According to its self-reported version number, the Apache Tomcat service listening on the remote host is 6.0.x prior to 6.0.44. It is, therefore, affected by multiple vulnerabilities :

  - An error exists due to a failure to limit the size of     discarded requests. A remote attacker can exploit this     to exhaust available memory resources, resulting in a     denial of service condition. (CVE-2014-0230)

  - A NULL pointer dereference flaw exists when the SSLv3     option isn't enabled and an SSLv3 ClientHello is     received. This allows a remote attacker, using an     unexpected handshake, to crash the daemon, resulting in     a denial of service. (CVE-2014-3569)

  - The BIGNUM squaring (BN_sqr) implementation does not     properly calculate the square of a BIGNUM value. This     allows remote attackers to defeat cryptographic     protection mechanisms. (CVE-2014-3570)

  - A NULL pointer dereference flaw exists with     dtls1_get_record() when handling DTLS messages. A remote     attacker, using a specially crafted DTLS message, can     cause a denial of service. (CVE-2014-3571)

  - A flaw exists with ECDH handshakes when using an ECDSA     certificate without a ServerKeyExchange message. This     allows a remote attacker to trigger a loss of forward     secrecy from the ciphersuite. (CVE-2014-3572)

  - A malicious application can use expression language to     bypass the internal Security Manager and execute code     with elevated privileges. (CVE-2014-7810)

  - A flaw exists when accepting non-DER variations of     certificate signature algorithms and signature encodings     due to a lack of enforcement of matches between signed     and unsigned portions. A remote attacker, by including     crafted data within a certificate's unsigned portion,     can bypass fingerprint-based certificate-blacklist     protection mechanisms. (CVE-2014-8275)

  - A security feature bypass vulnerability, known as FREAK     (Factoring attack on RSA-EXPORT Keys), exists due to the     support of weak EXPORT_RSA cipher suites with keys less     than or equal to 512 bits. A man-in-the-middle attacker     may be able to downgrade the SSL/TLS connection to use     EXPORT_RSA cipher suites which can be factored in a     short amount of time, allowing the attacker to intercept     and decrypt the traffic. (CVE-2015-0204)

  - A flaw exists when accepting DH certificates for client     authentication without the CertificateVerify message.
    This allows a remote attacker to authenticate to the     service without a private key. (CVE-2015-0205)

  - A memory leak occurs in dtls1_buffer_record()     when handling a saturation of DTLS records containing     the same number sequence but for the next epoch. This     allows a remote attacker to cause a denial of service.
    (CVE-2015-0206)

  - A use-after-free condition exists in the     d2i_ECPrivateKey() function due to improper processing     of malformed EC private key files during import. A     remote attacker can exploit this to dereference or free     already freed memory, resulting in a denial of service     or other unspecified impact. (CVE-2015-0209)

  - An invalid read flaw exists in the ASN1_TYPE_cmp()     function due to improperly performed boolean-type     comparisons. A remote attacker can exploit this, via a     crafted X.509 certificate to an endpoint that uses the     certificate-verification feature, to cause an invalid     read operation, resulting in a denial of service.
    (CVE-2015-0286)

  - A flaw exists in the ASN1_item_ex_d2i() function due to     a failure to reinitialize 'CHOICE' and 'ADB' data     structures when reusing a structure in ASN.1 parsing.
    This allows a remote attacker to cause an invalid write     operation and memory corruption, resulting in a denial     of service. (CVE-2015-0287)

  - A NULL pointer dereference flaw exists in the     X509_to_X509_REQ() function due to improper processing     of certificate keys. This allows a remote attacker, via     a crafted X.509 certificate, to cause a denial of     service. (CVE-2015-0288)

  - A NULL pointer dereference flaw exists in the PKCS#7     parsing code due to incorrect handling of missing outer     ContentInfo. This allows a remote attacker, using an     application that processes arbitrary PKCS#7 data and     providing malformed data with ASN.1 encoding, to cause     a denial of service. (CVE-2015-0289)

  - A flaw exists in servers that both support SSLv2 and     enable export cipher suites due to improper     implementation of SSLv2. A remote attacker can exploit     this, via a crafted CLIENT-MASTER-KEY message, to cause     a denial of service. (CVE-2015-0293)

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the Apache Tomcat service listening on the remote host is 7.0.x prior to 7.0.60. It is, therefore, affected by the following vulnerabilities :

  - A NULL pointer dereference flaw exists when the SSLv3     option isn't enabled and an SSLv3 ClientHello is     received. This allows a remote attacker, using an     unexpected handshake, to crash the daemon, resulting in     a denial of service. (CVE-2014-3569)

