                                                                                                                  http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
                                                                                                                                                                                                                                                                                                                  http://www.debian.org/security/2013/dsa-2637
                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                  192.168.27.5

                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                    apache/2.2.6
                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.2.6
                                                                                                                                                                                                                                                                                                                    CVE-2012-3499 4.3

                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                    Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.

                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/592.html
                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/588.html
                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/209.html
                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                    192.168.90.91

                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                      apache/2.2.10
                                                                                                                                                                                                                                                                                                                      cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                      CVE-2012-3499 4.3

                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                      Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.

                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                      http://www.securityfocus.com/bid/64758
                                                                                                                                                                                                                                                                                                                      http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
                                                                                                                                                                                                                                                                                                                      http://www.debian.org/security/2013/dsa-2637
                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                      192.168.100.156

                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                        apache/2.2.10
                                                                                                                                                                                                                                                                                                                        cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                        CVE-2012-3499 4.3

                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                        Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.

                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/592.html
                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/588.html
                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/209.html
                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                        192.168.102.78

                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                          apache/2.2.10
                                                                                                                                                                                                                                                                                                                          cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                          CVE-2012-3499 4.3

                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                          Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.

                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                          http://www.securityfocus.com/bid/64758
                                                                                                                                                                                                                                                                                                                          http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
                                                                                                                                                                                                                                                                                                                          http://www.debian.org/security/2013/dsa-2637
                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                          192.168.27.4

                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                            apache/2.2.6
                                                                                                                                                                                                                                                                                                                            cpe:/a:apache:http_server:2.2.6
                                                                                                                                                                                                                                                                                                                            CVE-2012-4558 4.3

                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                            Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.

                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                            http://www.securityfocus.com/bid/64758
                                                                                                                                                                                                                                                                                                                            http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
                                                                                                                                                                                                                                                                                                                            http://www.debian.org/security/2013/dsa-2637
                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                            192.168.27.5

                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                              apache/2.2.6
                                                                                                                                                                                                                                                                                                                              cpe:/a:apache:http_server:2.2.6
                                                                                                                                                                                                                                                                                                                              CVE-2012-4558 4.3

                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                              Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.

                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/209.html
                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/592.html
                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/591.html
                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                              192.168.90.91

                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                apache/2.2.10
                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                CVE-2012-4558 4.3

                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.

                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                http://webappsec.pbworks.com/Cross-Site+Scripting
                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/85.html
                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/63.html
                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                192.168.100.156

                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                  apache/2.2.10
                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                  CVE-2012-4558 4.3

                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                  Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.

                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/209.html
                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/592.html
                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/591.html
                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                  192.168.102.78

                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                    apache/2.2.10
                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                    CVE-2012-4558 4.3

                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                    Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.

                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                    http://www.securityfocus.com/bid/64758
                                                                                                                                                                                                                                                                                                                                    http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
                                                                                                                                                                                                                                                                                                                                    http://www.debian.org/security/2013/dsa-2637
                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                    192.168.27.4

                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                      apache/2.2.6
                                                                                                                                                                                                                                                                                                                                      cpe:/a:apache:http_server:2.2.6
                                                                                                                                                                                                                                                                                                                                      CVE-2013-1862 5.1

                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                      mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2013-1862
                                                                                                                                                                                                                                                                                                                                      http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch
                                                                                                                                                                                                                                                                                                                                      https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                      192.168.27.5

                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                        apache/2.2.6
                                                                                                                                                                                                                                                                                                                                        cpe:/a:apache:http_server:2.2.6
                                                                                                                                                                                                                                                                                                                                        CVE-2013-1862 5.1

                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                        mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                        http://www.securityfocus.com/bid/59826
                                                                                                                                                                                                                                                                                                                                        http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html
                                                                                                                                                                                                                                                                                                                                        http://rhn.redhat.com/errata/RHSA-2013-0815.html
                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                        192.168.90.91

                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                          apache/2.2.10
                                                                                                                                                                                                                                                                                                                                          cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                          CVE-2013-1862 5.1

                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                          mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                          http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html
                                                                                                                                                                                                                                                                                                                                          http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html
                                                                                                                                                                                                                                                                                                                                          http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html
                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                          192.168.100.156

                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                            apache/2.2.10
                                                                                                                                                                                                                                                                                                                                            cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                            CVE-2013-1862 5.1

                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                            mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                            http://www.securityfocus.com/bid/59826
                                                                                                                                                                                                                                                                                                                                            http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html
                                                                                                                                                                                                                                                                                                                                            http://rhn.redhat.com/errata/RHSA-2013-0815.html
                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                            192.168.101.137

                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                              apache/2.2.3
                                                                                                                                                                                                                                                                                                                                              cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                              CVE-2013-1862 5.1

                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                              mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                              http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html
                                                                                                                                                                                                                                                                                                                                              http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html
                                                                                                                                                                                                                                                                                                                                              http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html
                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                              192.168.101.147

                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                CVE-2013-1862 5.1

                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                http://www-01.ibm.com/support/docview.wss?uid=swg21644047
                                                                                                                                                                                                                                                                                                                                                http://www.mandriva.com/security/advisories?name=MDVSA-2013:174
                                                                                                                                                                                                                                                                                                                                                http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                192.168.102.78

                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                  apache/2.2.10
                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                                  CVE-2013-1862 5.1

                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                  mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                  http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html
                                                                                                                                                                                                                                                                                                                                                  http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html
                                                                                                                                                                                                                                                                                                                                                  http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html
                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                  192.168.102.101

                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                    apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                    CVE-2013-1862 5.1

                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                    mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                    http://www-01.ibm.com/support/docview.wss?uid=swg21644047
                                                                                                                                                                                                                                                                                                                                                    http://www.mandriva.com/security/advisories?name=MDVSA-2013:174
                                                                                                                                                                                                                                                                                                                                                    http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                    192.168.102.102

                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                      apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                      cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                      CVE-2013-1862 5.1

                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                      mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                      http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html
                                                                                                                                                                                                                                                                                                                                                      http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html
                                                                                                                                                                                                                                                                                                                                                      http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html
                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                      192.168.110.137

