Plugins: Firewalls

pfSense Web Interface Detection

Juniper ScreenOS < 6.3.0r25 Etherleak Vulnerability (JSA10841)

Symantec ProxySG 6.5 < / 6.6 < / 6.7 < Multiple Vulnerabilities (SA155)

Juniper ScreenOS 6.3 SSG-5 and SSG-20 (KRACK)

Junos OS 12.1X46 SRX 210, 240, 650 series firewalls (KRACK)

OTRS WebUI Detection

Check Point Gaia Operating System < R77.20 Multiple NTP Client Vulnerabilities (sk103825)

Check Point Gaia Operating System SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (sk103683) (POODLE)

Check Point Gaia Operating System HTTP evasion protection failure (sk98814)

Check Point Gaia Operating System Threat Emulation Email Scan Bypass (sk96269)

Check Point Gaia Operating System Multiple Vulnerabilities (sk106499)

Check Point Gaia Operating System VM escape and code execution (sk106060)(VENOM)

Check Point Gaia Operating Remote Heap Buffer Overflow (sk104443)(GHOST)

Check Point Gaia Operating Bash Code Injection (sk102673)(SHELLSHOCK)

Check Point Gaia Operating Security and Stability Update (sk100431)

Fortinet FortiOS 5.x < 5.2.13 / 5.4.x < 5.4.7 / 5.6.x < 5.6.3 SSL VPN Web Portal login redir XSS(FG-IR-17-242)

Check Point Gaia Operating System Malicious URL Detection issue (sk111740)

Checkpoint Gaia Portal WebUI Detection

Check Point Gaia Operating System Detection

Check Point Gaia Operating System DoS (sk115596)

Fortinet FortiOS 5.2.x < 5.2.23 / 5.4.x < 5.4.6 / 5.6.x < 5.6.1 Web Proxy Disclaimer Response Page Reflected XSS (FG-IR-17-168)

Fortinet FortiOS < 5.2 / 5.4.x < 5.4.6 / 5.6.x < 5.6.1 SSL / TLS Renegotiation Handshakes MitM Plaintext Data Injection (FG-IR-17-137)

Symantec (Blue Coat) ProxySG 6.5.x < / 6.6.x < / 6.7.x < Impromper User Authorization Vulnerability

Fortinet FortiOS 5.4.x < 5.4.6 Denial of Service (FG-IR-17-206)

Fortinet FortiOS 5.4.x < 5.4.6 / 5.6.x < 5.6.1 XSS (FG-IR-17-113)

Trend Micro IWSVA 6.5 < 6.5 Build 1737 Multiple Vulnerabilities

Juniper ScreenOS 6.3.x < 6.3.0r24 SSL Death Alert (JSA10808)

Fortinet FortiGate < 5.2 / 5.2.x <= 5.2.11 / 5.4.x <= 5.4.5 / 5.6.x <= 5.6.2 Multiple Vulnerabilities (FG-IR-17-196) (KRACK)

FireEye Operating System Multiple Vulnerabilities (AX < 7.7.7 / EX < 8.0.1)

Fortinet FortiOS < 5.6.1 Multiple Vulnerabilities (FG-IR-17-104)

Juniper ScreenOS 6.3.x < 6.3.0r24 Multiple XSS (JSA10782)

Fortinet FortiOS 5.2.x / 5.3.x / 5.4.x < 5.4.5 Multiple XSS (FG-IR-17-127)

Squid 3.5.x < 3.5.23 / 4.x < 4.0.17 Multiple Vulnerabilities

Fortinet FortiOS 5.0.x / 5.2.x < 5.2.11 'global-label' Parameter XSS (FG-IR-17-057)

Fortinet FortiOS 5.2.x < 5.2.11 srcintf XSS (FG-IR-17-017)

Trend Micro IWSVA 6.5 < 6.5 Build 1746 Multiple Vulnerabilities

Fortinet FortiOS 5.4.1 < 5.4.4 Multiple Vulnerabilities

Fortinet FortiOS 5.2.x < 5.2.10 / 5.4.1 < 5.4.2 Local Password Hash Disclosure (FG-IR-16-050)

Fortinet FortiOS 4.3.x < 4.3.19 TLS and IPSEC Information Disclosure

Fortinet FortiOS 5.x < 5.4.2 Flow-mode Detection Bypass

Juniper ScreenOS 6.3.x < 6.3.0r23 Multiple Vulnerabilities in OpenSSL (JSA10759) (DROWN)

