Plugins: Web Servers

OpenSSL Unsupported

OpenSSL 1.0.1 < 1.0.1j Multiple Vulnerabilities (POODLE)

OpenSSL 1.0.0 < 1.0.1o Multiple Vulnerabilities (POODLE)

OpenSSL 0.9.8 < 0.9.8zc Multiple Vulnerabilities (POODLE)

nginx < 1.6.2 / 1.7.5 SSL Session Reuse

HP Officejet Printer Security Bypass (HPSBPI03107)

HP System Management Homepage < 7.4 Multiple Vulnerabilities

Oracle Fusion Middleware HTTP Server (July 2012 CPU)

Oracle GlassFish Server 3.0.1 / 3.1.2 / Enterprise 2.1.1 DoS

Apache 2.2 < 2.2.28 Multiple Vulnerabilities

Apache Tomcat 8.0.x < 8.0.11 Multiple OpenSSL Vulnerabilities

Apache Tomcat 7.0.x < 7.0.55 Multiple OpenSSL Vulnerabilities

IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.3 Multiple Vulnerabilities

Pivotal Web Server 5.x < 5.4.1 Multiple OpenSSL Vulnerabilities

Pivotal Web Server Version Detection

nginx < 1.6.1 / 1.7.4 SMTP STARTTLS Command Injection

OpenSSL 1.0.1 < 1.0.1i Multiple Vulnerabilities

OpenSSL 1.0.0 < 1.0.0n Multiple Vulnerabilities

OpenSSL 0.9.8 < 0.9.8zb Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple Vulnerabilities

Apache 2.4.6 Remote DoS

Apache 2.4 < 2.4.10 Multiple Vulnerabilities

Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (July 2014 CPU)

Oracle iPlanet Web Server 7.0 < 7.0.20 Multiple Vulnerabilities

Oracle GlassFish Server Multiple Vulnerabilities (July 2014 CPU)

Splunk Enterprise 4.3.x or < 5.0.9 / 6.0.5 / 6.1.2 Multiple OpenSSL Vulnerabilities

Apache mod_wsgi < 4.2.4 Privilege Dropping Privilege Escalation

Apache mod_wsgi < 3.5 Apache Process Privilege Escalation

HP System Management Homepage < 7.2.4.1 / 7.3.3.1 OpenSSL Multiple Vulnerabilities

Web Server on Extended Support

OpenSSL 1.0.1 < 1.0.1h Multiple Vulnerabilities

OpenSSL 0.9.8 < 0.9.8za Multiple Vulnerabilities

HP Officejet Printer Heartbeat Information Disclosure (Heartbleed)

HP Officejet Pro 8500 XSS

Apache Tomcat 8.0.x < 8.0.6 XML Parser Information Disclosure

Apache Tomcat 8.0.x < 8.0.4 Multiple Vulnerabilities

Apache Tomcat 7.0.x < 7.0.54 XML Parser Information Disclosure

Apache Tomcat 7.0.x < 7.0.53 Multiple Vulnerabilities

Apache Tomcat 6.0.x < 6.0.40 Multiple Vulnerabilities

IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.2 Multiple Vulnerabilities

nginx 1.5.10 SPDY Memory Corruption

HP System Management Homepage OpenSSL Multiple Vulnerabilities (including Heartbleed)

Splunk 6.x < 6.0.3 Multiple OpenSSL Vulnerabilities (including Heartbleed)

nginx < 1.4.7 / 1.5.12 SPDY Heap Buffer Overflow

Apache 2.2 < 2.2.27 Multiple Vulnerabilities

OpenSSL 1.0.1 < 1.0.1g Multiple Vulnerabilities

OpenSSL 1.0.0 < 1.0.0m Multiple Vulnerabilities

lighttpd < 1.4.35 Multiple Vulnerabilities

Apache 2.4 < 2.4.8 Multiple Vulnerabilities

HP System Management Homepage < 7.3 Multiple Vulnerabilities

lighttpd < 1.4.34 Multiple Vulnerabilities

Apache Tomcat 8.0.x < 8.0.3 Content-Type DoS

Apache Tomcat 7.0.x < 7.0.52 Content-Type DoS

Apache Tomcat 7.0.x < 7.0.50 Multiple Vulnerabilities

Apache Tomcat 6.0.x < 6.0.39 Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 < Fix Pack 8 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 < Fix Pack 31 Multiple Vulnerabilities

OpenSSL 1.0.1 < 1.0.1f Multiple Vulnerabilities

OpenSSL 1.0.0 < 1.0.0l DTLS Security Bypass

IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.1 Multiple Vulnerabilities

nginx < 1.4.4 / 1.5.7 ngx_parse_http Security Bypass

Web Site Hosting Malicious Binaries

Apache mod_fcgid Module < 2.3.9 fcgid_header_bucket_read() Function Heap-Based Buffer Overflow

IBM Tivoli Endpoint Manager Server 9.0.777 (patch 2) LDAP and AD Authentication

Oracle GlassFish Server Multiple Vulnerabilities (October 2013 CPU)

HP System Management Homepage ginkgosnmp.inc Command Injection

IBM WebSphere Application Server 6.1 < Fix Pack 47 Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 < Fix Pack 7 Multiple Vulnerabilities

Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities

Hiawatha fetch_request Integer Overflow DoS

Hiawatha < 7.3 Multiple Unspecified Issues

Hiawatha < 6.5 str2int Integer Overflow

Hiawatha < 3.6 URL Handling Weakness

Hiawatha 'setuid' Local Privilege Escalation

Hiawatha Tomahawk poll DoS

Hiawatha < 8.8 Mixed Case DenyBody Security Bypass

Hiawatha < 8.5 Connection Saturation DoS

Hiawatha Detection

IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5 Multiple Vulnerabilities

HP System Management Homepage < 7.2.1.0 Multiple Vulnerabilities

Apache 2.4 < 2.4.5 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 < Fix Pack 29 Multiple Vulnerabilities

Apache 2.2 < 2.2.25 Multiple Vulnerabilities

Apache 2.0 < 2.0.65 Multiple Vulnerabilities

Web mirroring stub

IBM Lotus Domino 8.5.x < 8.5.3 FP 4 Multiple Vulnerabilities

Oracle GlassFish Server 3.0.1 < 3.0.1.7 / 3.1.2 < 3.1.2.5 Multiple Vulnerabilities (April 2013 CPU)

IBM HTTP Server for z/OS 5.3.0 Command Execution

nginx ngx_http_proxy_module.c Multiple Vulnerabilities

nginx ngx_http_proxy_module.c Memory Disclosure

HP System Management Homepage < 7.2.0.14 iprange Parameter Code Execution

Apache Tomcat 7.0.x < 7.0.40 Multiple Vulnerabilities

Apache Tomcat 7.0.x < 7.0.33 Session Fixation

Apache Tomcat 6.0.x < 6.0.37 Multiple Vulnerabilities

Citrix NetScaler Web Management Interface Default Administrator Credentials

IBM WebSphere Application Server 8.5 < Fix Pack 2 Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 < Fix Pack 6 Multiple Vulnerabilities