                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                        apache/2.2.16
                                                                                                                                                                                                                                                                                                                                                        cpe:/a:apache:http_server:2.2.16
                                                                                                                                                                                                                                                                                                                                                        CVE-2013-1862 5.1

                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                        mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                        http://www.securityfocus.com/bid/59826
                                                                                                                                                                                                                                                                                                                                                        http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html
                                                                                                                                                                                                                                                                                                                                                        http://rhn.redhat.com/errata/RHSA-2013-0815.html
                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                        192.168.114.9

                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                          apache/2.2.24
                                                                                                                                                                                                                                                                                                                                                          cpe:/a:apache:http_server:2.2.24
                                                                                                                                                                                                                                                                                                                                                          CVE-2013-1862 5.1

                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                          mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                          http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html
                                                                                                                                                                                                                                                                                                                                                          http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html
                                                                                                                                                                                                                                                                                                                                                          http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html
                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                          192.168.27.4

                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                            apache/2.2.6
                                                                                                                                                                                                                                                                                                                                                            cpe:/a:apache:http_server:2.2.6
                                                                                                                                                                                                                                                                                                                                                            CVE-2013-1896 4.3

                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                            mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2013-1896
                                                                                                                                                                                                                                                                                                                                                            http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?r1=1482522&r2=1485668&diff_format=h
                                                                                                                                                                                                                                                                                                                                                            https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                            192.168.27.5

                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                              apache/2.2.6
                                                                                                                                                                                                                                                                                                                                                              cpe:/a:apache:http_server:2.2.6
                                                                                                                                                                                                                                                                                                                                                              CVE-2013-1896 4.3

                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                              mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                              https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                              http://www.securityfocus.com/bid/61129
                                                                                                                                                                                                                                                                                                                                                              http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html
                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                              192.168.86.227

                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                apache/2.2.22
                                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.2.22
                                                                                                                                                                                                                                                                                                                                                                CVE-2013-1896 4.3

                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2013-1896
                                                                                                                                                                                                                                                                                                                                                                http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?r1=1482522&r2=1485668&diff_format=h
                                                                                                                                                                                                                                                                                                                                                                https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                192.168.90.91

                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                  apache/2.2.10
                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                                                  CVE-2013-1896 4.3

                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                  mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                  https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                  http://www.securityfocus.com/bid/61129
                                                                                                                                                                                                                                                                                                                                                                  http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html
                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                  192.168.100.156

                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                    apache/2.2.10
                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                                                    CVE-2013-1896 4.3

                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                    mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2013-1896
                                                                                                                                                                                                                                                                                                                                                                    http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?r1=1482522&r2=1485668&diff_format=h
                                                                                                                                                                                                                                                                                                                                                                    https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                    192.168.101.137

                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                      apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                                      CVE-2013-1896 4.3

                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                      mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                      https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                      http://www.securityfocus.com/bid/61129
                                                                                                                                                                                                                                                                                                                                                                      http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html
                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                      192.168.101.147

                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                        apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                                        CVE-2013-1896 4.3

                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                        mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2013-1896
                                                                                                                                                                                                                                                                                                                                                                        http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?r1=1482522&r2=1485668&diff_format=h
                                                                                                                                                                                                                                                                                                                                                                        https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                        192.168.102.78

                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                          apache/2.2.10
                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                                                          CVE-2013-1896 4.3

                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                          mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                          https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                          http://www.securityfocus.com/bid/61129
                                                                                                                                                                                                                                                                                                                                                                          http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html
                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                          192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                            apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                                            CVE-2013-1896 4.3

                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                            mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2013-1896
                                                                                                                                                                                                                                                                                                                                                                            http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?r1=1482522&r2=1485668&diff_format=h
                                                                                                                                                                                                                                                                                                                                                                            https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                            192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                              apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                                              CVE-2013-1896 4.3

                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                              mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                              https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                              http://www.securityfocus.com/bid/61129
                                                                                                                                                                                                                                                                                                                                                                              http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html
                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                              192.168.110.137

                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                apache/2.2.16
                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.2.16
                                                                                                                                                                                                                                                                                                                                                                                CVE-2013-1896 4.3

                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2013-1896
                                                                                                                                                                                                                                                                                                                                                                                http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?r1=1482522&r2=1485668&diff_format=h
                                                                                                                                                                                                                                                                                                                                                                                https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                192.168.114.9

                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                  apache/2.2.24
                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.2.24
                                                                                                                                                                                                                                                                                                                                                                                  CVE-2013-1896 4.3

                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                  mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                  https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                  http://www.securityfocus.com/bid/61129
                                                                                                                                                                                                                                                                                                                                                                                  http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html
                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                  192.168.27.4

                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                    apache/2.2.6
                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.2.6
                                                                                                                                                                                                                                                                                                                                                                                    CVE-2013-2249 7.5

                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                    mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                    http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_dbd.c?r1=1409170&r2=1488158&diff_format=h
                                                                                                                                                                                                                                                                                                                                                                                    http://www.apache.org/dist/httpd/CHANGES_2.4.6
                                                                                                                                                                                                                                                                                                                                                                                    http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-2249
                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                    192.168.27.5

                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                      apache/2.2.6
                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:apache:http_server:2.2.6
                                                                                                                                                                                                                                                                                                                                                                                      CVE-2013-2249 7.5

                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                      mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2013-2249
                                                                                                                                                                                                                                                                                                                                                                                      https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                      http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                      192.168.86.227

                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                        apache/2.2.22
                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:apache:http_server:2.2.22
                                                                                                                                                                                                                                                                                                                                                                                        CVE-2013-2249 7.5

                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                        mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                        http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_dbd.c?r1=1409170&r2=1488158&diff_format=h
                                                                                                                                                                                                                                                                                                                                                                                        http://www.apache.org/dist/httpd/CHANGES_2.4.6
                                                                                                                                                                                                                                                                                                                                                                                        http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-2249
                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                        192.168.90.91

                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                          apache/2.2.10
                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                                                                          CVE-2013-2249 7.5

                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                          mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2013-2249
                                                                                                                                                                                                                                                                                                                                                                                          https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                          http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                          192.168.100.156

                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                            apache/2.2.10
                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                                                                            CVE-2013-2249 7.5

