server_msgs.db

一个用perl写的功能强大的cgi漏洞检测程序

#VERSION,1.089
#LASTMOD,10.23.2003  
# http://www.cirt.net/

"Abyss\/1\.0\.3","May be vulnerable to directory traversal by using '%5c%2e%2e%5c' type paths."
"ADSM_HTTP\/","May be Tivoli server administration. Default account is admin/admin."
"AdSubtract","Adsubtract.com, a Windows proxy which removes popup ads, can be configure for remote access or localhost only."
"Agranat-EMWeb","Most likely a printer."
"alibaba","http://alibaba.austria.eu.net/ This server has lots of problems (overflows, etc)"
"allegro-software","Most often a printer or other embedded device"
"Allegro-Software-RomPager","Most likely a printer."
"american sitebuilder","http://www.american.com/product1.html"
"aolserver","http://www.aolserver.com/ runs on Dec OSF1"
"Apache Tomcat\/4\.0\.3","Apache Tomcat 4.0.3 Win 2000 server is vulnerable to a DoS attack. Upgrade to a 4.1.3beta or higher."
"apache-ssl-us","http://apachessl.c2.net"
"apachejserv\/1\.(0|1\.[0-1])","This version of Apache JServ allows files to be retrieved and possibly executed from outside the web root. CAN-2001-0307."
"Apache\/(1\.2\.([2-9].*|1[0-9])|1\.3\.([0-1].*|2[0-4]))","Apache 1.x up 1.2.35 are vulnerable to a remote DoS and possible code execution. CAN-2002-0392."
"Apache\/.* Ben-SSL\/1\.([0-9][^0-9]|[0-3][0-9]|4[0-6])[^0-9]","This version of Apache-SSl is vulnerable to a buffer overflow."
"Apache\/1\.0\.3","Probably a Xerox printer"
"Apache\/1\.1\.1","May be able view directory contents regardless of index.html"
"Apache\/1\.1\.3","This version has a mod_cookies buffer overflow"
"Apache\/1\.3\.(0.*|1.*|2[0-6])","Apache 1.3 below 1.3.27 are vulnerable to a local buffer overflow which allows attackers to kill any process on the system. CAN-2002-0839."
"Apache\/1\.3\.27","Windows and OS/2 version vulnerable to remote exploit. CAN-2003-0460"
"Apache\/2\.0\.(3[7-9]|4[0-5])","Apache versions 2.0.37 through 2.0.45 are vulnerable to a DoS in mod_dav. CAN-2003-0245."
"Apache\/2\.0\.([0-2].*|3.*)","Apache 2.0 to 2.0.39 Windows may be vulnerable to arbitrary file retrieval. CAN-2002-0661."
"Apache\/2\.0\.([0-2].*|3[0-8])","Apache 2.0 up 2.0.38 are vulnerable to a remote DoS and possible code execution. CAN-2002-0392."
"Apache\/2\.0\.([0-3].*|4[0-6])","Apache 2.0 up 2.0.46 are vulnerable to multiple remote problems. CAN-2003-0192. CAN-2003-0253. CAN-2003-0254. CERT VU#379828."
"Apache\/2\.0\.43","Win9x and ME servers allow arbitrary code execution, DoS and/or arbitrary file retrieval. CAN-2003-0016. CAN-2003-0017."
"Apache\/2\.0\.44","Apache 2.0.44 is vulnerable to a DoS when linefeed characters are submitted consecutively. CAN-2003-0132."
"Apache\/2\.0\.4[0-5]","Apache versions 2.0.40 through 2.0.45 are vulnerable to a DoS in basic authentication. CAN-2003-0189."
"aserve","http://www.phone.net/aws"
"ATPhttpd","http://www.redshift.com/~yramin/atp/atphttpd/ V0.4 contains a DoS by sending a GET 3000 chars long (many times). See securityoffice.net. Also see http://bespin.org/~qitest1 for more bugs/patches."
"avenida","http://www.avenida.co.uk/"
"Avirt","Check www.avirt.com for updates, some versions of the proxies have buffer overflows that allow attackers to run arbitrary commands."
"awhttpd","http://pulsar.systes.net/awhttpd/ v2.2 has a local DoS if a user has write access to the HTML directory, see http://sec.angrypacket.com for more info."