Juniper ScreenOS 6.3.x < 6.3.0r22 Multiple Vulnerabilities in OpenSSL (JSA10733)

Blue Coat ProxySG 6.5.x < / 6.6.x < Multiple OpenSSL Vulnerabilities

Fortinet FortiOS 4.1.x < 4.1.11 / 4.2.x < 4.2.13 / 4.3.x < 4.3.9 Web Interface Cookie Parser RCE (EGREGIOUSBLUNDER)

Squid 2.x / 3.x < 3.5.17 / 4.x < 4.0.9 cachemgr.cgi RCE

Squid 3.x < 3.5.17 / 4.x < 4.0.9 Multiple Vulnerabilities

Juniper ScreenOS 6.3.x < 6.3.0r4 Firewall Private Address Information Disclosure

Juniper ScreenOS 6.3.x < 6.3.0r21 Malformed SSL/TLS Packet DoS (JSA10732)

Fortinet FortiOS Redirect Parameter Multiple Vulnerabilities

Fortinet FortiOS 5.2.x < 5.2.6 ICMP Redirect Response DoS

FireEye Operating System Multiple Vulnerabilities

Squid 3.x < 3.5.15 / 4.x < 4.0.7 Multiple DoS

Squid 3.5.13 / 4.0.4 / 4.0.5 Server Connection Error Handling DoS

Fortinet FortiOS 5.2.x < 5.2.3 Multiple XSS

Juniper ScreenOS 6.3.0r20 SSH ssh-pka SSH Negotiation RCE (JSA10712)

Juniper ScreenOS 6.2.x < 6.2.0r19 / 6.3.x < 6.3.0r21 Multiple Vulnerabilities (JSA10713)

Juniper ScreenOS < 6.3.0r20 L2TP DoS (JSA10704)

Squid 3.5.x < 3.5.9 Multiple DoS

Fortinet FortiOS 5.0.x < 5.0.12 / 5.2.x < 5.2.4 Weak Ciphers (FG-IR-15-021)

Fortinet FortiOS 5.2.3 ZebOS Shell Remote Command Execution (FG-IR-15-020)

Fortinet FortiOS < 4.3.13 SSL-VPN TLS MAC Spoofing

Fortinet FortiOS 5.0.x < 5.0.9 Telnet / SSH Username XSS

Fortinet FortiOS 5.0.x < 5.0.2 Multiple Vulnerabilities

Fortinet FortiOS 5.0.x < 5.0.1 Multiple DoS

Fortinet FortiOS 5.0.x < 5.0.8 Packet Handling DoS

Fortinet FortiOS 5.0.x < 5.0.5 FortiToken Security Bypass

Fortinet FortiOS 5.0.x < 5.0.4 Empty Device Group Firewall Bypass

McAfee Firewall Enterprise DoS (SB10126)

Squid < 3.5.6 Squid Cache Peer CONNECT Remote Access Bypass

Blue Coat ProxySG 6.2.x < / 6.5.x < / 6.6.x < Multiple OpenSSL Vulnerabilities

Fortinet FortiManager 5.0.x < 5.0.11 / 5.2.x < 5.2.2 Multiple Vulnerabilities (FG-IR-15-011)

McAfee Firewall Enterprise IGMP Packet Integer Overflow DoS (SB10107)

Squid 3.2 < 3.5.4 Incorrect X509 Server Certificate Validation Vulnerability

Blue Coat ProxySG 6.5.x / 6.2.x / 5.5 OpenSSL Vulnerability (FREAK)

Trend Micro InterScan Web Security Virtual Appliance Device Detection

Trend Micro IWSVA < 6.0 Build 1244 Information Disclosure

Squid < HTTP Header Injection Vulnerability

McAfee Firewall Enterprise OpenSSL Multiple Vulnerabilities (SB10102) (FREAK)

Privoxy < 3.0.23 Multiple DoS Vulnerabilities

Privoxy < 3.0.22 Multiple Vulnerabilities

Squid 3.x < 3.4.8 Multiple Vulnerabilities

Fortinet FortiOS < 4.3.16 / 5.x < 5.0.8 Multiple Vulnerabilities (FG-IR-14-006)

Squid 3.x < 3.3.13 / 3.4.7 Request Processing DoS

Halon Security Router Detection

FireEye Operating System Multiple Vulnerabilities (SB001)