                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                            mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                            http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_dbd.c?r1=1409170&r2=1488158&diff_format=h
                                                                                                                                                                                                                                                                                                                                                                                            http://www.apache.org/dist/httpd/CHANGES_2.4.6
                                                                                                                                                                                                                                                                                                                                                                                            http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-2249
                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                            192.168.101.137

                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                              apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                                                              CVE-2013-2249 7.5

                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                              mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2013-2249
                                                                                                                                                                                                                                                                                                                                                                                              https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                              http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                              192.168.101.147

                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                CVE-2013-2249 7.5

                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_dbd.c?r1=1409170&r2=1488158&diff_format=h
                                                                                                                                                                                                                                                                                                                                                                                                http://www.apache.org/dist/httpd/CHANGES_2.4.6
                                                                                                                                                                                                                                                                                                                                                                                                http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-2249
                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                192.168.102.78

                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                  apache/2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2013-2249 7.5

                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                  mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2013-2249
                                                                                                                                                                                                                                                                                                                                                                                                  https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                  http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                  192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2013-2249 7.5

                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                    mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                    http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_dbd.c?r1=1409170&r2=1488158&diff_format=h
                                                                                                                                                                                                                                                                                                                                                                                                    http://www.apache.org/dist/httpd/CHANGES_2.4.6
                                                                                                                                                                                                                                                                                                                                                                                                    http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-2249
                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                    192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                      apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2013-2249 7.5

                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                      mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2013-2249
                                                                                                                                                                                                                                                                                                                                                                                                      https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                      http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                      192.168.110.137

                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                        apache/2.2.16
                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:apache:http_server:2.2.16
                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2013-2249 7.5

                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                        mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                        http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_dbd.c?r1=1409170&r2=1488158&diff_format=h
                                                                                                                                                                                                                                                                                                                                                                                                        http://www.apache.org/dist/httpd/CHANGES_2.4.6
                                                                                                                                                                                                                                                                                                                                                                                                        http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-2249
                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                        192.168.114.9

                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                          apache/2.2.24
                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:apache:http_server:2.2.24
                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2013-2249 7.5

                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                          mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2013-2249
                                                                                                                                                                                                                                                                                                                                                                                                          https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                          http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                          192.168.90.91

                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                            php/5.2.6
                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:php:php:5.2.6
                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2013-4248 4.3

                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                            The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/99.html
                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/101.html
                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/52.html
                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                            192.168.90.91

                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                              php/5.2.6
                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:php:php:5.2.6
                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2013-4635 5.0

                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                              Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function.

                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                              https://bugs.php.net/bug.php?id=64895
                                                                                                                                                                                                                                                                                                                                                                                                              http://www.ubuntu.com/usn/USN-1905-1
                                                                                                                                                                                                                                                                                                                                                                                                              http://www.securitytracker.com/id/1028699
                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                              192.168.86.227

                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                apache/2.2.22
                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.2.22
                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2013-5704 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                http://www.ubuntu.com/usn/USN-2523-1
                                                                                                                                                                                                                                                                                                                                                                                                                http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
                                                                                                                                                                                                                                                                                                                                                                                                                http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1610674&r2=1610814&diff_format=h
                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                192.168.27.4

                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                  apache/2.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2013-6438 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                  The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                  http://security.gentoo.org/glsa/glsa-201408-12.xml
                                                                                                                                                                                                                                                                                                                                                                                                                  http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
                                                                                                                                                                                                                                                                                                                                                                                                                  https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                  192.168.27.5

                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2013-6438 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                    The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                    http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
                                                                                                                                                                                                                                                                                                                                                                                                                    http://www-01.ibm.com/support/docview.wss?uid=swg21669554
                                                                                                                                                                                                                                                                                                                                                                                                                    http://www-01.ibm.com/support/docview.wss?uid=swg21676091
                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                    192.168.86.227

                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                      apache/2.2.22
                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:apache:http_server:2.2.22
                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2013-6438 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                      The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                      http://security.gentoo.org/glsa/glsa-201408-12.xml
                                                                                                                                                                                                                                                                                                                                                                                                                      http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
                                                                                                                                                                                                                                                                                                                                                                                                                      https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                      192.168.90.91

                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                        apache/2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2013-6438 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                        The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                        http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
                                                                                                                                                                                                                                                                                                                                                                                                                        http://www-01.ibm.com/support/docview.wss?uid=swg21669554
                                                                                                                                                                                                                                                                                                                                                                                                                        http://www-01.ibm.com/support/docview.wss?uid=swg21676091
                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                        192.168.100.156

                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                          apache/2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2013-6438 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                          The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                          http://security.gentoo.org/glsa/glsa-201408-12.xml
                                                                                                                                                                                                                                                                                                                                                                                                                          http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
                                                                                                                                                                                                                                                                                                                                                                                                                          https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                          192.168.101.137

                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                            apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2013-6438 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                            The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                            http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
                                                                                                                                                                                                                                                                                                                                                                                                                            http://www-01.ibm.com/support/docview.wss?uid=swg21669554
                                                                                                                                                                                                                                                                                                                                                                                                                            http://www-01.ibm.com/support/docview.wss?uid=swg21676091
                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                            192.168.101.147

                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                              apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2013-6438 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                              The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                              http://security.gentoo.org/glsa/glsa-201408-12.xml
                                                                                                                                                                                                                                                                                                                                                                                                                              http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
                                                                                                                                                                                                                                                                                                                                                                                                                              https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                              192.168.102.78

                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                apache/2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2013-6438 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
                                                                                                                                                                                                                                                                                                                                                                                                                                http://www-01.ibm.com/support/docview.wss?uid=swg21669554
                                                                                                                                                                                                                                                                                                                                                                                                                                http://www-01.ibm.com/support/docview.wss?uid=swg21676091
                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                  apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2013-6438 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                  The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                  http://security.gentoo.org/glsa/glsa-201408-12.xml
                                                                                                                                                                                                                                                                                                                                                                                                                                  http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
                                                                                                                                                                                                                                                                                                                                                                                                                                  https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                  192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2013-6438 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                    The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                    http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
                                                                                                                                                                                                                                                                                                                                                                                                                                    http://www-01.ibm.com/support/docview.wss?uid=swg21669554
                                                                                                                                                                                                                                                                                                                                                                                                                                    http://www-01.ibm.com/support/docview.wss?uid=swg21676091
                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                    192.168.110.137

