Appendix E • Nessus Plug-ins 519 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) General A Nessus Daemon is running General Unconfigured web server General S-HTTP detection General AOLserver Default Password General a tftpd server is running General Detect Server type and version via Telnet General OS fingerprint CAN-1999-0454 General NetCharts Server Default Password General Shopping Cart Arbitrary Command Execution (Hassan) CAN-2001-0985 3308 General SiteScope Web Adminis- tration Server Detection General Compaq Web-based Management Login General Compaq Web Based Management Agent Proxy Vulnerability General Detect SWAT server port CVE-2000-0935 1872 General Misc information on News server General SCO OpenServer multi- ple vulnerabilities CAN-2002-0164, CAN-2002-0158 4396 General McAfee myCIO detection General WebDAV enabled General NTP read variables Howlett_AppE.fm Page 519 Friday, June 25, 2004 1:50 PM 520 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) General Detect presence of PGP- Net server and its version General Sun JavaServer Default Admin Password General redhat Interchange 5453 General WorldClient for Mdaemon Server Detection General Predictable TCP sequence number CVE-1999-0077 General Apache Tomcat Default Accounts General AFS client version General Unprotected Netware Management Portal General SWAT allows user names to be obtained by brute force CVE-2000-0938 General CVS pserver double free() bug CAN-2003-0015 6650 General HTTP version spoken General Apache Auth Module SQL Insertion Attack CAN-2001-1379 3253 General RTSP Server type and version General VisualRoute Web Server Detection General Tripwire for Webpages Detection General Microsoft Exchange Public Folders Informa- tion Leak CVE-2001-0660 3301 Howlett_AppE.fm Page 520 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 521 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) General Detect the presence of Napster General Cisco IDS Device Manager Detection General NetInfo daemon General Notes detection General DHCP server info gathering General SSH protocol versions supported General IRCXPro Default Admin password General Sun Cobalt Adaptive Fire- wall Detection General Delta UPS Daemon Detection General iPlanet Application Server Detection General Dropbear SSH server for- mat string vulnerability 8439 General Leafnode denials of service 6490 General Standard & Poors detection CAN-2000-0109 1080 General apcnisd detection General Netscape Enterprise Default Administrative Password General Kerberos 5 issues CAN-2003-0072, CAN-2003-0082, CAN-2003-0059, CAN-2003-0060, CAN-2002-0036 7184, 7185, 6714, 6713, 6712 Howlett_AppE.fm Page 521 Friday, June 25, 2004 1:50 PM 522 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) General Public CVS pserver General Obtain /etc/passwd using NetInfo 2953 General HTTP TRACE General IMAP Banner General Private IP address leaked in HTTP headers CAN-2000-0649 1499 General SSH Server type and version General The remote BIND has dynamic updates enabled Misc. Brute force login (Hydra) CAN-1999-0502, CAN-1999-0505, CAN-1999-0516, CAN-1999-0518 Misc. Identifies unknown services with ‘HELP’ Misc. Citrix published applications 5817 Misc. BGP detection Misc. SheerDNS directory traversal 7336, 7335 Misc. Nortel Networks pass- wordless router (user level) Misc. AppleShare IP Server status query Misc. WebLogic Server host- name disclosure 7257 Misc. Netgear ProSafe Router password disclosure 7270, 7267 Howlett_AppE.fm Page 522 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 523 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Misc. Proxy Web Server Cross Site Scripting 7596 Misc. Passwordless HP LaserJet CAN-1999-1061 Misc. PPTP detection and versioning Misc. Apache < 2.0.45 CAN-2003-0132 7254, 7255 Misc. Motorola Vanguard with No Password Misc. IPSwitch IMail SMTP Buffer Overflow 2651 Misc. Oracle tnslsnr security Misc. OSPF detection Misc. Netscape /.perf accessible Misc. Directory Scanner