IBM Tivoli Endpoint Manager Web Server Detection

IBM Lotus Domino 8.5.x Multiple Vulnerabilities

IBM Lotus Domino 8.5.x < 8.5.3 Multiple Vulnerabilities

Privoxy < 3.0.21 Multiple Information Disclosure Vulnerabilities

Privoxy Detection

Eye-Fi Helper < 3.4.23 Directory Traversal

Eye-Fi Helper Detection

Apache 2.2 < 2.2.24 Multiple XSS Vulnerabilities

Apache 2.4 < 2.4.4 Multiple XSS Vulnerabilities

Oracle Application Express (Apex) Unspecified Issues (pre 3.1)

Oracle Application Express (Apex) Unspecified Issues (pre 3.0.1)

Oracle Application Express (Apex) Unspecified Issues (pre 2.2.1)

Oracle Application Express (Apex) CVE-2012-1708

Oracle Application Express (Apex) CVE-2011-3525

Oracle Application Express (Apex) CVE-2010-0892

Oracle Application Express (Apex) CVE-2010-0076

Oracle Application Express (Apex) CVE-2009-1993

Oracle Application Express (Apex) CVE-2009-0981

Oracle Application Express (Apex) CVE-2008-4005

Oracle Application Express (Apex) Administration Interface is Accessible

Oracle Application Express (Apex) Version Detection

Oracle Application Express (Apex) Detection

OpenSSL 1.0.1 < 1.0.1e Information Disclosure

Microsoft ASP.NET MS-DOS Device Name DoS (PCI-DSS check)

Microsoft ASP.NET MS-DOS Device Name DoS

OpenSSL 1.0.1 < 1.0.1d Multiple Vulnerabilities

OpenSSL 1.0.0 < 1.0.0k Multiple Vulnerabilities

OpenSSL < 0.9.8y Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 < Fix Pack 5 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 < Fix Pack 27 Multiple Vulnerabilities

Apache Tomcat 7.0.x < 7.0.32 CSRF Filter Bypass

lighttpd 1.4.31 http_request_split_value Function Header Handling DoS

Apache Tomcat 7.0.x < 7.0.30 Multiple Vulnerabilities

Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities

Apache Tomcat 5.5.x < 5.5.36 DIGEST Authentication Multiple Security Weaknesses

Apache Tomcat 7.0.x < 7.0.28 Multiple Denial of Service Vulnerabilities

IBM WebSphere Application Server 8.5 < Fix Pack 1 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 < Fix Pack 25 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 < Fix Pack 45 Multiple Vulnerabilities

Apache 2.2 < 2.2.23 Multiple Vulnerabilities

Apache 2.4 < 2.4.3 Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 < Fix Pack 4 Multiple Vulnerabilities

Appweb 3.1.x / 3.2.x / 3.3.x < 3.3.3 mprUrlEncode Function Heap Overflow Vulnerability

Appweb HTTP Server Version

nginx on Windows Directory Aliases Access Restriction Bypass

Remote web server screenshot

IBM Lotus Domino Password Protected DB Enumeration

HP System Management Homepage < 7.1.1 Multiple Vulnerabilities

Oracle iPlanet Web Server 7.0 < 7.0.15 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 < Fix Pack 23 Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 < Fix Pack 3 Multiple Vulnerabilities

Tornado < 2.2.1 HTTP Response Splitting

OpenSSL 1.0.1 < 1.0.1c TLS/DTLS CBC Denial of Service

OpenSSL 1.0.0 < 1.0.0j DTLS CBC Denial of Service

OpenSSL 0.9.8 < 0.9.8x DTLS CBC Denial of Service

MS12-026: Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860) (uncredentialed check)

Oracle GlassFish Server 3.1.1 < 3.1.1.3 Multiple Vulnerabilities (April 2012 CPU)

HP System Management Homepage < 7.0 Multiple Vulnerabilities

OpenSSL 1.0.1 < 1.0.1a ASN.1 asn1_d2i_read_bio Memory Corruption

OpenSSL 1.0.0 < 1.0.0i ASN.1 asn1_d2i_read_bio Memory Corruption

OpenSSL < 0.9.8w ASN.1 asn1_d2i_read_bio Memory Corruption

Apache 2.4 < 2.4.2 'LD_LIBRARY_PATH' Insecure Library Loading

nginx 1.0.7 - 1.0.14 / 1.1.3 - 1.1.18 ngx_http_mp4_module Buffer Overflow

Microsoft ASP.NET ValidateRequest Filters Bypass

IBM WebSphere Application Server 8.0 < Fix Pack 2 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 < Fix Pack 21 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 < 6.1.0.43 Multiple Vulnerabilities

Apache Traffic Server < 3.0.4 / 3.1.3 Host HTTP Header Parsing Remote Overflow

Apache Traffic Server Version

OpenSSL 1.0.0 < 1.0.0h Multiple Vulnerabilities

OpenSSL < 0.9.8u Multiple Vulnerabilities

nginx < 1.0.14 / 1.1.17 HTTP Header Response Memory Disclosure

nginx < 1.0.10 ngx_resolver_copy Function DNS Response Parsing Buffer Overflow

IIS Detailed Error Information Disclosure

Oracle GlassFish Server 2.1.1 < 2.1.1.15 / 3.0.1 < 3.0.1.5 / 3.1.1 < 3.1.1.2 Hash Collision DoS

Oracle GlassFish Server 2.1.1 < 2.1.1.14 / 3.0.1 < 3.0.1.4 / 3.1.1 < 3.1.1.1 Web Container Component Unspecified Vulnerability

Apache HTTP Server mod_proxy Reverse Proxy HTTP 0.9 Information Disclosure

IBM WebSphere Application Server Multiple Vulnerabilities

Oracle GlassFish Server 3.0.1 / 3.1.1 < 3.0.1.5 / 3.1.1.3 Administration Component Unspecified Vulnerability

Oracle GlassFish Server 3.1.1 < 3.1.1.2 Administration Component Unspecified Vulnerability

Oracle GlassFish Server 2.1.1 < 2.1.1 Patch15 Administration Component Unspecified Vulnerability

Oracle Fusion Middleware WebLogic Component DoS

Oracle Fusion Middleware WebLogic Detection (credentialed check)

Apache HTTP Server httpOnly Cookie Information Disclosure

Apache 2.2 < 2.2.22 Multiple Vulnerabilities

OpenSSL 1.0.0f DTLS Denial of Service

OpenSSL 0.9.8s DTLS Denial of Service

Oracle Application Server Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 < 6.1.0.41 Multiple Vulnerabilities

Apache 2.2 < 2.2.13 APR apr_palloc Heap Overflow

Apache Tomcat 7.x < 7.0.23 Hash Collision Denial of Service

Apache Tomcat 5.x < 5.5.35 Hash Collision Denial of Service

OpenSSL 1.x < 1.0.0f Multiple Vulnerabilities

OpenSSL < 0.9.8s Multiple Vulnerabilities

lighttpd < 1.4.30 base64_decode Function Out-of-Bounds Read Error DoS

OpenSSL Version Detection

Apache Tomcat 7.x < 7.0.22 Multiple Vulnerabilities

Apache Tomcat 6.x < 6.0.35 Multiple Vulnerabilities

Oracle WebLogic Server Web Services Security Policy not Enforced (CVE-2008-5459)