                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                      apache/2.2.16
                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:apache:http_server:2.2.16
                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2013-6438 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                      The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                      http://security.gentoo.org/glsa/glsa-201408-12.xml
                                                                                                                                                                                                                                                                                                                                                                                                                                      http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
                                                                                                                                                                                                                                                                                                                                                                                                                                      https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                      192.168.114.9

                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                        apache/2.2.24
                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:apache:http_server:2.2.24
                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2013-6438 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                        The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                        http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
                                                                                                                                                                                                                                                                                                                                                                                                                                        http://www-01.ibm.com/support/docview.wss?uid=swg21669554
                                                                                                                                                                                                                                                                                                                                                                                                                                        http://www-01.ibm.com/support/docview.wss?uid=swg21676091
                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                        192.168.27.4

                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                          apache/2.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:apache:http_server:2.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2014-0098 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                          The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/43.html
                                                                                                                                                                                                                                                                                                                                                                                                                                          http://webappsec.pbworks.com/Improper-Input-Handling
                                                                                                                                                                                                                                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2014-0098
                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                          192.168.27.5

                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                            apache/2.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:apache:http_server:2.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2014-0098 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                            The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                            https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                            http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
                                                                                                                                                                                                                                                                                                                                                                                                                                            http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html
                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                            192.168.86.227

                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                              apache/2.2.22
                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:apache:http_server:2.2.22
                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2014-0098 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                              The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/43.html
                                                                                                                                                                                                                                                                                                                                                                                                                                              http://webappsec.pbworks.com/Improper-Input-Handling
                                                                                                                                                                                                                                                                                                                                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2014-0098
                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                              192.168.90.91

                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                apache/2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2014-0098 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
                                                                                                                                                                                                                                                                                                                                                                                                                                                http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.100.156

                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                  apache/2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2014-0098 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                  The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/43.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                  http://webappsec.pbworks.com/Improper-Input-Handling
                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2014-0098
                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                  192.168.101.137

                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2014-0098 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                    The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                    http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
                                                                                                                                                                                                                                                                                                                                                                                                                                                    http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                    192.168.101.147

                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                      apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2014-0098 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                      The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/43.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                      http://webappsec.pbworks.com/Improper-Input-Handling
                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2014-0098
                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                      192.168.102.78

                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                        apache/2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2014-0098 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                        The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                        http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
                                                                                                                                                                                                                                                                                                                                                                                                                                                        http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                        192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                          apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2014-0098 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                          The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/43.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                          http://webappsec.pbworks.com/Improper-Input-Handling
                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2014-0098
                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                          192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                            apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2014-0098 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                            The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                            http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
                                                                                                                                                                                                                                                                                                                                                                                                                                                            http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                            192.168.110.137

                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                              apache/2.2.16
                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:apache:http_server:2.2.16
                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2014-0098 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                              The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/43.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                              http://webappsec.pbworks.com/Improper-Input-Handling
                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2014-0098
                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                              192.168.114.9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                apache/2.2.24
                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.2.24
                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2014-0098 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
                                                                                                                                                                                                                                                                                                                                                                                                                                                                http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.27.4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                  openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2014-0221 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2014-0221
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                  192.168.27.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                    openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2014-0221 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2014-0221
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                    192.168.27.4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                      openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2014-0224 6.8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                      OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2014-0224
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                      192.168.27.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                        openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2014-0224 6.8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                        OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2014-0224
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                        teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                          apache/2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:apache:http_server:2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2014-0226 6.8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2014-0226
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/29.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/26.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                          192.168.27.4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                            apache/2.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:apache:http_server:2.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2014-0231 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2014-0231
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            http://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://bugzilla.redhat.com/show_bug.cgi?id=1120596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                            192.168.27.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                              apache/2.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:apache:http_server:2.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2014-0231 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                              http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://security.gentoo.org/glsa/201504-03
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                              192.168.86.227

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                apache/2.2.22
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.2.22
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2014-0231 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2014-0231
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                http://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://bugzilla.redhat.com/show_bug.cgi?id=1120596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.90.91

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  apache/2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2014-0231 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://security.gentoo.org/glsa/201504-03
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  192.168.100.156

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2014-0231 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2014-0231
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    http://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://bugzilla.redhat.com/show_bug.cgi?id=1120596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    192.168.101.137

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2014-0231 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://security.gentoo.org/glsa/201504-03
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      192.168.101.147

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2014-0231 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2014-0231
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        http://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://bugzilla.redhat.com/show_bug.cgi?id=1120596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        192.168.102.78

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          apache/2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:apache:http_server:2.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2014-0231 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://security.gentoo.org/glsa/201504-03
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          http://marc.info/?l=bugtraq&m=144493176821532&w=2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2014-0231 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2014-0231
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            http://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://bugzilla.redhat.com/show_bug.cgi?id=1120596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2014-0231 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://security.gentoo.org/glsa/201504-03
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              http://marc.info/?l=bugtraq&m=144493176821532&w=2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              192.168.110.137

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                apache/2.2.16
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.2.16
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2014-0231 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2014-0231
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                http://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://bugzilla.redhat.com/show_bug.cgi?id=1120596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.114.9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  apache/2.2.24
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.2.24
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2014-0231 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://security.gentoo.org/glsa/201504-03
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  http://marc.info/?l=bugtraq&m=144493176821532&w=2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2014-0231 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    http://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://bugzilla.redhat.com/show_bug.cgi?id=1120596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    http://www.securityfocus.com/bid/68742
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    192.168.90.91

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      php/5.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:php:php:5.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2014-0237 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2014-0237
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://bugs.php.net/bug.php?id=67328
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      192.168.90.91

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        php/5.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:php:php:5.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2014-0238 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2014-0238
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        192.168.90.91