  - The BIGNUM squaring (BN_sqr) implementation does not     properly calculate the square of a BIGNUM value. This     allows remote attackers to defeat cryptographic     protection mechanisms. (CVE-2014-3570)

  - A NULL pointer dereference flaw exists with     dtls1_get_record() when handling DTLS messages. A remote     attacker, using a specially crafted DTLS message, can     cause a denial of service. (CVE-2014-3571)

  - A flaw exists with ECDH handshakes when using an ECDSA     certificate without a ServerKeyExchange message. This     allows a remote attacker to trigger a loss of forward     secrecy from the ciphersuite. (CVE-2014-3572)

  - A flaw exists when accepting non-DER variations of     certificate signature algorithms and signature encodings     due to a lack of enforcement of matches between signed     and unsigned portions. A remote attacker, by including     crafted data within a certificate's unsigned portion,     can bypass fingerprint-based certificate-blacklist     protection mechanisms. (CVE-2014-8275)

  - A security feature bypass vulnerability, known as FREAK     (Factoring attack on RSA-EXPORT Keys), exists due to the     support of weak EXPORT_RSA cipher suites with keys less     than or equal to 512 bits. A man-in-the-middle attacker     may be able to downgrade the SSL/TLS connection to use     EXPORT_RSA cipher suites which can be factored in a     short amount of time, allowing the attacker to intercept     and decrypt the traffic. (CVE-2015-0204)

  - A flaw exists when accepting DH certificates for client     authentication without the CertificateVerify message.
    This allows a remote attacker to authenticate to the     service without a private key. (CVE-2015-0205)

  - A memory leak occurs in dtls1_buffer_record()     when handling a saturation of DTLS records containing     the same number sequence but for the next epoch. This     allows a remote attacker to cause a denial of service.
    (CVE-2015-0206)

  - A use-after-free condition exists in the     d2i_ECPrivateKey() function due to improper processing     of malformed EC private key files during import. A     remote attacker can exploit this to dereference or free     already freed memory, resulting in a denial of service     or other unspecified impact. (CVE-2015-0209)

  - An invalid read flaw exists in the ASN1_TYPE_cmp()     function due to improperly performed boolean-type     comparisons. A remote attacker can exploit this, via a     crafted X.509 certificate to an endpoint that uses the     certificate-verification feature, to cause an invalid     read operation, resulting in a denial of service.
    (CVE-2015-0286)

  - A flaw exists in the ASN1_item_ex_d2i() function due to     a failure to reinitialize 'CHOICE' and 'ADB' data     structures when reusing a structure in ASN.1 parsing.
    This allows a remote attacker to cause an invalid write     operation and memory corruption, resulting in a denial     of service. (CVE-2015-0287)

  - A NULL pointer dereference flaw exists in the     X509_to_X509_REQ() function due to improper processing     of certificate keys. This allows a remote attacker, via     a crafted X.509 certificate, to cause a denial of     service. (CVE-2015-0288)

  - A NULL pointer dereference flaw exists in the PKCS#7     parsing code due to incorrect handling of missing outer     ContentInfo. This allows a remote attacker, using an     application that processes arbitrary PKCS#7 data and     providing malformed data with ASN.1 encoding, to cause     a denial of service. (CVE-2015-0289)

  - A flaw exists in servers that both support SSLv2 and     enable export cipher suites due to improper     implementation of SSLv2. A remote attacker can exploit     this, via a crafted CLIENT-MASTER-KEY message, to cause     a denial of service. (CVE-2015-0293)

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is prior to 7.2.6. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries :

  - HP SMH (XSRF)
    - libcurl
    - OpenSSL

OpenSSL before 0.9.8zf, 1.0.0r, or 1.0.1m are unpatched for the following vulnerabilities :

  - An invalid read flaw exists in the 'ASN1_TYPE_cmp()' function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286)

  - A flaw exists in the 'ASN1_item_ex_d2i()' function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing. This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287)

  - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer 'ContentInfo'. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0289)

  - A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293)

  - A NULL pointer dereference flaw exists in the 'X509_to_X509_REQ()' function due to improper processing of certificate keys. This allows a remote attacker, via a crafted X.509 certificate, to cause a denial of service. (CVE-2015-0288)

  - A use-after-free condition exists in the 'd2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209)

The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.4 and the following components contain vulnerabilities :