IBM WebSphere Application Server Detection

OpenSSL < 0.9.8h Multiple Vulnerabilities

Oracle WebLogic Detection

Apache HTTP Server mod_proxy Reverse Proxy Information Disclosure

Oracle HTTP Server Version

Novell Messenger Server Process Memory Remote Information Disclosure

IBM WebSphere Application Server < 6.1.0.29 Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 < Fix Pack 1 Multiple Vulnerabilities

Web Server Allows Password Auto-Completion (PCI-DSS variant)

Apache Tomcat 5.5.x < 5.5.34 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 < Fix Pack 19 Multiple Vulnerabilities

Apache 2.2 < 2.2.21 mod_proxy_ajp DoS

OpenSSL 1.x < 1.0.0e Multiple Vulnerabilities

Apache Tomcat 7.x < 7.0.21 Arbitrary AJP Message Control

Apache Tomcat 6.0.x < 6.0.33 Multiple Vulnerabilities

Apache HTTP Server Byte Range DoS

Oracle GlassFish HTTP Server Version

Oracle GlassFish Console

Apache Tomcat 7.x < 7.0.20 'jsvc' Information Disclosure

Apache Tomcat 7.x < 7.0.17 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 < 6.1.0.39 Multiple Vulnerabilities

Novell File Reporter Engine Detection

IBM WebSphere Application Server 7.0 < Fix Pack 17 Multiple Vulnerabilities

IBM Tivoli Management Framework Endpoint addr URL Default Credentials

IBM Tivoli Management Framework Endpoint addr URL Remote Buffer Overflow

Apache 2.2.18 APR apr_fnmatch DoS

Apache mod_fcgid Module fcgid_header_bucket_read() Function Remote Stack Buffer Overflow

Apache Tomcat 7.0.12 / 7.0.13 Security Constraint Bypass

Apache 2.2 < 2.2.18 APR apr_fnmatch DoS

Oracle GlassFish Server Administrative Console Authentication Bypass

Novell File Reporter Agent Detection

HP System Management Homepage < 6.3 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 < 6.1.0.37 Multiple Vulnerabilities

JBoss Enterprise Application Platform '/jmx-console' Authentication Bypass

Apache Tomcat 7.x < 7.0.12 Multiple Vulnerabilities

Restricted Web Pages Detection

Oracle WebLogic Server Servlet Container Session Fixation

Lotus Sametime Detection

Apache Tomcat 7.x < 7.0.11 @ServletSecurity Annotation Security Bypass

IBM WebSphere Application Server 7.0 < Fix Pack 15 Multiple Vulnerabilities

Veritas Cluster Management Console Detection

Apache Tomcat < 6.0.32 / 7.0.8 NIO Connector Denial of Service

Apache Tomcat 7.x < 7.0.6 Manager Interface XSS

Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities

Apache Tomcat 7.x < 7.0.4 SecurityManager Local Security Bypass

Apache Tomcat 5.5.x < 5.5.32 HTML Manager Interface XSS

OpenSSL OCSP Stapling Denial of Service

Apache Tomcat 6.x < 6.0.30 / 7.x < 7.0.5 Multiple XSS

IBM WebSphere Application Server 6.1 < 6.1.0.35 Multiple Vulnerabilities

Dell Integrated Remote Access Controller (iDRAC) Detection

Oracle iPlanet Web Server 7.0 < 7.0.9 Multiple Vulnerabilities

IceWarp Webmail Detection

Web Server Uses Basic Authentication over HTTPS

Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.25 Multiple Vulnerabilities

OpenSSL < 0.9.8q / 1.0.0c Multiple Vulnerabilities

Novell GroupWise WebAccess Accessible

Novell GroupWise Internet Agent Accessible

Novell GroupWise Document Viewer Agent Web Console Accessible

Apache Tomcat Examples Web Root Path Disclosure

IBM WebSphere Application Server 7.0 < Fix Pack 13 Multiple Vulnerabilities

Apache Tomcat 3.x < 3.3.2 Multiple Vulnerabilities

Apache Tomcat 4.x < 4.1.0 Multiple Vulnerabilities

Apache Tomcat 3.x < 3.2.2 JSP Error Condition XSS

IBM RSA Default Credentials

Apache Tomcat 3.x < 3.2.2 Malformed URL JSP Source Disclosure

Apache 2.2 < 2.2.17 Multiple Vulnerabilities

Apache 2.0 < 2.0.64 Multiple Vulnerabilities

Web Server Harvested Email Addresses

External URLs

Apache Tomcat 4.x < 4.1.3 Denial of Service

Apache Tomcat Long URL Information Disclosure

IBM WebSphere Application Server 6.1 < 6.1.0.33 Multiple Vulnerabilities

IBM WebSphere Application Server 6.0 < 6.0.2.43 Multiple Vulnerabilities

HP System Management Homepage < 6.2 Multiple Vulnerabilities

Web Application Session Cookies Not Marked Secure

Device Information (devinfo.xml)

Splunkd Management Port Detection

Web Application Session Cookies Not Marked HttpOnly

IBM Tivoli Management Framework Endpoint Web Detection

Apache Tomcat 6.0 < 6.0.28 Multiple Vulnerabilities

LiteSpeed Web Server Source Code Information Disclosure

PHP Version

Apache 2.2 < 2.2.16 Multiple Vulnerabilities

Apache HTTP Server Version

Mongoose URI Trailing Slash Request Source Code Disclosure

Oracle WebLogic Server Plug-in HTTP Injection

Apache Tomcat 5.5.x < 5.5.30

CUPS Memory Information Disclosure

JBoss Administration Console Default Credentials

Splunk Web Detection

Apache Tomcat < 6.0.18 Multiple Vulnerabilities

Apache Tomcat < 6.0.16 Multiple Vulnerabilities

Apache Tomcat < 5.5.26 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 < Fix Pack 11 Multiple Vulnerabilities

Apache Tomcat 4.x < 4.1.37 Multiple Vulnerabilities

Apache Tomcat 4.x < 4.1.32 Multiple Vulnerabilities

Apache Tomcat 5.x < 5.5.1 Information Disclosure

Apache Tomcat JK Connector Content-Length Header Cross-User Information Disclosure