"BadBlue\/(0\..*|1\.([0-6].*|7\.0))","BadBlue Web server 1.7.0 and below allows directories to be listed by appending a unicode % to the end of a string. http://www.badblue.com/"
"BadBlue\/([0-1].*|2\.[0-9]{1}|2\.1[0-5]{1})","BadBlue Web server 2.15 allow remote users to execute commands on the machine. http://www.badblue.com/"
"bkhttp\/0.3","BitKeeper may allow anyone to execute arbitrary commands on the remote system. See http://www.securiteam.com/securitynews/5TP0D0K8UQ.html."
"Blazix\/1\.2\.1","Can view JSP source by appending a + to the end of the request."
"boa","http://www.boa.org/"
"boulevard","http://www.resnova.com/boulevard"
"Brickserver Modifications","May be vulnerable to %2f type directory listing vulnerabilities if the directory contains an index.shtml but not index.html file."
"capneld","This is a web hosting manager. It should not be running unless required, as it allows web server administration."
"cern","http://www.w3.org/hypertext/WWW/Daemon"
"ChaiServer","HP printer."
"Cherokee\/0\.2\.7","This version of Cherokee allows arbitrary files to be retreived remotely. See http://www.securitytracker.com/alerts/2001/Dec/1003074.html"
"cisco ios","Cisco Catalyst Switch"
"cisco-CPA","Most likely a router/switch web management port"
"cl-http","http://www.ai.mit.edu/projects/iiip/doc/cl-http/home-page.html"
"Cobalt","Cobalt RaQ system"
"commerce-builder","http://www.ifact.com/"
"CompaqHTTPServer","Has had a few remote DoS issues. Can also give a lot of system information, especially if anonymous access enabled."
"cosmos","http://www.ris.fr/"
"DeleGate\/","www.globalintersec.com has found multiple vulnerabilities in the DeleGate proxies and recommends using Squid or another proxy device as the author(s) have not fixed previous versions."
"DeleGate\/7\.7\.[0-1]","DeleGate 7.7.1 & 7.7.0 are vulnerable to CSS."
"dwhttpd","Probably Sun Microsystem's AnswerBook server. v3.1a4, 4.0.2a7a and 4.1a6 have problems."
"dwhttpd\/4\.(0\.2a7a|1a6)","May allow unauthorized users to add administrators or view logs remotely."
"Embedded HTTP Server","Likely this is a D-Link SoHo router."
"emwac","http://emwac.ed.ac.uk/"
"enterpriseweb","http://www.beyond-software.com/products/eweb/eweb.html"
"Eserv\/2\.97","Server allows pass protected directories to be retrieved by prepending '/./' to it, ie http://server/./protected/, or directory listings by appending ?"
"Essentia\/2\.1","Essentia 2.1 is vulnerable to directory traversal problems with /../ type requests, along with a DoS on long (2000 chars) requests."
"Ews/","Probably a printer."
"falcon","May allow ../../ file system browsing"
"fnord","Win 32 platform"
"Folkweb","Win 32 platform"
"frontier","http://www.frontiertech.com/products/superweb.htm"
"frontpage","http://www.insecure.org/sploits/Microsoft.frontpage.insecurities.html"
"ghttpd\/1\.[0-4]","The Ghttpd server may contain a remote buffer overflow. Upgrade to the latest version."
"glaci","Netware web server"
"GoAhead-Webs","This may be a Cyclade, http://www.cyclades.com/"
"GoAhead-Webs\/2\.(0.*|1)","GoAhead-Webs 2.1 and below is vulnerable to command execution through a buffer overflow. See http://www.securiteam.com for details."
"Gordian Embedded","Lantronix device, may give system/networking information freely. Could be an access badge reader/card swipe."
"goserve","http://www2.hursley.ibm.com/goserve"
"gosite","http://www.gosite.com/"
"GWS\/","Could be the Google Web Server. 2.0 seems to be current."
"hellbent java webserver v0.1","This version of the server is vulnerable to a path disclosure bug and can allow attackers to view .prefs files under certain circumstances. Upgrade to 0.11 or higher. See http://www.securityfocus.com/archive/82/73778"
"homedoor","http://www.opendoor.com/"
"HP-Web-Server","HP Printer"
"hyperwave","http://www.hyperwave.com/"
"ibm internet connection server","http://www.ics.raleigh.ibm.com"
"IBM-HTTP-Server\/1\.0","This IBM web server allows file source to be viewed by adding a '/' to the URI, like http://server/index.jsp/"
"icecast/1\.3\.(7|8.*beta[0-2])","This version of Icecast may allow an attacker to execute commands on the server with a format string attack."
"iis\/4","May be able to bypass security settings using 8.3 file names. ESB-98.015."
"pws\/4","May be able to bypass security settings using 8.3 file names. ESB-98.015."
