Appendix E • Nessus Plug-ins 489 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Denial of Service FTP Serv-U 2.5e DoS CVE-2000-0837 Denial of Service Oracle Web Server denial of Service CAN-1999-1068 Denial of Service D-Link router overflow Denial of Service IIS Malformed Extension Data in URL CVE-2000-0408 1190 Denial of Service Bonk CAN-1999-0258 Denial of Service UDP null size going to SNMP DoS CVE-2000-0221 1009 Denial of Service Microsoft Media Server 4.1 - DoS CVE-2000-0211 1000 Denial of Service Proxomitron DoS 7954 Denial of Service Checkpoint Firewall-1 UDP denial of service 1419 Denial of Service Cassandra NNTP Server DoS CVE-2000-0341 1156 Denial of Service Too long line Denial of Service Exchange Malformed MIME header CVE-2000-1006 1869 Denial of Service HTTP unfinished line denial 5664 Denial of Service BadBlue invalid GET DoS CAN-2002-1023 5187 Denial of Service Microsoft Frontpage DoS CAN-2000-0709 1608 Denial of Service NAI PGP Cert Server DoS CAN-2000-0543 1343 Denial of Service Ken! DoS CVE-2000-0262 1103 Denial of Service AnalogX denial of service by long CGI name CAN-2000-0473 1349 Denial of Service MDaemon Worldclient crash CAN-1999-0844 823 Howlett_AppE.fm Page 489 Friday, June 25, 2004 1:50 PM 490 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Denial of Service Novell FTP DoS 7072 Denial of Service FTP ServU CWD overflow CVE-1999-0219 269 Denial of Service Webseal denial of service CAN-2001-1191 3685 Denial of Service BIND9 DoS CAN-2002-0400 4936 Denial of Service WindowsNT DNS flood denial CVE-1999-0275 Denial of Service Teardrop CAN-1999-0015 124 Denial of Service Polycom ViaVideo denial of service 5962 Denial of Service SLMail:27 denial of service CAN-1999-0231 Denial of Service Trend Micro OfficeScan Denial of service CAN-2000-0203 1013 Denial of Service Crash SMC AP Denial of Service WebSphere Host header overflow CAN-2002-1153 5749 Denial of Service Mercur WebView Web- Client CAN-2000-0239 1056 Denial of Service Domino HTTP Denial CVE-2000-0023 881 Denial of Service l2tpd DoS Denial of Service Xeneo Web Server 2.2.9.0 DoS Denial of Service Orange DoS CAN-2001-0647 2432 Denial of Service WebShield CVE-2000-0738, CAN-2000-1130 1589, 1993 Denial of Service DoSable squid proxy server CVE-2001-0843 3354 Denial of Service Dragon FTP overflow CAN-2000-0479 1352 Howlett_AppE.fm Page 490 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 491 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Denial of Service myServer DoS 6359, 7770, 7917, 8010, 8120 Denial of Service NetGear ProSafe VPN Login DoS 7166 Denial of Service Linux 2.1.89 - 2.2.3 : 0 length fragment bug CAN-1999-0431 2247 Denial of Service SNMP bad length field DoS (2) CAN-2002-0012 4088 Denial of Service HTTP Windows 98 MS/ DOS device names DOS CVE-2001-0386, CVE-2001-0493, CAN-2001-0391, CVE-2001-0558, CAN-2002-0200, CVE-2000-0168, CAN-2003-0016, CAN-2001-0602 2622, 2704, 3929, 1043, 2575 Denial of Service Nestea CAN-1999-0257 7219 Denial of Service ICQ Denial of Service attack CAN-2000-0564 1463 Denial of Service Generic flood Denial of Service MacOS X Directory Service DoS 7323 Denial of Service WebServer 4D GET Buffer Overflow 7479 Denial of Service Axent Raptor’s DoS CVE-1999-0905 736 Denial of Service Notes MTA denial CAN-1999-0284 Denial of Service SNMP bad length field DoS CAN-2002-0013 Denial of Service WindowsNT PPTP flood denial CAN-1999-0140 2111 Denial of Service Linux 2.4 NFSv3 DoS -2228 8298 Denial of Service RealServer Ramgen crash (ramcrash) CVE-2000-0001 888 Howlett_AppE.fm Page 491 Friday, June 25, 2004 1:50 PM 492 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Denial of Service SalesLogix Eviewer WebApp crash CVE-2000-0278 1089 Denial of Service LiteServe URL Decoding DoS Denial of Service IIS propfind DoS CVE-2001-0151 2453 Denial of Service IPSEC IKE check Denial of Service Xeneo web server %A DoS CAN-2002-1248 Denial of Service NT IIS Malformed HTTP Request Header DoS Vulnerability CVE-1999-0867 579 Denial of Service MDaemon crash CAN-1999-0284 Denial of Service Sambar web server DOS