Apache Tomcat 6.x < 6.0.9 Information Disclosure

Apache Tomcat 5.x < 5.5.21 Multiple Vulnerabilities

Apache Tomcat 4.x < 4.1.39 Multiple Vulnerabilities

PHP expose_php Information Disclosure

SBLIM-SFCB Multiple Buffer Overflows

OpenSSL < 0.9.8o / 1.0.0a Multiple Vulnerabilities

Apache Tomcat < 4.1.40 / 5.5.28 / 6.0.20 Multiple Vulnerabilities

HP System Management Homepage < 6.1.0.102 / 6.1.0-103 Multiple Vulnerabilities

Tembria Server Monitor < 5.6.1 Denial of Service

Tembria Server Monitor Detection

Fixed HTTP Session Cookies

JBoss Enterprise Application Platform '/web-console' Authentication Bypass

HP System Management Homepage < 6.0.0.96 / 6.0.0-95 Multiple Vulnerabilities

ActiveMQ Double Slash Request Source Code Disclosure

IBM WebSphere Application Server 7.0 < Fix Pack 9

IBM WebSphere Application Server 6.1 < 6.1.0.31 Multiple Vulnerabilities

IBM WebSphere Application Server 6.0 < 6.0.2.41 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 < 6.1.0.13 Multiple Vulnerabilities

IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 < 6.1.0.9 Cross-session Information Disclosure

IBM WebSphere Application Server 6.1 < 6.1.0.7 Multiple Vulnerabilities

IBM WebSphere Application Server 6.0 < 6.0.2.25 Multiple Vulnerabilities

IBM WebSphere Application Server 6.0 < 6.0.2.23 Unspecified Vulnerability (PK45726)

IBM WebSphere Application Server 6.0 < 6.0.2.21 Multiple Vulnerabilities

IBM WebSphere Application Server 6.0 < 6.0.2.19 HTTP Response Splitting

IBM WebSphere Application Server 6.0 < 6.0.2.17 Multiple Vulnerabilities

OpenSSL < 0.9.8n Multiple Vulnerabilities

Remote Help Detection

Novell eDirectory DHost Predictable Session ID

Session Fixation Attack on HTTP Cookies

OpenSSL < 0.9.8m Multiple Vulnerabilities

Apache 2.2 < 2.2.15 Multiple Vulnerabilities

HTTP Session Cookies

Apache < 1.3.42 mod_proxy Integer Overflow

IBM WebSphere Application Server 6.0 < 6.0.2.39 Multiple Vulnerabilities

Apache Tomcat WAR Deployment Multiple Vulnerabilities

Apache Tomcat Directory Traversal

HTTP Methods Allowed (per directory)

Web Application Tests Disabled

Xerver HTTP Response Splitting

McAfee Common Management Agent FrameworkService.exe DoS

IBM WebSphere Application Server 7.0 < Fix Pack 7

Broken Web Servers

NaviCOPA Encoded Space Request Source Code Disclosure

Web Server Allows Password Auto-Completion

Apache 2.2 < 2.2.14 Multiple Vulnerabilities

NaviCOPA ::$DATA Extension Request Source Code Disclosure

nginx HTTP Request Multiple Vulnerabilities

IBM WebSphere Application Server < 6.1.0.27 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 < Fix Pack 5

Protected Web Page Detection

Apache 2.x < 2.2.12 Multiple Vulnerabilities

DD-WRT HTTP Daemon Metacharacter Injection Remote Code Execution

Sun Java System Web Server ::$DATA Extension Request JSP Resource Disclosure

Apache Tomcat Cross-Application File Manipulation

HTTP Server Cookies Set

IBM WebSphere Application Server < 6.1.0.25 Multiple Vulnerabilities

Apache Tomcat Default Error Page Version Detection

MikroTik RouterOS with Blank Password (HTTP)

Sun GlassFish Enterprise < 2.1 Patch 02 Denial of Service

Vulture Reverse Proxy Detection

lighttpd PHP File Trailing Slash Request Source Disclosure

IBM WebSphere Application Server < 6.0.2.35 Multiple Vulnerabilities

Microsoft IIS WebDAV Unicode Request Directory Security Bypass

A-A-S Application Access Server Default Admin Password

A-A-S Application Access Server Detection

Microsoft SharePoint Server Detection

IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws

IBM WebSphere Application Server 7.0 < Fix Pack 3

IBM WebSphere Application Server < 6.0.2.33 Multiple Vulnerabilities

mod_perl Apache::Status URI XSS

mod_perl Apache::Status Info Disclosure

Novell eDirectory < 8.8 SP3 FTF3 iMonitor HTTP Accept-Language Header Overflow

Novell GroupWise MTA Web Console Accessible

TeamSpeak Server Administration Detection

IBM WebSphere Application Server 6.1 < Fix Pack 21 Multiple Flaws

NaviCOPA < 3.01 6th February 2009 Multiple Vulnerabilities

NaviCOPA Trailing Dot Source Code Disclosure

Oracle WebLogic Server Plug-in Remote Overflow (1166189)

IBM WebSphere Application Server 7.0 < Fix Pack 1

Dell Remote Access Controller Default Password (calvin) for 'root' Account

Apache Tomcat Manager Common Administrative Credentials

Polycom Videoconferencing Unit Detection

Web Server Uses Basic Authentication Without HTTPS

Oracle WebLogic Server mod_wl Invalid Parameter Remote Overflow (1150354)

IBM WebSphere Application Server < 6.0.2.31 Multiple Vulnerabilities

CCProxy < 6.62 HTTP Proxy CONNECT Request Handling Remote Overflow

Broken Web Server Detection

Unsupported Web Server Detection

Apache mod_proxy_ftp Directory Component Wildcard Character Globbing XSS

Trend Micro OfficeScan Client Traversal Arbitrary File Access

Blue Coat Reporter Default Password (admin) for 'admin' Account

Blue Coat Reporter Detection

lighttpd < 1.4.20 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 < Fix Pack 19 Multiple Flaws

Oracle WebLogic Server mod_wl POST Request Remote Overflow

Network Camera Web Server Detection

Apache < 2.2.9 Multiple Vulnerabilities (DoS, XSS)

Sun Java System ASP Server < 4.0.3 Multiple Vulnerabilities

WS-Management Server Detection

IBM WebSphere Application Server < 6.1.0.17 Multiple Vulnerabilities

IBM Lotus Domino < 8.0.1 / 7.0.3 FP1 Multiple Vulnerabilities

Apache mod_jk2 Host Header Multiple Fields Remote Overflow

Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation

McAfee Common Management Agent 3.6.0 UDP Packet Handling Format String

Apache < 2.2.3 mod_rewrite LDAP Protocol URL Handling Overflow

Web Server Uses Non Random Session IDs

Apache < 2.0.55 Multiple Vulnerabilities

Apache < 2.0.59 mod_rewrite LDAP Protocol URL Handling Overflow

Apache < 1.3.37 mod_rewrite LDAP Protocol URL Handling Overflow

Microsoft IIS webhits.dll Hit-Highlighting Authentication Bypass

Apache mod_imap Image Map Referer XSS

Sun Java Web Console < 3.0.5 Remote File Enumeration

Apache < 1.3.41 Multiple Vulnerabilities (DoS, XSS)

Apache < 2.0.63 Multiple XSS Vulnerabilities

MiniWebsvr GET Request Traversal Arbitrary File Access

Apache < 2.2.8 Multiple Vulnerabilities (XSS, DoS)

IBM Tivoli Provisioning Manager OS Deployment < 5.1.0.3 Interim Fix 3 HTTP Server Logging Functionality Remote Overflow