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          php/5.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:php:php:5.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2014-2497 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2014-2497
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://bugzilla.redhat.com/show_bug.cgi?id=1076676
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://bugs.php.net/bug.php?id=66901
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          192.168.27.4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2014-3470 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2014-3470
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            192.168.27.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2014-3470 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2014-3470
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              192.168.27.4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2014-3505 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2014-3505
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.27.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2014-3505 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2014-3505
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  192.168.27.4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2014-3506 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2014-3506
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    192.168.27.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2014-3506 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2014-3506
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      192.168.27.4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2014-3507 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2014-3507
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        192.168.27.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2014-3507 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2014-3507
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          192.168.27.4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2014-3508 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2014-3508
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/60.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/59.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            192.168.27.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2014-3508 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              http://webappsec.pbworks.com/Information-Leakage
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/13.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/79.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              192.168.27.4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2014-3510 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2014-3510
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.27.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2014-3510 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2014-3510
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2014-3523 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2014-3523
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    192.168.27.4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2014-3566 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2014-3566
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      192.168.27.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2014-3566 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2014-3566
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          apache/2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:apache:http_server:2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2014-8109 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://issues.apache.org/bugzilla/show_bug.cgi?id=57204
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://github.com/apache/httpd/commit/3f1693d558d0758f829c8b53993f1749ddf6ffcb
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://bugzilla.redhat.com/show_bug.cgi?id=1174077
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          192.168.90.91

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            php/5.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:php:php:5.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2014-8626 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2014-8626
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            192.168.90.91

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              php/5.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:php:php:5.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2014-9427 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2014-9427
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              ohsionline-mpa3.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2015-2464 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2463.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/473.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/43.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/484.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ohsionline-mpa2.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2015-2464 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2463.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  http://www.securityfocus.com/bid/76240
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  http://technet.microsoft.com/security/bulletin/MS15-080
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/85.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ohsionline-mpa1.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2015-2464 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2463.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/473.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/43.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/484.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    ohsionline-lrapp.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2015-2464 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2463.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      http://www.securityfocus.com/bid/76240
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      http://technet.microsoft.com/security/bulletin/MS15-080
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/85.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      ohsionline-lpa.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2015-2464 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2463.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/473.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/43.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/484.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        webmail.oce.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2015-2464 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2463.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          http://www.securityfocus.com/bid/76240
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          http://technet.microsoft.com/security/bulletin/MS15-080
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/85.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          ommpsystem.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2015-2464 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2463.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/473.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/43.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/484.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            mmdapply.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2015-2464 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2463.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              http://technet.microsoft.com/security/bulletin/MS15-080
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/85.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/73.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              ohsionline-mpa3.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2015-2504 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka ".NET Elevation of Privilege Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2015-2504
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ohsionline-mpa2.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2015-2504 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka ".NET Elevation of Privilege Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/14.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ohsionline-mpa1.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2015-2504 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka ".NET Elevation of Privilege Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2015-2504
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    ohsionline-lrapp.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2015-2504 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka ".NET Elevation of Privilege Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/14.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      ohsionline-lpa.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2015-2504 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka ".NET Elevation of Privilege Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2015-2504
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        webmail.oce.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2015-2504 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka ".NET Elevation of Privilege Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/14.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          ommpsystem.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2015-2504 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka ".NET Elevation of Privilege Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2015-2504
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            mmdapply.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2015-2504 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka ".NET Elevation of Privilege Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/14.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              192.168.102.89

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                apache/2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2015-3185 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                http://www.securityfocus.com/bid/75965
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://support.apple.com/kb/HT205031
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  apache/2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2015-3185 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  http://www.debian.org/security/2015/dsa-3325
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  http://www.ubuntu.com/usn/USN-2686-1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://support.apple.com/HT205217
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ohsionline-mpa3.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2015-6096 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2015-6096
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/472.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/116.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    ohsionline-mpa2.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2015-6096 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      http://webappsec.pbworks.com/Information-Leakage
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/13.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/79.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      ohsionline-mpa1.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2015-6096 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2015-6096
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/472.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/116.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        ohsionline-lrapp.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2015-6096 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/22.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/59.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/117.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          ohsionline-lpa.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2015-6096 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/616.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/169.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/60.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            webmail.oce.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2015-6096 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/22.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/59.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/117.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              ommpsystem.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2015-6096 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/616.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/169.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/60.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                mmdapply.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2015-6096 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/22.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/59.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/117.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ohsionline-mpa3.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2015-6099 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2015-6099
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/63.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/591.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    ohsionline-mpa2.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2015-6099 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      http://webappsec.pbworks.com/Cross-Site+Scripting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/209.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/592.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      ohsionline-mpa1.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2015-6099 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2015-6099
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/63.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/591.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        ohsionline-lrapp.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2015-6099 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          http://webappsec.pbworks.com/Cross-Site+Scripting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/209.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/592.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          ohsionline-lpa.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2015-6099 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2015-6099
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/63.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/591.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            webmail.oce.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2015-6099 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              http://webappsec.pbworks.com/Cross-Site+Scripting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/209.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/592.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              ommpsystem.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2015-6099 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2015-6099
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/63.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/591.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                mmdapply.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2015-6099 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  http://webappsec.pbworks.com/Cross-Site+Scripting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/209.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/592.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ohsionline-mpa3.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2015-6108 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2015-6108
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    ohsionline-mpa2.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2015-6108 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      http://technet.microsoft.com/security/bulletin/MS15-128
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      ohsionline-mpa1.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2015-6108 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2015-6108
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        ohsionline-lrapp.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2015-6108 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          http://technet.microsoft.com/security/bulletin/MS15-128
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          ohsionline-lpa.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2015-6108 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2015-6108
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            webmail.oce.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2015-6108 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              http://technet.microsoft.com/security/bulletin/MS15-128
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              ommpsystem.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2015-6108 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2015-6108
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                mmdapply.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  microsoft .net_framework/4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:microsoft:.net_framework:4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2015-6108 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  http://technet.microsoft.com/security/bulletin/MS15-128
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    php/5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:php:php:5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2015-8867 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2015-8867
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://bugs.php.net/bug.php?id=70014
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1534203
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      php/5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:php:php:5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2015-8873 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/66.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/7.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/99.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        php/5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:php:php:5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2015-8876 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2015-8876
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://bugs.php.net/bug.php?id=70121
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        http://www.php.net/ChangeLog-5.php
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          php/5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:php:php:5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2015-8935 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          http://www.openwall.com/lists/oss-security/2016/06/20/3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://bugs.php.net/bug.php?id=68978
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://github.com/php/php-src/commit/996faf964bba1aec06b153b370a7f20d3dd2bb8b?w=1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          192.168.90.91