CVE-2002-0128 3885 Denial of Service HTTP method overflow CAN-2002-1061 5319 Denial of Service CP syslog overflow 7159 Denial of Service MS RPC Services null pointer reference DoS 6005 Denial of Service IIS ‘GET / /’ CAN-1999-0229 2218 Denial of Service Sedum DoS CAN-2001-0282 2413 Denial of Service Savant DoS 2468 Denial of Service Worldspan gateway DOS CAN-2002-1029 5169 Denial of Service Wingate POP3 USER overflow CVE-1999-0494 Denial of Service IIS FTP server crash CVE-1999-0349 192 Denial of Service MDaemon Webconfig crash CAN-1999-0844 820 Denial of Service cisco http DoS CVE-2000-0380 1154 Denial of Service Nortel Contivity DoS CVE-2000-0063 938 Howlett_AppE.fm Page 492 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 493 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Denial of Service Jigsaw webserver MS/ DOS device DoS CAN-2002-1052 5258 Denial of Service LinkSys EtherFast Router Denial of Service Attack 8834 Denial of Service rfparalyze CVE-2000-0347 1163 Denial of Service stream.c CVE-1999-0770 549 Denial of Service IIS 5.0 PROPFIND Vulnerability CVE-2001-0151 2453 Denial of Service Oracle webcache admin interface DoS CAN-2002-0386 3765 Denial of Service Dragon telnet overflow CAN-2000-0480 1352 Denial of Service Eserv Memory Leaks Denial of Service RealServer denial of Service CVE-2000-0272 1128 Denial of Service Novell Border Manager CVE-2000-0152 Denial of Service AppSocket DoS Denial of Service Pi3Web Webserver v2.0 Denial of Service CAN-2003-0276 Denial of Service HP Instant TopTools DoS CAN-2003-0169 Denial of Service Quake3 Arena 1.29 f/g DOS CAN-2001-1289 3123 Denial of Service Firewall/1 UDP port 0 DoS CVE-1999-0675 576 Denial of Service smad Denial of Service Desktop Orbiter Remote Reboot Denial of Service OShare CVE-1999-0357 Denial of Service Pi3Web Webserver v2.0 Buffer Overflow CAN-2002-0142 3866 Howlett_AppE.fm Page 493 Friday, June 25, 2004 1:50 PM 494 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Denial of Service Netscape Enterprise ‘ /’ buffer overflow CVE-2001-0252 2282 Denial of Service Abyss httpd crash 7287 Denial of Service Wingate denial of service CVE-1999-0290 Denial of Service pimp CVE-1999-0918 514 Denial of Service HotSync Manager Denial of Service attack CAN-2000-0058 920 Denial of Service Infinite HTTP request 2465 Denial of Service WinSyslog (DoS) Denial of Service AnalogX denial of service CVE-2000-0243 1076 Denial of Service Land CVE-1999-0016 2666 Denial of Service SMTP antivirus scanner DoS 3027 Denial of Service Winnuke CVE-1999-0153 2010 Denial of Service Chameleon SMTPd overflow CAN-1999-0261 2387 Denial of Service AnalogX SimpleServer: WWW DoS CVE-2002-0968 5006 Denial of Service GroupWise buffer overflow CVE-2000-0146 972 Denial of Service Interscan 3.32 SMTP Denial CAN-1999-1529 787 Denial of Service rfpoison CVE-1999-0980 754 Denial of Service CISCO view-source DoS CVE-2000-0984 1838 Denial of Service Imail Host: overflow CVE-2000-0825 2011 Denial of Service FTgate DoS Denial of Service MDaemon DELE DoS CAN-2002-1539 6053 Denial of Service Cisco VoIP phones DoS CAN-2002-0882 4794 Howlett_AppE.fm Page 494 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 495 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Denial of Service Yahoo Messenger Denial of Service attack CAN-2000-0047 Denial of Service DB2 discovery service DOS Denial of Service IIS FrontPage ISAPI Denial of Service CAN-1999-1376, CVE-2000-0226, CVE-2002-0072 4479 Denial of Service MDaemon DoS CAN-1999-0846 Denial of Service Cajun p13x DoS Denial of Service Livingston Portmaster crash CVE-1999-0218 2225 Denial of Service Lotus /./ database lock CVE-2001-0954 3656 Denial of Service + + + ATH0 modem hangup CAN-1999-1228 Denial of Service EMule DoS 7189 Denial of Service Argosoft DoS Denial of Service mod_access_referer 1.0.2 NULL pointer dereference 7375 Denial of Service LabView web server DoS CVE-2002-0748 4577 Denial of Service Shambala web server DoS CAN-2002-0876 4897 Denial of Service iParty CAN-1999-1566 Denial of Service vxworks ftpd buffer over- flow Denial of Service 6297, 7480 