F5 BIG-IP Web Management Interface Detection

ipMonitor Encoded Traversal Arbitrary File Access

NetScaler Unencrypted Web Management Interface

NetScaler Web Management Successful Authentication

Citrix NetScaler Web Management Interface Detection

NetScaler Web Management Interface IP Address Cookie Information Disclosure

NetScaler Web Management Interface Cookie Credentials Encryption Weakness

Ruby on Rails Multiple Method Session Fixation

Web Server Uses Plain Text Authentication Forms

IBM Tivoli Storage Manager Client Multiple Vulnerabilities (swg21268775)

lighttpd Status Module Remote Information Disclosure

lighttpd mod_fastcgi HTTP Request Header Remote Overflow

Apache < 2.2.6 Multiple Vulnerabilities (DoS, XSS, Info Disc)

Resin for Windows \WEB-INF Traversal Arbitrary File Access

IBM Tivoli Provisioning Manager OS Deployment Multiple Stack Overflows

Sun Java Web Console LibWebconsole_Services.SO Remote Format String

IBM Tivoli Provisioning Manager OS Deployment Multiple Unspecified Input Validation Vulnerabilities

HyperText Transfer Protocol (HTTP) Information

Microsoft .NET Custom Errors Not Set

Microsoft .NET Version Information Disclosure

Microsoft .NET Handlers Enumeration

WebDAV Directory Enumeration

Easy File Sharing Web Server Crafted Request ADS Arbitrary File Access

ePolicy Orchestrator HTTP /spipe/pkg/ Source Header Remote Overflow

Resin for Windows Encoded URI Traversal Arbitrary File Access

lighttpd on Windows Crafted Filename Request Script Source Disclosure

Easy File Sharing Web Server Multiple Remote Vulnerabilities (FS, XSS, Upload)

RaidenHTTPD Crafted Request Script Source Disclosure

Novell Open Enterprise Server Remote Manager (novell-nrm) POST Request Content-Length Overflow

Apache mod_ssl ssl_hook_Access Error Handling DoS

Google Search Appliance Detection

Web Server / Application favicon.ico Vendor Fingerprinting

WindWeb <= 2.0 Malformed GET Request Remote DoS

F5 BIG-IP Cookie Remote Information Disclosure

Xerver < 4.20 Multiple Vulnerabilities

Polipo < 0.9.9 Unspecified Traversal Arbitrary File Access

Sun Java System Web Proxy Server Multiple Unspecified Remote DoS

Embedded Web Server Detection

ePolicy Orchestrator Symlink Arbitrary Privileged File Access

IBM Lotus Domino HTML Hidden Field Encrypted Password Disclosure

Intrusion.com SecureNet Sensor Detection

Intrusion.com SecureNet Provider Detection

Yaws Web Server .yaws Script Null Byte Request Source Code Disclosure

MiniShare Webserver HTTP GET Request Remote Overflow

Allied Telesyn Router/Switch Web Interface Default Password

Ipswitch IMail Web Calendaring Server GET Request Traversal Arbitrary File Access

Web Server GET Request Saturation Remote DoS

BEA WebLogic <= 8.1 SP4 Multiple Vulnerabilities (XSS, DoS, ID, more)

Apache Banner Linux Distribution Disclosure

ShowOff! Digital Media Software <= 1.5.4 Multiple Remote Vulnerabilities

GeoHttpServer Unauthorized Image Access Vulnerability

Yawcam Web Server Traversal Arbitrary File Access

Sun Java System Web Proxy Server Unspecified Remote Overflow

Compaq WBEM HTTP Server Remote Overflow

IBM Lotus Domino Web Service NLSCCSTR.DLL Malformed GET Request Overflow DoS

OpenSSL < 0.9.2b Session Reuse

Oracle WebLogic Portal Elevation of Privilege (CVE-2008-5462)

OpenSSL < vA.00.09.07l on HP-UX Local Denial of Service

OpenSSL AES Timing Attack

OpenSSL 1.0.0 < 1.0.0-beta2 DoS

OpenSSL < 0.9.8p / 1.0.0e Double Free Vulnerability

OpenSSL < 0.9.8p / 1.0.0b Buffer Overflow

OpenSSL < 0.9.8l Multiple Vulnerabilities

OpenSSL < 0.9.8k Signature Repudiation

OpenSSL < 0.9.8k Denial of Service

OpenSSL < 0.9.8j Signature Spoofing

OpenSSL < 0.9.8i Denial of Service

OpenSSL < 0.9.8f Multiple Vulnerabilities

OpenSSL < 0.9.8 Weak Default Configuration

OpenSSL < 0.9.7m / 0.9.8e Buffer Overflow

OpenSSL < 0.9.7l / 0.9.8d Multiple Vulnerabilities

OpenSSL < 0.9.7k / 0.9.8c PKCS Padding RSA Signature Forgery Vulnerability

OpenSSL < 0.9.7h / 0.9.8a Protocol Version Rollback

OpenSSL < 0.9.7f Insecure Temporary File Creation

OpenSSL < 0.9.7c ASN.1 Decoding Vulnerabilities

OpenSSL < 0.9.7-beta3 Buffer Overflow

OpenSSL 0.9.6 CA Basic Constraints Validation Vulnerability

OpenSSL < 0.9.6m / 0.9.7d Denial of Service

OpenSSL < 0.9.6l Denial of Service

OpenSSL < 0.9.6k Denial of Service

OpenSSL < 0.9.6f Denial of Service

OpenSSL < 0.9.6e Multiple Vulnerabilities

OpenSSL < 0.9.6b Predictable Random Generator

Oracle WebLogic WLS Unspecified Vulnerability (CVE-2008-5461)

Oracle WebLogic JSP Pages and Servlets Unspecified Information Disclosure (CVE-2008-5460)

Oracle WebLogic DoS (CVE-2008-2582)

Oracle WebLogic UDDI Explorer Unspecified Vulnerability (CVE-2008-2581)

Oracle WebLogic Admin State Unspecified Privilege Escalation (CVE-2008-4011)

Oracle WebLogic JSP Pages Unspecified Information Disclosure (CVE-2008-2580)

Oracle WebLogic Multiple Authorizer Unspecified Privilege Escalation (CVE-2008-4009)

Oracle WebLogic ForeignJMS Component Unspecified Information Disclosure (CVE-2008-2576)

Oracle WebLogic Server Servlets Unspecified Unauthenticated Remote Issue (CVE-2008-4013)

Oracle WebLogic Plugins Unspecified Remote Issue (CVE-2008-2579)

Oracle WebLogic Server Unspecified Information Disclosure (CVE-2008-2578)

Oracle WebLogic Console / WLST Unspecified Privilege Escalation (CVE-2008-2577)

Oracle HTTP Server (October 2006 CPU)

Oracle HTTP Server (January 2007 CPU)

Oracle HTTP Server (January 2006 CPU)

Apache Tomcat < 6.0.13 Multiple Vulnerabilities

Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.23 Content-Length HTTP Request Smuggling