FireEye Operating System Detection

Juniper ScreenOS 6.3 < 6.3.0r17 IPv6 Packet DoS

Juniper ScreenOS 6.3 < 6.3.0r17 DNS Lookup DoS

Blue Coat ProxySG 6.4.x OpenSSL Security Bypass

Blue Coat ProxySG 6.5.x Multiple OpenSSL Vulnerabilities

Blue Coat ProxySG 6.2.x OpenSSL Security Bypass

Blue Coat ProxySG 4.x OpenSSL Security Bypass

McAfee Firewall Enterprise DoS (SB10052)

Unsupported ScreenOS Operating System

Juniper ScreenOS 5.4 < 5.4.0r28 / 6.2 < 6.2.0r18 / 6.3 < 6.3.0r16 Malformed ICMP Echo Request DoS (JSA10604)

Juniper ScreenOS 5.4.x < 5.4.0r12 / 6.1.x / 6.2.x < 6.2.0r2 'about.html' Information Disclosure

Juniper ScreenOS 6.3 < 6.3.0r17 DoS

Juniper ScreenOS Device Detection

ModSecurity < 2.7.6 Chunked Header Filter Bypass

McAfee Firewall Enterprise OpenSSL Information Disclosure (SB10071) (Heartbleed)

McAfee Next Generation Firewall Detection

McAfee Firewall Enterprise Detection

Fortinet FortiOS < 4.3.13 / 5.0.3 Multiple XSRF

Fortinet FortiOS 5.x < 5.0.3 Security Bypass

Fortinet FortiOS 5.x < 5.0.6 XSS

Fortinet Device Detection

Blue Coat ProxySG Heartbeat Information Disclosure (Heartbleed)

Squid 3.1.x < 3.3.12 / 3.4.4 HTTPS Request Handling DoS

Palo Alto Networks PAN-OS Version Detection

Blue Coat ProxySG Local User Modification Race Condition

Palo Alto Networks PAN-OS Firewall/Panorama WebUI Default Credentials

Palo Alto Networks PAN-OS Firewall/Panorama Web UI Detection

Blue Coat ProxySG Recursive HTTP Pipeline Pre-Fetch Remote DoS

Squid 3.2.x < 3.2.13 / 3.3.x < 3.3.8 Port Handling DoS

Squid 3.x < 3.2.12 / 3.3.x < 3.3.7 idnsALookup HTTP Request DoS

Blue Coat ProxySG Unspecified XSS

Blue Coat ProxySG Core File Information Disclosure

Symantec (Blue Coat) ProxySG SGOS Version

ModSecurity < 2.7.4 forceRequestBodyVariable Action Handling DoS

ModSecurity < 2.7.3 XML External Entity (XXE) Data Parsing Arbitrary File Disclosure

ModSecurity < 2.7.0 Multipart Request Parsing Filter Bypass

ModSecurity < 2.5.9 Multipart Request Header Name DoS

ModSecurity < 2.1.1 POST Data Null Byte Filter Bypass

ModSecurity Version

Privoxy < 3.0.21 Multiple Information Disclosure Vulnerabilities

Privoxy Detection

Squid 3.x < 3.2.9 / 3.3.3 strHdrAcptLangGetItem Malformed Accept-Language Denial of Service

Squid 2.x / 3.x < 3.1.23 / 3.2.6 / cachemgr.cgi DoS

Squid 2.x / 3.x < 3.1.22 / 3.2.4 / cachemgr.cgi DoS

Check Point SecuRemote Hostname Information Disclosure

Firewall Detection (2)

Squid Unsupported Version Detection

Unsupported IPSO Firewall

Squid 3.1.x < 3.1.16 / 3.2.x < DNS Replies CName Record Parsing Remote DoS

Firewall Rule Enumeration

Squid 3.x < 3.0.STABLE26 / 3.1.15 / Gopher Buffer Overflow

IP Forwarding Enabled

Squid < 3.1.8 / NULL Pointer Dereference Denial of Service

Squid Proxy Version Detection

Squid 3.1.6 DNS Reply Denial of Service

Misconfigured SOCKS filtering

Squid < 3.0.STABLE24 / 2.7.STABLE8 / 2.6.STABLE24

Cisco ASA 5500 Series Adaptive Security Appliance NTLMv1 Authentication Bypass (cisco-sa-20100217-asa)

Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances (cisco-sa-20100217-asa)