"Intrusion\/","The server may be running Tripwire for web pages. This can allow attackers to gain sensitive information about the web setup."
"Ipswitch-IMail\/7\.11","May be vulnerable to a remote command execution overflow, see http://online.securityfocus.com/archive/1/284465"
"i\/net","http://www.inetmi.com/"
"Jaguar Server","Probably a Sybase web interface"
"jakarta-tomcat-4.0.1","Server will reveal path"
"JavaWebServer","Probably Sun Microsystem's servlet interface. May have defualt code which is exploitable. Try admin/admin for id/password."
"JetAdmin","HP Printer"
"Jeus WebContainer\/([0-3]\.[0-2]\..*)","JEUS below 3.2.2 is vulnerable to XSS if a nonexistent url is requested, i.e. [victim site]/[javascript].jsp"
"Jigsaw\/([0-1].*|2\.([0-1].*|2\.0))","Jigsaw 2.1.0 or below may be vulnerable to XSS if a nonexistent host name is requested, i.e. nosuchhost.domain.com/<script>..."
"Jigsaw\/2\.2\.1","Jigsaw 2.1.1 on Windows may be tricked into revealing the system path by requesting /aux two times."
"JRun\/([0-3]\..*|4\.0)","JRun 4.0 and below on IIS is vulnerable to remote buffer overflow with a filename over 4096. http://www.macromedia.com/v1/handlers/index.cfm?ID=23500 and http://www.eeye.com/html/Research/Advisories/index.html"
"JRun\/3\.1","JRun 3.1 on Windows NT/2000 is vulnerable to remote buffer overflow in the Host header field that can allow attackers to exploit the system."
"KazaaClient","Kazaa may allow sensitve information to be retrieved, http://www.securiteam.com/securitynews/5UP0L2K55W.html"
"LabVIEW\/(5\.[1-9]|6\.[0-1])","LabVIEW 5.1.1 to 6.1 is vulnerable to a remote DoS by sending a malformed GET request. This DoS was not attempted."
"Lasso\/3\.6\.5","This version of Blueworld WebData engine is vulnerable to DoS by sending a 1600 character long GET request."
"LilHTTP\/2\.1","LilHTTP server 2.1 allows password protected resources to be retrieved by prepending '/./' to the url."
"LocalWeb2000\/([0-1]\.*|2\.(0\.*|1\.0))","LocalWeb2000 2.1.0 and below allow protected files to be retrieved by prepending the request with /./"
"Lotus-Domino\/([0-3].*|4\.([0-1].*|2\.([0-1].*|3)))","This version of Lotus-Domino server has had multiple vulnerabilities. See the bugtraq archives for details."
"Lotus-Domino\/4\.[5-6]","This version of Lotus-Domino server is vulnerable to a DoS via the WEb Retriever. CAN-2003-0123."
"Lotus-Domino\/5","This version of Lotus-Domino server is vulnerable to a DoS via the WEb Retriever. CAN-2003-0123."
"Lotus-Domino\/5\.0\.9","This version of Lotus-Domino server is vulnerable to a DoS via requesting DOS devices"
"Lotus-Domino\/6b.*","This version of Lotus-Domino server is vulnerable to a DoS via the WEb Retriever. CAN-2003-0123."
"Lotus-Domino\/Release-([0-3].*|4\.([0-1].*|2\.([0-1].*|3)))","This version of Lotus-Domino server has had multiple vulnerabilities. See the bugtraq archives for details."
"Lotus-Domino\/Release-4\.[5-6]","This version of Lotus-Domino server is vulnerable to a DoS via the WEb Retriever. CAN-2003-0123."
"Lotus-Domino\/Release-5","This version of Lotus-Domino server is vulnerable to a DoS via the WEb Retriever. CAN-2003-0123."
"Lotus-Domino\/Release-5\.0\.9","This version of Lotus-Domino server is vulnerable to a DoS via requesting DOS devices"
"Lotus-Domino\/Release-6b*","This version of Lotus-Domino server is vulnerable to a DoS via the WEb Retriever. CAN-2003-0123."
"machttp","http://www.starnine.com/machttp may let you download log files"
"mathopd","http://mathop.diva.nl/"
"MegaTime Chart Server","Server returns a .png file for all requests, all results should be validated as false-positives are likely."
"micro-http/","Probably a printer (Tektronix?)."
"MiniServ","This is the Webmin Unix administrator. It should not be running unless required."
"mod_auth_mysql\/((0\..*)|(1\.[0-9]$))","This version allows an SQL insertion attack that could allow attackers to execute arbitrary SQL commands."