Apache Tomcat 4.x < 4.1.36 Multiple Vulnerabilities

Sun Java Web Console BeginLogin.jsp redirect_url Parameter URI Redirection

OpenSSL < 0.9.5a /dev/random Check Failure

Apache HTTP Server 403 Error Page UTF-7 Encoded XSS

Apache Mixed Platform AddType Directive Information Disclosure

Apache mod_suexec Multiple Privilege Escalation Vulnerabilities

Apache mod_negotiation Multi-Line Filename Upload Vulnerabilities

Jetty < 4.2.19 HTTP Server HttpRequest.java Content-Length Handling Remote Overflow DoS

Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS

RaidenHTTPD < 1.1.34 Multiple Remote Vulnerabilities

BadBlue ext.dll mfcisapicommand Parameter Remote Overflow

CERN httpd CGI Name Handling Remote Overflow

CERN httpd Double Slash Protected Webpage Bypass

HTTP Proxy CONNECT Loop DoS

OpenVMS WASD HTTP Server Multiple Vulnerabilities

lighttpd Null Byte Request CGI Script Source Code Disclosure

Sami HTTP Server Multiple Remote Vulnerabilities

RaidenHTTPD Crafted Request Arbitrary File Access

WebWasher Classic Server Mode Arbitrary Proxy CONNECT Request

OpenText FirstClass HTTP Daemon /Search Large Request Remote DoS

Apache on Mac OS X HFS+ Arbitrary File Source Disclosure

CCProxy Logging Compoent HTTP GET Request Remote Overflow

Fastream NETFile FTP/Web Server HEAD Request Saturation DoS

04WebServer Multiple Vulnerabilities (XSS, DoS, more)

HTTP Header Value Remote Format String

HTTP Header Name Remote Format String

HTTP URI Handling Format String

Caudium Web Server Malformed URI Remote DoS

Cherokee Web Server Port Bind Privilege Drop Weakness

Cherokee Web Server URI Traversal Arbitrary File Access

Cherokee Web Server Malformed POST Request Remote DoS

Cherokee Web Server auth_pam Authentication Format String

Web Server SSL Port HTTP Traffic Detection

Abyss Web Server MS-DOS Device Name DoS

Apache mod_proxy Content-Length Overflow

Apache mod_include get_tag() Function Local Overflow

OmniHTTPd Pro Long POST Request DoS

NetworkActiv Web Server Encoded URL Request Remote DoS

Icecast Crafted URI Remote DoS

Icecast Multiple Unspecified Remote Overflows

Icecast / libshout Multiple Remote Overflows

Icecast HTTP Basic Authorization Remote Overflow DoS

Icecast HTTP Header Processing Remote Overflow

MyServer HTTP POST Request Remote Overflow DoS

JRun Multiple Vulnerabilities (OF, XSS, ID, Hijacking)

Apache <= 2.0.51 Satisfy Directive Access Control Bypass

Apache <= 1.3.33 htpasswd Local Overflow

Apache < 2.0.51 Multiple Vulnerabilities (OF, DoS)

Easy File Sharing Web Server disk_c Virtual Folder Request Arbitrary File Access

BadBlue Connection Saturation Remote DoS

Kerio MailServer < 6.0.1 Embedded HTTP Server Unspecified Issue

thttpd 2.0.7 Directory Traversal (Windows)

4D WebStar Arbitrary Multiple Vulnerabilities

Apache < 1.3.31 mod_access IP Address Netmask Rule Bypass

Samba SWAT HTTP Basic Auth base64 Overflow

Apache mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String

Apache < 2.0.50 Multiple Remote DoS

Apache < 1.3.31 / 2.0.49 Socket Connection Blocking Race Condition DoS

mod_ssl ssl_util_uuencode_binary Remote Overflow

IBM Lotus Domino ?ReadDesign Request Design Element Disclosure

IBM Lotus Domino Server Crafted .nsf Request Traversal Arbitrary File Access

Apache < 1.3.31 / 2.0.49 Log Entry Terminal Escape Sequence Injection

Microsoft IIS Cookie information disclosure

Web Server Reverse Proxy Detection

Web Server Load Balancer Detection

Web Server HTTP Basic Authorization Header Remote Overflow DoS

Web Server Incomplete Basic Authentication DoS

Web Server PROPFIND Method Internal IP Disclosure

OpenSSL < 0.9.6m / 0.9.7d Multiple Remote DoS

Apache mod_ssl Plain HTTP Request DoS

Apache Tomcat servlet/JSP container default files

Sami HTTP Server 1.0.4 GET Request Remote Overflow

Jigsaw < 2.2.4 Unspecified URI Parsing Unspecified Vulnerability

Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery

APSIS Pound Load Balancer Format String Overflow

Zope < 2.6.3 Multiple Vulnerabilities

Compaq Web-Based Management Agent Remote Overflow DoS

mod_python < 2.7.9 / 3.0.4 Malformed Query String DoS

Xitami Malformed POST Request Infinite Loop Remote DoS

Resin Status Page Information Disclosure

TelCondex Simple Webserver Buffer Overflow

Monkey HTTP Daemon (monkeyd) Post_Method Function Crafted Content-Length Header DoS

Microsoft FrontPage Server Extensions (fp30reg.dll) Debug Function Remote Overflow (MS03-051 / 813360)

HMAP Web Server Fingerprinting

Apache < 1.3.29 Multiple Modules Local Overflow

Apache Double Slash GET Request Forced Directory Listing

TinyWeb cgi-bin Crafted HTTP GET Request DoS

Citrix NFuse Server launch.asp Arbitrary Server/Port Redirect

Compaq Web-enabled Management Software Default Account

Microsoft IIS 404 Response Service Pack Signature

Microsoft IIS Authentication Method Enumeration

iPlanet Web Server Enterprise Edition URL-encoded Host: Information Disclosure

Apache < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.)

MyServer 0.4.3 / 0.7 Crafted Traversal Arbitrary File Access

Polycom ViaVideo Web Server Incomplete HTTP Connection Saturation Remote DoS

ePolicy Orchestrator Multiple Remote Vulnerabilities (OF, FS)

mod_mylo for Apache mylo_log Logging Function HTTP GET Overflow

HTTP Method Remote Format String

Apache < 1.3.28 Multiple Vulnerabilities (DoS, ID)

Apache < 2.0.47 Multiple Vulnerabilities (DoS, Encryption)

Abyss Web Server GET Request Multiple Vulnerabilities

Web Server Potentially Hosting Copyrighted Material

MyServer <= 0.4.2 Multiple Remote DoS

Zope Invalid Query Path Disclosure

Proxomitron GET Request Overflow Remote DoS

ArGoSoft Mail Server HTTP Daemon GET Request Saturation DoS

Avirt Multiple Product HTTP Proxy Overflow

Nonexistent Page (404) Physical Path Disclosure

URLScan for IIS Detection

Pi3Web Malformed GET Request Remote Overflow

mod_gzip Debug Mode mod_gzip_printf Remote Format String

mod_gzip Detection

Apache < 2.0.46 Multiple DoS

Microsoft Media Services ISAPI nsiislog.dll Multiple Overflows

Eserv Web Server /? Request Forced Directory Listing

WsMp3 Daemon (WsMp3d) HTTP Traversal Arbitrary File Execution/Access

BadBlue ISAPI Extension ext.dll LoadPage Parameter Arbitrary File Access

Proxy Web Server XSS

WebLogic SSL Certificate Chain User Spoofing

mod_survey For Apache ENV Tags SQL Injection

Apache < 2.0.46 on OS/2 filestat.c Device Name Request DoS

WebLogic Crafted GET Request Hostname Disclosure

12Planet Chat Server Error Message Path Disclosure

12Planet Chat Server Administration Authentication ClearText Credential Disclosure