Squid < 3.0.STABLE19 / / 2.6.STABLE23 strListGetItem Function Remote DoS

Squid < 3.0.STABLE23 /

Web Application Firewall Detection

Squid 3.0.STABLE16 / 3.10.11

Squid < 2.7.STABLE6 / 3.0.STABLE13 / HTTP Version Number Request Remote DoS

SecurityGateway < 1.0.2 Administration Interface username Field Remote Overflow

Reverse NAT/Intercepting Proxy Detection

3Proxy HTTP Proxy Crafted Transparent Request Remote Overflow

Squid < 2.6.STABLE18 Cache Update Reply Unspecified DoS

DeleGate Proxy Server < 9.7.5 Multiple Vulnerabilities

Firewall Detection

Squid < 2.6.STABLE12 src/client_side.c clientProcessRequest() function TRACE Request DoS

Squid < 2.6.STABLE7 Multiple Remote DoS

Host Logical Network Segregation Weakness

Check Point FireWall-1 ICA Service Detection

DeleGate DNS Response Message DoS

ZoneAlarm VSMON.exe Local Privilege Escalation

WinProxy < 6.1a Multiple Vulnerabilities (credentialed check)

WinProxy < 6.1a HTTP Proxy Multiple Vulnerabilities

Juniper NetScreen Security Manager (NSM) guiSrv/devSrv Crafted String Remote DoS

Kerio WinRoute Firewall HTTP/HTTPS Management Detection

Squid Crafted NTLM Authentication Header DoS

Squid Set-Cookie Header Cross-session Information Disclosure

602LAN SUITE Open Telnet Proxy

DeleGate < 8.11 Multiple Unspecified Overflows

SOCKS5 Server Recursive Connection Remote DoS

SOCKS4 Server Recursive Connection Remote DoS

Blue Coat ProxySG Console Management Detection

Default Password (zebra) for Zebra

UMN Gopherd Unauthorized FTP Proxy

Squid < 2.5.STABLE8 Multiple Vulnerabilities

Squid NTLM Component fakeauth Multiple Remote DoS

Squid < 2.5.STABLE8 Malformed Host Name Error Message Information Disclosure

CCProxy Application Proxy Detection

Squid SNMP Module asn_parse_header() Function Remote DoS

ZoneAlarm Pro Configuration File/Directory Permission Weakness DoS

ZoneAlarm Personal Firewall UDP Source Port 67 Bypass

Cerbere HTTP Proxy Server Host: Header Remote DoS

NetAsq IPS-Firewalls Detection

Arkoon Appliance Detection

Squid ntlm_check_auth Function NTLM Authentication Helper Password Handling Remote Overflow

Symantec Firewall Malformed TCP Packet Options Remote DoS

Squid %xx URL Encoding ACL Bypass

Multiple BSD ipfw / ip6fw ECE Bit Filtering Evasion

Check Point FireWall-1 4.x Multiple Vulnerabilities (OF, FS)

Finjan SurfinGate Proxy FHTTP Command Admin Functions Authentication Bypass

Check Point FireWall-1 Spoofed UDP Packet Remote DoS

Source Routed Packet Weakness

StoneGate Firewall Client Authentication Detection

TCP/IP SYN+FIN Packet Filtering Weakness

Check Point FireWall-1/VPN-1 Syslog Daemon Remote Overflow DoS

Firewall UDP Packet Source Port 53 Ruleset Bypass

Kerio Personal Firewall Administrator Authentication Handshake Packet Remote Buffer Overflow

Check Point FireWall-1 Open Web Administration

IBM Tivoli Firewall Toolbox (TFST) Unspecified Remote Overflow

L2TP Network Server Detection

HTTP Proxy Open gopher:// Request Relaying

NEC SOCKS4 Module Username Handling Remote Overflow

AnalogX Proxy SOCKS4a DNS Hostname Handling Remote Overflow

BenHur Firewall Source Port 20 ACL Restriction Bypass

ISS BlackICE / RealSecure Large ICMP Ping Packet Overflow DoS

Squid FTP URL Special Character Handling Remote Overflow

Squid mkdir-only PUT Request Remote DoS

Raptor Firewall 6.5 HTTP Proxy Detection

Check Point FireWall-1 HTTP Client Authentication Detection

Check Point FireWall-1 Telnet Client Authentication Detection

tinyProxy Long Connect Request Overflow

Cisco PIX Firewall Mailguard Feature SMTP Content Filter Bypass

HTTP Proxy Open Relay Detection

HTTP Proxy POST Request Relaying

HTTP Proxy Arbitrary Site/Port Relaying

HTTP Proxy CONNECT Request Relaying

Novell BorderManager Port 2000 Telnet DoS

Check Point FireWall-1 UDP Port 0 DoS

DeleGate Multiple Function Remote Overflows

Check Point FireWall-1 Identification

Axent Raptor Firewall Zero Length IP Remote DoS

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now