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            php/5.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:php:php:5.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2015-8994 6.8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode ("opcode" in PHP jargon). Cache keys vary depending on configuration, but filename is a central key component, and compiled opcode can generally be run if a script's filename is known or can be guessed. Many common shared-hosting configurations change EUID in child processes to enforce privilege separation among hosted users (for example using mod_ruid2 for the Apache HTTP Server, or php-fpm user settings). In these scenarios, the default Zend OpCache behavior defeats script file permissions by sharing a single SHM cache among all child PHP processes. PHP scripts often contain sensitive information: Think of CMS configurations where reading or running another user's script usually means gaining privileges to the CMS database.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2015-8994
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            http://marc.info/?l=php-internals&m=147876797317925&w=2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            http://marc.info/?l=php-internals&m=147921016724565&w=2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              php/5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:php:php:5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2015-8994 6.8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode ("opcode" in PHP jargon). Cache keys vary depending on configuration, but filename is a central key component, and compiled opcode can generally be run if a script's filename is known or can be guessed. Many common shared-hosting configurations change EUID in child processes to enforce privilege separation among hosted users (for example using mod_ruid2 for the Apache HTTP Server, or php-fpm user settings). In these scenarios, the default Zend OpCache behavior defeats script file permissions by sharing a single SHM cache among all child PHP processes. PHP scripts often contain sensitive information: Think of CMS configurations where reading or running another user's script usually means gaining privileges to the CMS database.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://ma.ttias.be/a-better-way-to-run-php-fpm/
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://bugs.php.net/bug.php?id=69090
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              http://seclists.org/oss-sec/2017/q1/520
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              exampleobo.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                microsoft .net_framework/2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:microsoft:.net_framework:2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2016-0149 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2016-0149
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/117.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/169.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example-rps.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  microsoft .net_framework/2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:microsoft:.net_framework:2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2016-0149 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/224.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  http://webappsec.pbworks.com/Information-Leakage
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/79.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  public.health.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    microsoft .net_framework/2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:microsoft:.net_framework:2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2016-0149 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2016-0149
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/117.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/169.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    192.168.102.89

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      apache/2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:apache:http_server:2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2016-0736 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2016-0736
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        apache/2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:apache:http_server:2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2016-0736 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2016-0736
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        192.168.114.15

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          nginx/1.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:nginx:nginx:1.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2016-0742 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2016-0742
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          192.168.114.15

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            nginx/1.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:nginx:nginx:1.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2016-0746 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Use-after-free vulnerability in the resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2016-0746
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            192.168.114.15

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              nginx/1.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:nginx:nginx:1.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2016-0747 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2016-0747
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              192.168.102.89

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                apache/2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2016-2161 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/64.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/31.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  apache/2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2016-2161 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2016-2161
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/31.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/64.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2016-2179 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2016-2179
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2016-2179 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2016-2179
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2016-2180 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2016-2180
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/540.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2016-2180 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/540.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2016-2180
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2016-2181 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2016-2181
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2016-2181 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2016-2181
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2016-2182 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2016-2182
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2016-2182 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2016-2182
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2016-2842 10.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2016-2842
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/14.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/44.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2016-2842 10.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/46.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/42.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        php/5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:php:php:5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2016-3185 6.4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://git.php.net/?p=php-src.git;a=commit;h=eaf4e77190d402ea014207e9a7d5da1a4f3727ba
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://bugs.php.net/bug.php?id=71610
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://bugs.php.net/bug.php?id=70081
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        exampleobo.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          microsoft .net_framework/2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:microsoft:.net_framework:2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2016-3255 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2016-3255
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/22.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/169.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example-rps.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            microsoft .net_framework/2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:microsoft:.net_framework:2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2016-3255 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/79.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/13.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            http://webappsec.pbworks.com/Information-Leakage
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            public.health.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              microsoft .net_framework/2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:microsoft:.net_framework:2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2016-3255 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2016-3255
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/22.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/169.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                php/5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:php:php:5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2016-4071 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://support.apple.com/HT206567
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://git.php.net/?p=php-src.git;a=commit;h=6e25966544fb1d2f3d7596e060ce9c9269bbdcf8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://bugs.php.net/bug.php?id=71704
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  php/5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:php:php:5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2016-4072 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2016-4072
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/53.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/78.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    php/5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:php:php:5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2016-4073 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2016-4073
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://security.gentoo.org/glsa/201611-22
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2016-4979 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      http://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      http://www.apache.org/dist/httpd/CHANGES_2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      http://www.openwall.com/lists/oss-security/2016/07/05/5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2016-5387 5.1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://security.gentoo.org/glsa/201701-36
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2016-6302 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/71.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/3.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/46.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2016-6302 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/85.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/73.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/588.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2016-6303 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2016-6303
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2016-6303 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2016-6303
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2016-6304 7.8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2016-6304
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2016-6304 7.8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2016-6304
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2016-6306 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2016-6306
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/540.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2016-6306 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/540.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2016-6306
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        192.168.90.91

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          php/5.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:php:php:5.2.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2016-7478 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2016-7478
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            php/5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:php:php:5.5.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2016-7478 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://www.youtube.com/watch?v=LDcaPstAuPk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://bugs.php.net/bug.php?id=73093
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            http://www.securityfocus.com/bid/95150
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2016-8740 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://security.gentoo.org/glsa/201701-36
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              http://www.securityfocus.com/bid/94650
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              192.168.102.89

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                apache/2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2016-8743 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2016-8743
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2016-8743 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2016-8743
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2016-8743 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2016-8743
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    exampleobo.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      microsoft .net_framework/2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:microsoft:.net_framework:2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2017-0160 7.2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2017-0160
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/474.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/19.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example-rps.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        microsoft .net_framework/2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:microsoft:.net_framework:2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2017-0160 7.2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        http://webappsec.pbworks.com/Insufficient-Authorization
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/19.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/474.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        public.health.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          microsoft .net_framework/2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:microsoft:.net_framework:2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2017-0160 7.2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2017-0160
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/474.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/19.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          exampleobo.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            microsoft .net_framework/2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:microsoft:.net_framework:2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2017-0248 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2017-0248
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example-rps.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              microsoft .net_framework/2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:microsoft:.net_framework:2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2017-0248 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2017-0248
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              public.health.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                microsoft .net_framework/2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:microsoft:.net_framework:2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2017-0248 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2017-0248
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.112.10