Sambar Server Cleartext Password Transmission

thttpd Host Header Traversal Arbitrary File Access

MDG Web Server 4D GET Request Remote Overflow

CiscoSecure ACS for Windows CSAdmin Login Overflow DoS

BadBlue ISAPI Extension .hts Crafted File Extension Request Authentication Bypass

mod_ntlm for Apache Multiple Remote Vulnerabilities

Xeneo Web Server %A Request Remote DoS

Xeneo Web Server 2.2.9.0 GET Request Remote Overflow DoS

Monkey HTTP Daemon (monkeyd) PostMethod() Function Remote Overflow

Abyss Web Server Malformed GET Request Remote DoS

Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS

Apache < 2.0.45 Multiple Vulnerabilities (DoS, File Write)

MultiTech Proxy Server Default Null Password

Sambar Server Default Accounts

mod_auth_any for Apache Metacharacter Remote Command Execution

NETGEAR ProSafe VPN Firewall Web Server Malformed Basic Authorization Header Remote DoS

Microsoft FrontPage Unpassworded Installation

MS00-019: Microsoft IIS ISAPI Virtual Directory UNC Mapping ASP Source Disclosure (uncredentialed check)

WebDAV Detection

Web Server Unconfigured - Default Install Page Present

Microsoft IIS WebDAV ntdll.dll Remote Overflow (MS03-007)

ePolicy Orchestrator HTTP GET Request Remote Format String

Apache < 2.0.43 Multiple Vulnerabilities (Log Injection, Source Disc.)

iPlanet Application Server Prefix Remote Overflow

IBM Lotus Domino 6.0 Multiple Vulnerabilities

IBM Lotus Domino Directory Traversal Arbitrary File Access

Microsoft Content Management Server (MCMS) 2001 Multiple Remote Vulnerabilities

MS02-053: Microsoft FrontPage Extensions shtml.exe Remote Overflow (uncredentialed check)

mod_frontpage for Apache fpexec Remote Overflow

OpenSSL < 0.9.6j / 0.9.7b Multiple Vulnerabilities

Web Server Crafted Request Vendor/Version Information Disclosure

Anti-Nessus Defense Detection

Web Server HTTP OPTIONS Method URL Handling Remote Overflow

Zope Malformed XML RPC Request Path Disclosure

Netscape / iPlanet .perf Remote Information Disclosure

Tomcat /status Information Disclosure

HTTP TRACE / TRACK Methods Allowed

Apache < 2.0.44 Illegal Character Default Script Mapping Bypass

Apache < 2.0.44 DOS Device Name Multiple Remote Vulnerabilities (Code Exec, DoS)

Apache Tomcat Default Accounts

Enhydra Multiserver Default Password

Null httpd Content-Length Header Handling Remote Overflow

IBM WebSphere HTTP Request Header Remote Overflow

Savant Web Server Malformed Content-Length DoS

SWS Web Server Unfinished Line Remote DoS

WebServer 4 Everyone Host Field Header Buffer Overflow

KeyFocus (KF) Web Server Null Byte Request Restricted File / Directory Access

IBM WebSphere Edge Caching Proxy DoS

Microsoft Data Access Components RDS Data Stub Remote Overflow

LiteServe HTTP Service Malformed URL Decoding Remote DoS

Apache Tomcat MS-DOS Device Name Request DoS

SMC 2652W AP Malformed HTTP Request Remote DoS

Web Server UDDI Detection

Apache < 1.3.27 Multiple Vulnerabilities (DoS, XSS)

BrowseGate HTTP MIME Headers Remote Overflow

Web Server HTTP 1.1 Header Remote Overflow

Web Server HTTP 1.0 Header Remote Overflow

Pi3Web < 2.0.1 CGI Handler Long Parameter Handling Overflow

Apache <= 2.0.39 Win32 Crafted Traversal Arbitrary File Access

IBM Tivoli SecureWay WebSEAL Proxy Policy Director Encoded URL DoS

Personal Web Sharing Long HTTP Request DoS

Web Server HTTP Header Memory Exhaustion DoS

Web Server HTTP Header Handling Remote Overflow

Web Server HTTP Cookie Header Remote Overflow

Sun AnswerBook2 Web Server dwhttpd GET Request Remote Format String

Multiple Web Server Encoded Space (%20) Request ASP Source Disclosure

Web Server HTTP User-Agent Header Handling Remote Overflow

iPlanet Chunked Encoding Processing Remote Overflow

Web Server HTTP Method Handling Remote Overflow

BadBlue Hex-encoded Null Byte Request Arbitrary File Access

LabVIEW Web Server HTTP Get Newline DoS

BadBlue Malformed GET Request Remote DoS

Web Server HTTP GET Request Version Number Handling Remote Overflow

Resin MS-DOS Device Request Path Disclosure

Jigsaw Webserver MS/DOS Device Request Remote DoS

iPlanet Search Engine search CGI Arbitrary File Access

HTTP Reverse Proxy Detection

Apache mod_ssl ssl_compat_directive Function Overflow

AnalogX SimpleServer:WWW Buffer Overflow

Web Server Directory Enumeration

Apache Chunked Encoding Remote Overflow

Microsoft IIS .HTR Filter Multiple Overflows (MS02-028)

Xerver Web Server < 2.20 Crafted C:/ Request Remote DoS

IBM Lotus Domino Banner Nonexistent .pl File Request Path Disclosure

PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure

LocalWeb2000 2.1.0 Multiple Remote Vulnerabilities

Shambala Web Server Malformed HTTP GET Request DoS

Compaq Web-enabled Management Software HTTP Server Arbitrary Traffic Proxy

Cabletron WebView Administrative Access

Microsoft IIS / Site Server codebrws.asp Arbitrary Source Disclosure

IBM Lotus Domino Crafted .nsf Request Authentication Bypass

mod_python < 2.7.8 Module Importing Privilege Function Execution

Apache on Windows < 1.3.24 / 2.0.34 DOS Batch File Arbitrary Command Execution

Microsoft IIS Multiple Remote DoS (MS02-018 / Q319733)

Microsoft IIS ASP ISAPI Filter Multiple Overflows

Microsoft IIS .HTR ISAPI Filter Enabled

Multiple Web Server on Windows MS/DOS Device Request Remote DOS

Apache-SSL < 1.3.23+1.46 i2d_SSL_SESSION Function SSL Client Certificate Overflow