  - Admin Framework 
-  afpserver 
 - apache 
 - AppleFSCompression 
 - AppleGraphicsControl 
 - AppleThunderboltEDMService 
 - ATS 
 - Bluetooth 
 - Certificate Trust Policy 
 - CFNetwork HTTPAuthentication 
 - CoreText 
 - coreTLS 
 - DiskImages 
 - Display Drivers 
 - EFI 
 - FontParser 
 - Graphics Driver 
 - ImageIO 
 - Install Framework Legacy 
 - Intel Graphics Driver 
 - IOAcceleratorFamily 
 - IOFireWireFamily 
 - Kernel 
 - kext tools 
 - Mail 
 - ntfs 
 - ntp 
 - OpenSSL 
 - QuickTime 
 - Security 
 - Spotlight 
 - SQLite 
 - System Stats 
 - TrueTypeScaler 
 - zip

OpenSSL 1.0.2 prior to 1.0.2a are unpatched for the following vulnerabilities:

  - A flaw exists in the 'DTLSv1_listen()' function due to the state being preserved in the SSL object from one invocation to the next. A remote attacker can exploit this, via crafted DTLS traffic, to cause a segmentation fault, resulting in a denial of service. (CVE-2015-0207)

  - A flaw exists in the 'rsa_item_verify()' function due to improper implementation of ASN.1 signature verification. A remote attacker can exploit this, via an ASN.1 signature using the RSA PSS algorithm and invalid parameters, to cause a NULL pointer dereference, resulting in a denial of service. (CVE-2015-0208)

  - A use-after-free condition exists in the 'd2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209)

  - A flaw exists in the 'ssl3_client_hello()' function due to improper validation of a PRNG seed before proceeding with a handshake, resulting in insufficient entropy and predictable output. This allows a man-in-the-middle attacker to defeat cryptographic protection mechanisms via a brute-force attack, resulting in the disclosure of sensitive information. (CVE-2015-0285)

  - An invalid read flaw exists in the 'ASN1_TYPE_cmp()' function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286)

  - A flaw exists in the 'ASN1_item_ex_d2i()' function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing. This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287)

  - A NULL pointer dereference flaw exists in the 'X509_to_X509_REQ()' function due to improper processing of certificate keys. This allows a remote attacker, via a crafted X.509 certificate, to cause a denial of service. (CVE-2015-0288)

  - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer 'ContentInfo'. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0289)

  - A flaw exists with the 'multiblock' feature in the 'ssl3_write_bytes()' function due to improper handling of certain non-blocking I/O cases. This allows a remote attacker to cause failed connections or a segmentation fault, resulting in a denial of service. (CVE-2015-0290)

  - A NULL pointer dereference flaw exists when handling clients attempting to renegotiate using an invalid signature algorithm extension. A remote attacker can exploit this to cause a denial of service. (CVE-2015-0291)

  - A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293)

  - A flaw exists in the 'ssl3_get_client_key_exchange()' function when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled. This allows a remote attacker, via a ClientKeyExchange message with a length of zero, to cause a denial of service. (CVE-2015-1787)

Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or corrupt portions of OpenSSL process memory.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
83490	Apache Tomcat 6.0.x < 6.0.44 Multiple Vulnerabilities (FREAK)	Nessus	Web Servers	5/15/2015	5/6/2024	high
83526	Apache Tomcat 7.0.x < 7.0.60 Multiple Vulnerabilities (FREAK)	Nessus	Web Servers	5/19/2015	5/6/2024	high
90251	HP System Management Homepage < 7.2.6 Multiple Vulnerabilities (FREAK)	Nessus	Web Servers	3/29/2016	4/11/2022	high
8662	OpenSSL 0.9.8 < 0.9.8zf / 1.0.0 < 1.0.0r / 1.0.1 < 1.0.1m Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	3/27/2015	3/6/2019	medium
8801	Mac OS X < 10.10.4 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	10/12/2015	3/6/2019	critical
8661	OpenSSL 1.0.2 < 1.0.2a Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	3/27/2015	3/6/2019	medium
503102	Siemens SCALANCE X-200RNA Switch Devices Use After Free (CVE-2015-0209)	Tenable OT Security	Tenable.ot	3/13/2025	3/13/2025	high
501779	Rockwell Automation Stratix OpenSSL Elliptic Curve d2i_ECPrivateKey Denial of Service (CVE-2015-0209)	Tenable OT Security	Tenable.ot	11/15/2023	12/18/2024	high

Detections

Analytics

Plugins Search

high

high

high

medium

critical

medium

high

high