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • hscourses.hecc.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                php/7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:nashtech:easy_php_calendar:7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2017-11144 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                http://git.php.net/?p=php-src.git;a=commit;h=73cabfedf519298e1a11192699f44d53c529315e
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                http://git.php.net/?p=php-src.git;a=commit;h=89637c6b41b510c20d262c17483f582f115c66d6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                http://git.php.net/?p=php-src.git;a=commit;h=91826a311dd37f4c4e5d605fa7af331e80ddd4c3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.112.10

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • hscourses.hecc.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                php/7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:nashtech:easy_php_calendar:7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2017-11145 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, lack of a bounds check in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to an ext/date/lib/parse_date.c out-of-bounds read affecting the php_parse_date function.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                http://openwall.com/lists/oss-security/2017/07/10/6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                http://php.net/ChangeLog-5.php
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                http://php.net/ChangeLog-7.php
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.112.10

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • hscourses.hecc.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                php/7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:nashtech:easy_php_calendar:7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2017-11147 6.4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2017-11147
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/100.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/44.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.112.10

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • hscourses.hecc.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                php/7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:nashtech:easy_php_calendar:7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2017-11362 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message function.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2017-11362
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/100.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/44.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.112.10

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • hscourses.hecc.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                php/7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:nashtech:easy_php_calendar:7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2017-11628 6.8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2017-11628
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/44.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/14.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.112.10

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • hscourses.hecc.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                php/7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:nashtech:easy_php_calendar:7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2017-12932 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2017-12932
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.112.10

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • hscourses.hecc.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                php/7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:nashtech:easy_php_calendar:7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2017-12933 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2017-12933
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/46.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.112.10

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • hscourses.hecc.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                php/7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:nashtech:easy_php_calendar:7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2017-12934 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2017-12934
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.86.227

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  apache/2.2.22
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.2.22
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2017-3167 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/115.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  http://www.securityfocus.com/bid/99135
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  192.168.101.137

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2017-3167 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    http://webappsec.pbworks.com/Insufficient-Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/22.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/593.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    192.168.101.147

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2017-3167 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/115.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      http://www.securityfocus.com/bid/99135
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      192.168.102.89

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        apache/2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:apache:http_server:2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2017-3167 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        http://webappsec.pbworks.com/Insufficient-Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/22.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/593.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2017-3167 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/115.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          http://www.securityfocus.com/bid/99135
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2017-3167 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            http://webappsec.pbworks.com/Insufficient-Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/22.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/593.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            192.168.110.137

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              apache/2.2.16
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:apache:http_server:2.2.16
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2017-3167 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/115.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              http://www.securityfocus.com/bid/99135
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              192.168.114.9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                apache/2.2.24
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.2.24
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2017-3167 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                http://webappsec.pbworks.com/Insufficient-Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/22.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/593.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2017-3167 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/115.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  http://www.securityfocus.com/bid/99135
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  192.168.86.227

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.2.22
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.2.22
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2017-3169 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    http://www.securityfocus.com/bid/99134
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2017-3169
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://lists.apache.org/thread.html/84bf7fcc5cad35d355f11839cbdd13cbc5ffc1d34675090bff0f96ae@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    192.168.101.137

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2017-3169 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      http://www.securitytracker.com/id/1038711
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://lists.apache.org/thread.html/84bf7fcc5cad35d355f11839cbdd13cbc5ffc1d34675090bff0f96ae@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2017-3169
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      192.168.101.147

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2017-3169 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        http://www.securityfocus.com/bid/99134
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2017-3169
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://lists.apache.org/thread.html/84bf7fcc5cad35d355f11839cbdd13cbc5ffc1d34675090bff0f96ae@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        192.168.102.89

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          apache/2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:apache:http_server:2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2017-3169 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          http://www.securitytracker.com/id/1038711
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://lists.apache.org/thread.html/84bf7fcc5cad35d355f11839cbdd13cbc5ffc1d34675090bff0f96ae@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2017-3169
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2017-3169 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            http://www.securityfocus.com/bid/99134
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2017-3169
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://lists.apache.org/thread.html/84bf7fcc5cad35d355f11839cbdd13cbc5ffc1d34675090bff0f96ae@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2017-3169 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              http://www.securitytracker.com/id/1038711
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://lists.apache.org/thread.html/84bf7fcc5cad35d355f11839cbdd13cbc5ffc1d34675090bff0f96ae@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2017-3169
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              192.168.110.137

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                apache/2.2.16
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.2.16
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2017-3169 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                http://www.securityfocus.com/bid/99134
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2017-3169
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://lists.apache.org/thread.html/84bf7fcc5cad35d355f11839cbdd13cbc5ffc1d34675090bff0f96ae@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.114.9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  apache/2.2.24
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.2.24
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2017-3169 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  http://www.securitytracker.com/id/1038711
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://lists.apache.org/thread.html/84bf7fcc5cad35d355f11839cbdd13cbc5ffc1d34675090bff0f96ae@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2017-3169
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2017-3169 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    http://www.securityfocus.com/bid/99134
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2017-3169
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://lists.apache.org/thread.html/84bf7fcc5cad35d355f11839cbdd13cbc5ffc1d34675090bff0f96ae@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    192.168.27.4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2017-3735 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2017-3735
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/10.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/46.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      192.168.27.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        openssl/0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:openssl:openssl:0.9.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2017-3735 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2017-3735 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2017-3735
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/10.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/46.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            openssl/1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:openssl:openssl:1.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2017-3735 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/47.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/45.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            192.168.112.10

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • hscourses.hecc.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            php/7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:nashtech:easy_php_calendar:7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2017-5340 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://nvd.nist.gov/vuln/detail/CVE-2017-5340
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/92.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            http://webappsec.pbworks.com/Integer-Overflows
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            192.168.114.17

