Web Servers Family for Nessus

ID	Name	Severity
138762	SAP NetWeaver : Authentication Bypass (CVE-2020-6287) (Direct Check)	critical
138591	Apache Tomcat 9.0.0.M1 < 9.0.37 multiple vulnerabilities	high
138574	Apache Tomcat 8.5.0 < 8.5.57 multiple vulnerabilities	high
138509	Oracle WebLogic IIOP JNDI Lookup RCE Direct Check	critical
138506	SAP NetWeaver AS Java Multiple Vulnerabilities	critical
138499	SAP Netweaver Application Server (AS) HTTP Server Detection	info
138098	Apache Tomcat 9.0.0.M1 < 9.0.36	high
138097	Apache Tomcat 8.5.0 < 8.5.56	high
138091	IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.5 Information Disclosure (CVE-2020-4449)	high
138074	Oracle WebLogic Server Java Object Deserialization RCE (CVE-2020-2883)	critical
137398	IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.4 Remote Code Execution (CVE-2020-4448)	critical
137368	IBM WebSphere Application Server 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.5 RCE (CVE-2020-4450)	critical
136931	Apache Traffic Server - HTTP Smuggling and Cache poisoning	medium
136897	IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.14 / 9.0.0.0 <= 9.0.0.9 XSS	medium
136892	IBM WebSphere Application Server Admin Console 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.14 / 9.0.0.0 <= 9.0.0.9 XSS	medium
136807	Apache Tomcat 8.5.0 < 8.5.55	high
136806	Apache Tomcat 9.0.0 < 9.0.35	high
136770	Apache Tomcat 7.0.0 < 7.0.104	high
136764	IBM MQ Console Detection	info
136763	IBM MQ Default Credentials	critical
136426	IBM WebSphere Application Server 9.0.0.0 < 9.0.0.9 Information Disclosure (CVE-2018-1957)	medium
136410	IBM WebSphere Application Server 7.0 < 7.0.0.46 / 8.0 < 8.0.0.16 / 8.5 < 8.5.5.18 / 9.0 < 9.0.5.4 / Liberty 17.0.0.3 < 20.0.0.5 Information Disclosure	medium
136340	nginx Installed (Linux/UNIX)	info
136183	IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.14 / 9.0.0.0 <= 9.0.0.9 Cross-Site Scripting Vulnerability	medium
136180	IBM WebSphere Application Server 7.x / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.14 / 9.0.0.0 <= 9.0.0.9 Directory Traversal Vulnerability	medium
135919	OpenSSL 1.1.1d < 1.1.1g Vulnerability	high
135771	IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.15 / 9.x < 9.0.0.10 XSS (CVE-2018-1794)	medium
135720	IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.15 / 9.0.0.0 <= 9.0.0.10 Connection Spoofing Vulnerability	medium
135702	IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.17 / 9.0.0.0 <= 9.0.5.3 Privilege Escalation (CVE-2020-4362)	high
135677	Oracle Fusion Middleware Oracle HTTP Server (Apr 2020 CPU)	high
135290	Apache 2.4.x < 2.4.42 Multiple Vulnerabilities	medium
135180	IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.4 Privilege Escalation (CVE-2020-4276)	high
134862	Apache Tomcat AJP Connector Request Injection (Ghostcat)	critical
134220	nginx < 1.17.7 Information Disclosure	medium
133845	Apache Tomcat 9.0.0.M1 < 9.0.31 multiple vulnerabilities	critical
133696	IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.17 / 9.0.x < 9.0.5.3 Command Execution (CVE-2020-4163)	high
133529	IBM WebSphere Application Server Denial of Service (CVE-2019-4720)	high
133360	IBM WebSphere Application Server Virtual Enterprise 7.0.x <= 7.0.0.6 / Virtual Enterprise 8.0.x / 8.5.5.x < 8.5.5.17 / 9.0.x < 9.0.5.1 Information Disclosure (CVE-2019-4505)	medium
133275	IBM WebSphere Application Server 9.0.x < 9.0.5.0 Information Disclosure (CVE-2019-4269)	high
133274	IBM WebSphere Application Server 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.10 Cross-Site Request Forgery (CVE-2018-1926)	high
133273	IBM WebSphere Application Server 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.10 Privilege Escalation (CVE-2018-1901)	high
133272	IBM WebSphere Application Server 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.10 Privilege Escalation (CVE-2018-1840)	high
133271	IBM WebSphere Application Server 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.10 Information Disclosure (CVE-2018-1614)	high
133270	IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.10 Remote Code Execution (CVE-2018-1567)	critical
133146	Oracle Fusion Middleware Oracle HTTP Server (Jan 2020 CPU)	medium
132775	nginx 0.8.x < 0.8.33 / 0.7.x < 0.7.65 Windows Filename Pseudonyms (CORE-2010-0121)	low
132726	OpenSSL 1.0.2 < 1.0.2u Vulnerability	medium
132725	OpenSSL 1.1.1 < 1.1.1e-dev Procedure Overflow Vulnerability	medium
132419	Apache Tomcat 9.0.0.M1 < 9.0.30	high
132418	Apache Tomcat 8.5.0 < 8.5.50	high

Detections

Analytics

Web Servers Family for Nessus

critical

high

high

critical

critical

info

high

high

high

critical

critical

critical

medium

medium

medium

high

high

high

info

critical

medium

medium

info

medium

medium

high

medium

medium

high

high

medium

high

critical

medium

critical

high

high

medium

high

high

high

high

high

critical

medium

low

medium

medium

high

high