Denial of Service Microsoft’s SQL TCP/IP denial of service CVE-1999-0999 817 Denial of Service Lotus Domino SMTP bounce DoS CAN-2000-1203 3212 Denial of Service SuSE’s identd overflow CVE-1999-0746 587 Denial of Service SunKill CVE-1999-0273 Howlett_AppE.fm Page 495 Friday, June 25, 2004 1:50 PM 496 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Denial of Service MSDTC denial of service by flooding with nul bytes CAN-2002-0224 4006 Denial of Service Annex DoS CAN-1999-1070 Denial of Service Check for RealServer DoS CVE-2000-0474 1288 Denial of Service BlackIce DoS (ping flood) CVE-2002-0237 4025 Denial of Service MAILsweeper Power- Point DoS 7562 Denial of Service Xerver web server DOS CAN-2002-0448 4254 Denial of Service RPC DCOM Interface DoS CAN-2003-0605 8234 Denial of Service WebSphere Edge caching proxy denial of service CAN-2002-1169 6002 Denial of Service HTTP negative Content- Length DoS Denial of Service pnserver crash CAN-1999-0271 Denial of Service BFTelnet DoS CVE-1999-0904 771 Denial of Service Tomcat servlet engine MD/DOS device names denial of service Denial of Service Personal Web Sharing overflow 84, 2715 Finger abuses Solaris finger disclosure 3457 Finger abuses akfingerd 6323 Finger abuses Finger redirection check CAN-1999-0105, CVE-1999-0106 Finger abuses Cfinger’s search.**@host feature CVE-1999-0259 Finger abuses cfinger’s version Finger abuses in.fingerd pipe CVE-1999-0152 Howlett_AppE.fm Page 496 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 497 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Finger abuses Finger zero at host feature CAN-1999-0197 Finger abuses FreeBSD 4.1.1 Finger CVE-2000-0915 1803 Finger abuses Finger dot at host feature CAN-1999-0198 Finger abuses cfingerd format string attack CAN-1999-0243, CVE-1999-0708, CAN-2001-0609 2576 Firewalls L2TP detection Firewalls RADIUS server detection CAN-2001-1377, CAN-2000-0321, CAN-2001-0534, CAN-2001-1081, CAN-2001-1376, CAN-2001-1377 7892, 5103, 4230, 3530, 3529, 2994, 2989, 2991, 6261, 3532 Firewalls CheckPoint Firewall-1 Telnet Authentication Detection Firewalls Remote host replies to SYN+FIN 7487 Firewalls Checkpoint Firewall open Web adminstration Firewalls Usable remote proxy Firewalls Checkpoint SecuRemote information leakage CVE-2001-1303 3058 Firewalls Checkpoint FW-1 identification Firewalls icmp timestamp request CAN-1999-0524 Firewalls UDP packets with source port of 53 bypass firewall rules 7436 Firewalls Kerio personal Firewall buffer overflow 7180 Firewalls StoneGate client authenti- cation detection Howlett_AppE.fm Page 497 Friday, June 25, 2004 1:50 PM 498 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Firewalls CheckPoint Firewall-1 Web Authentication Detection Firewalls Passwordless Wingate installed CVE-1999-0291 Firewalls Source routed packets Firewalls BenHur Firewall active FTP firewall leak 5279 Firewalls Proxy accepts gopher:// requests CAN-2002-0371 Firewalls PIX’s smtp content filtering CVE-2000-1022 1698 Firewalls icmp netmask request CAN-1999-0524 Firewalls Proxy accepts CONNECT requests Firewalls Raptor Weak ISN CAN-2002-1463 Firewalls Proxy accepts POST requests Firewalls Checkpoint SecureRemote detection Firewalls IBM Tivoli Relay Overflow 7154, 7157 Firewalls Raptor FW version 6.5 detection Firewalls Usable remote proxy on any port FTP WS_FTP SITE CPWD Buffer Overflow CAN-2002-0826 5427 FTP TypSoft FTP STOR/ RETR DoS CAN-2001-1156 3409 FTP .forward in FTP root Howlett_AppE.fm Page 498 Friday, June 25, 2004 1:50 PM . June 25, 2004 1:5 0 PM Appendix E • Nessus Plug-ins 493 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Denial of Service Jigsaw webserver MS/ DOS device DoS CAN-2002-1 052 5258 Denial. of Service Pi3Web Webserver v2.0 Denial of Service CAN-2003-0276 Denial of Service HP Instant TopTools DoS CAN-2003-0169 Denial of Service Quake3 Arena 1.29 f/g DOS CAN-2001-1289 3123 Denial. 3530, 3529 , 2994, 2989, 2991, 6261, 3532 Firewalls CheckPoint Firewall-1 Telnet Authentication Detection Firewalls Remote host replies to SYN+FIN 7487 Firewalls Checkpoint Firewall open Web