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              microsoft iis/6.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:microsoft:iis:6.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2017-7269 10.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://support.microsoft.com/en-us/help/3197835/description-of-the-security-update-for-windows-xp-and-windows-server
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              http://www.securitytracker.com/id/1038168
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2017-7269
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              192.168.86.227

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                apache/2.2.22
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.2.22
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2017-7668 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                http://www.securityfocus.com/bid/99137
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://lists.apache.org/thread.html/55a068b6a5eec0b3198ae7d96a7cb412352d0ffa7716612c5af3745b@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                http://www.securitytracker.com/id/1038711
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.101.137

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2017-7668 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/31.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/110.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/231.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  192.168.101.147

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2017-7668 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/31.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/110.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/64.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    192.168.102.89

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      apache/2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:apache:http_server:2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2017-7668 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/31.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/110.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/231.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2017-7668 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/31.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/110.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/64.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2017-7668 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/31.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/110.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/231.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          192.168.110.137

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            apache/2.2.16
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:apache:http_server:2.2.16
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2017-7668 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/31.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/110.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/64.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            192.168.114.9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              apache/2.2.24
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:apache:http_server:2.2.24
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2017-7668 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/31.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/110.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/231.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2017-7668 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/31.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/110.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://capec.mitre.org/data/definitions/64.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192.168.86.227

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  apache/2.2.22
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.2.22
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2017-7679 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  http://www.securitytracker.com/id/1038711
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2017-7679
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  192.168.101.137

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2017-7679 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    http://www.securityfocus.com/bid/99170
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    192.168.101.147

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      apache/2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:apache:http_server:2.2.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2017-7679 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      http://www.securitytracker.com/id/1038711
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://nvd.nist.gov/vuln/detail/CVE-2017-7679
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      192.168.102.89

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        apache/2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:apache:http_server:2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2017-7679 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        http://www.securityfocus.com/bid/99170
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        192.168.102.101

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2017-7679 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          http://www.securitytracker.com/id/1038711
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://nvd.nist.gov/vuln/detail/CVE-2017-7679
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          192.168.102.102

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            apache/2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:apache:http_server:2.2.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2017-7679 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            http://www.securityfocus.com/bid/99170
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            192.168.110.137

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              apache/2.2.16
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:apache:http_server:2.2.16
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2017-7679 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              http://www.securitytracker.com/id/1038711
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://nvd.nist.gov/vuln/detail/CVE-2017-7679
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              192.168.114.9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                apache/2.2.24
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.2.24
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2017-7679 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                http://www.securityfocus.com/bid/99170
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2017-7679 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  http://www.securitytracker.com/id/1038711
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2017-7679
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/8.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  192.168.112.10

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • hscourses.hecc.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  php/7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:nashtech:easy_php_calendar:7.0.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2017-7890 4.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2017-7890
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/22.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://capec.mitre.org/data/definitions/79.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  exampleobo.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    microsoft .net_framework/2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:microsoft:.net_framework:2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2017-8759 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2017-8759
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/10.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/135.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    example-rps.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      microsoft .net_framework/2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cpe:/a:microsoft:.net_framework:2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CVE-2017-8759 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      http://webappsec.pbworks.com/Improper-Input-Handling
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/28.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://capec.mitre.org/data/definitions/73.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      public.health.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        microsoft .net_framework/2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cpe:/a:microsoft:.net_framework:2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CVE-2017-8759 9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://nvd.nist.gov/vuln/detail/CVE-2017-8759
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/10.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        https://capec.mitre.org/data/definitions/135.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        192.168.102.89

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          apache/2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cpe:/a:apache:http_server:2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CVE-2017-9788 6.4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/136.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://capec.mitre.org/data/definitions/22.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          http://webappsec.pbworks.com/Improper-Input-Handling
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CVE-2017-9788 6.4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/73.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            https://capec.mitre.org/data/definitions/43.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              apache/2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cpe:/a:apache:http_server:2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CVE-2017-9788 6.4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3Cannounce.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://httpd.apache.org/security/vulnerabilities_24.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://capec.mitre.org/data/definitions/85.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              192.168.102.89

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                apache/2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cpe:/a:apache:http_server:2.4.10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CVE-2017-9798 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                https://nvd.nist.gov/vuln/detail/CVE-2017-9798
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CVE-2017-9798 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://nvd.nist.gov/vuln/detail/CVE-2017-9798
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  teachin.example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.4.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2017-9798 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2017-9798
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10.106.55.33

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • www.keepexamplecool.org
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2016-4979 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://security.gentoo.org/glsa/201610-02
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    http://webappsec.pbworks.com/Insufficient-Authorization
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/19.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10.106.55.33

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • www.keepexamplecool.org
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2016-5387 5.1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://security.gentoo.org/glsa/201701-36
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2016-5387
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10.106.55.33

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • www.keepexamplecool.org
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2016-8740 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://security.gentoo.org/glsa/201701-36
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/108.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/3.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10.106.55.33

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • keepexamplecool.org
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • www.keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2016-8743 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2016-8743
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10.106.55.33

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • www.keepexamplecool.org
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2017-3167 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    http://webappsec.pbworks.com/Insufficient-Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/22.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/593.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10.106.55.33

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • keepexamplecool.org
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • www.keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2017-3169 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2017-3169
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    http://www.securitytracker.com/id/1038711
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://lists.apache.org/thread.html/84bf7fcc5cad35d355f11839cbdd13cbc5ffc1d34675090bff0f96ae@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10.106.55.33

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • keepexamplecool.org
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • www.keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2017-7668 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/110.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/31.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/231.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10.106.55.33

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • keepexamplecool.org
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • www.keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2017-7679 7.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751@%3Cdev.httpd.apache.org%3E
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    http://www.securityfocus.com/bid/99170
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    http://webappsec.pbworks.com/Buffer-Overflow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10.106.55.33

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • keepexamplecool.org
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • www.keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2017-9788 6.4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/28.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/73.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://capec.mitre.org/data/definitions/9.html
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10.106.55.33

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • www.keepexamplecool.org
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • keepexamplecool.org

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Service Version:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    apache/2.4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cpe:/a:apache:http_server:2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CVE-2017-9798 5.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    References:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://nvd.nist.gov/vuln/detail/CVE-2017-9798


                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Scroll to top