Apache mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow

PHP mime_split Function POST Request Overflow

SilverStream Directory Listing

Zope < 2.3.3 ZClass Permission Mapping Modification Local Privilege Escalation

Apache UserDir Directive Username Enumeration

Web Server HTTP Header Internal IP Disclosure

Apple Mac OS X Find-By-Content .DS_Store Web Directory Listing

Apache Auth Module SQL Injection

HP System Management Homepage Detection

VisualRoute Web Server Detection

SimpleServer:WWW Encoded Traversal Arbitrary Command Execution

Apache Multiviews Feature Arbitrary Directory Listing

Zope ZClass Modification Local DoS

MS01-035: Microsoft IIS FrontPage fp30reg.dll Remote Overflow (uncredentialed check)

WebLogic Encoded Request Forced Directory Listing

WebLogic Server Double Dot GET Request Remote Overflow

Microsoft IIS .IDA ISAPI Filter Enabled

Netscape Enterprise Web Publishing INDEX Command Arbitrary Directory Listing

Netscape Enterprise Server Long Traversal Request Remote DoS

Web Server HTTP POST Method Handling Remote Overflow

Microsoft IIS ISAPI Filter Multiple Vulnerabilities (MS01-044)

iPlanet Certificate Management Traversal Arbitrary File Access

Microsoft IIS Source Fragment Disclosure

Apache mod_info /server-info Information Disclosure

Apache mod_status /server-status Information Disclosure

MS01-026 / MS01-044: Microsoft IIS Remote Command Execution (uncredentialed check)

Microsoft IIS 5.0 WebDAV Malformed PROPFIND Request Remote DoS

Web mirroring

Microsoft IIS 5 .printer ISAPI Filter Enabled

MS01-023: Microsoft IIS 5.0 Malformed HTTP Printer Request Header Remote Buffer Overflow (953155) (uncredentialed check)

Resin Traversal Arbitrary File Access

SEDUM HTTP Server Long HTTP Request Overflow DoS

Orange Web Server Malformed HTTP Request Remote DoS

Savant Web Server Multiple Percent Request Remote DoS

Microsoft IIS WebDAV Malformed PROPFIND Request Remote DoS

IBM Lotus Domino Administration Databases Anonymous Access

Pi3Web tstisap.dll Long URL Overflow

Icecast utils.c fd_write Function Format String

iPlanet Directory Server Traversal Arbitrary File Access

Microsoft IIS Frontpage Server Extensions (FPSE) Malformed Form DoS

HTTP Protocol Version Detection

oops WWW Proxy Server Reverse DNS Response Overflow

Microsoft IIS bdir.htr Arbitrary Directory Listing

Microsoft IIS / Site Server viewcode.asp Arbitrary File Access

Microsoft IIS Multiple .cnf File Information Disclosure

Microsoft IIS 5.0 ServerVariables_Jscript.asp Path Disclosure

Zope Image and File Update Data Protection Bypass

iPlanet Web Server shtml File Handling Remote Overflow

Microsoft IIS Unicode Remote Command Execution

Boa Web Server Traversal Arbtirary File Access/Execution

Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing

Web Server HTTP Authorization Header Remote Overflow

PHP File Upload Capability Hidden Form Field Modification Arbitrary File Access

mod_perl for Apache HTTP Server /perl/ Directory Listing

Apache WebDAV Module PROPFIND Arbitrary Directory Listing

Apache on SuSE Linux cgi-bin-sdb Request Script Source Disclosure

Web Server HTTP Dangerous Method Detection

Microsoft FrontPage Extensions MS-DOS Device Request DoS

IMail Host: Header Field Handling Remote Overflow

MS00-006: Microsoft IIS IDA/IDQ Multiple Vulnerabilities (uncredentialed check)

AnalogX SimpleServer:WWW Encoded Traversal Arbitrary File Access

Multiple Web Server ~nobody/ Request Arbitrary File Access

Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation

Roxen Web Server /%00/ Encoded Request Forced Directory Listing

Apache Tomcat contextAdmin Arbitrary File Access

Netscape Administration Server /admin-serv/config/admpw Admin Password Disclosure

Zope < 2.1.7 DocumentTemplate Unauthorized DTML Entity Modification

AnalogX SimpleServer:WWW /cgi-bin/ Long GET Request DoS

Apache for Windows Multiple Forward Slash Directory Listing

Microsoft IIS Malformed File Extension URL DoS

Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure

Web Server No 404 Error Code Check

Microsoft IIS repost.asp File Upload

Microsoft IIS /iisadmpwd/aexp2.htr Password Policy Bypass

Microsoft FrontPage dvwssr.dll Multiple Vulnerabilities

AnalogX SimpleServer:WWW Short GET /cgi-bin Remote DoS

Microsoft IIS/PWS %2e Request ASP Source Disclosure

Microsoft IIS ASP::$DATA ASP Source Disclosure

Microsoft IIS /iisadmin Unrestricted Access

Microsoft IIS MDAC RDS (msadcs.dll) Arbitrary Remote Command Execution

Microsoft IIS WebHits null.htw .asp Source Disclosure

Netscape Server ?wp-* Publishing Tags Forced Directory Listing

Zeus Web Server Null Byte Request CGI Source Disclosure

Xitami Web Server Administration Port Remote Overflow

Web Server Long URL Handling Remote Overflow DoS

Web Server robots.txt Information Disclosure

Web Server Directory Traversal Arbitrary File Access

thttpd Double Slash Request Arbitrary File Access

thttpd 2.04 If-Modified-Since Header Remote Buffer Overflow

Nortel Contivity HTTP Server cgiproc Special Character DoS

Netscape FastTrack get Command Forced Directory Listing

Netscape Enterprise Server SSL Handshake DoS

Netscape Enterprise Server Accept Header Remote Overflow

Netscape Server ?PageServices Request Forced Directory Listing

Sun NetBeans Java IDE HTTP Server IP Restriction Bypass Arbitrary File/Directory Access

MetaInfo Web Server Traversal Arbitrary Command Execution

MDaemon WorldClient HTTP Server URL Overflow DoS

MDaemon WebConfig HTTP Server URL Overflow DoS

Microsoft IIS /scripts Directory Browsable

Microsoft IIS perl.exe HTTP Path Disclosure

Microsoft IIS Malformed HTTP Request Header Remote DoS

Microsoft IIS Traversal GET Request Remote DoS

Microsoft IIS ISM.DLL HTR Request Remote Overflow

iChat Server Traversal Arbitrary File Access

HTTP Server Type and Version

Novell GroupWise Enhancement Pack Java Server URL Handling Overflow DoS

FTPGate Web Proxy Traversal Arbitrary File Access

Microsoft FrontPage Extensions authors.pwd Information Disclosure

Microsoft FrontPage Extensions Check

Eserv GET Request Traversal Arbitrary File Access

IBM Lotus Domino HTTP /cgi-bin Relative URL Request DoS

IBM Lotus Domino HTTP Server Filesystem Setup Disclosure

IBM Lotus Domino ?open Forced Directory Listing

CommuniGate Pro HTTP Configuration Port Remote Overflow

CERN httpd Virtual Web Path Disclosure

Alibaba Web Server 2.0 HTTP Request Overflow DoS