Misc. Shiva LanRover Blank Password Misc. Axis Camera Default Password Misc. SOCKS server detection Misc. Airport Administrative Port CAN-2003-0270 Misc. TinyWeb 1.9 8810 Misc. Passwordless Alcatel ADSL Modem Misc. URLScan Detection Misc. EGP detection Misc. icmp leak Misc. Apache UserDir Sensitive Information Disclosure CAN-2001-1013 3335 Howlett_AppE.fm Page 523 Friday, June 25, 2004 1:50 PM 524 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Misc. OpenSSL password interception CAN-2003-0078, CAN-2003-0131, CVE-1999-0428 6884, 7148 Misc. Nortel/Bay Networks default password Misc. Apache < 1.3.28 CAN-2003-0460, CAN-2002-0061 8226 Misc. QMTP Misc. Tektronix /ncl_items.html CAN-1999-1508 806 Misc. xtel detection Misc. TCP Chorusing CAN-1999-1201 225 Misc. Apache /server-status accessible Misc. Default password router Zyxel CAN-1999-0571 3161 Misc. Pocsag password CVE-2000-0225 1032 Misc. RIP detection Misc. Oracle tnslsnr version query CVE-2000-0818 1853 Misc. Linksys Router default password Misc. Cisco 675 passwordless router CVE-1999-0889 Misc. Cayman DSL router one char login 3017 Misc. ShareMailPro Username Identification 7658 Misc. Unknown services banners Misc. Apache < 2.0.46 CAN-2003-0245, CAN-2003-0189 7723, 7725 Howlett_AppE.fm Page 524 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 525 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Misc. Apache < 2.0.48 CVE-2002-0061 Misc. Apache < 1.3.27 CAN-2002-0839, CAN-2002-0840, CAN-2002-0843 5847, 5884, 5995, 5996 Misc. Alcatel PABX 4400 detection Misc. Netscape Messenging Server User List CVE-2000-0960 1787 Misc. Portable OpenSSH PAM timing attack CAN-2003-0190 7482, 7467, 7342 Misc. Etherleak CAN-2003-0001 6535 Misc. RealServer Memory Content Disclosure CVE-2000-1181 1957 Misc. Shiva Integrator Default Password Misc. LCDproc server detection Misc. List of printers is available through CUPS Misc. OpenSSH Reverse DNS Lookup bypass CAN-2003-0386 7831 Misc. Nortel/Bay Networks/ Xylogics Annex default password Misc. Cabletron Web View Administrative Access Misc. XTramail control denial CAN-1999-1511 791 Misc. 3Com Superstack II switch with default password Misc. Apache < 2.0.46 on OS/2 CAN-2003-0134 7332 Misc. AirConnect Default Password Howlett_AppE.fm Page 525 Friday, June 25, 2004 1:50 PM 526 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Misc. X Server CVE-1999-0526 Misc. 12Planet Chat Server ClearText Password 7354 Misc. hp jetdirect vulnerabilities 7070 Misc. Apache /server-info accessible Misc. Kerberos PingPong attack CVE-1999-0103 Misc. Sambar Transmits Pass- words in PlainText Misc. RedHat 6.2 inetd CVE-2001-0309 2395 Misc. BIND vulnerable to ZXFR bug CVE-2000-0887 1923 Misc. Webserver 4D Cleartext Passwords Misc. WebLogic Certificates Spoofing Misc. Traceroute Misc. Nortel Baystack switch password test Misc. HP LaserJet display hack Misc. RIP poisoning Misc. Tomcat /status informa- tion disclosure Misc. qpopper options buffer overflow CVE-2001-1046 2811 Misc. Apache < 2.0.43 CAN-2002-1156, CAN-2003-0083 6065 Misc. 12Planet Chat Server Path Disclosure 7355 Misc. 3Com hub Howlett_AppE.fm Page 526 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 527 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Misc. irix performance copilot CVE-2000-0283, CVE-2000-1193 1106, 4642 Misc. Apache < 2.0.47 CAN-2003-0192, CAN-2003-0253, CAN-2003-0254 8134, 8135, 8137, 8138 Misc. LCDproc buffer overflow CAN-2000-0295 1131 Misc. Alcatel ADSL modem with firewalling off 2568 Misc. xtelw detection Misc. Check open ports Misc. Web Server Cross Site Scripting 5305, 7353, 7344, 8037 Misc. Nortel Networks pass- wordless router (manager level) Misc. Find if IIS server allows BASIC and/or NTLM authentication CAN-2002-0419 Misc. Passwordless Cayman DSL router CAN-1999-0508 Misc. HP LaserJet direct print CAN-1999-1062 Misc. Services Misc. NAI Management Agent leaks info CVE-2000-0448 1253 Netware Novell NetWare HTTP POST Perl Code Execu- tion Vulnerability CAN-2002-1436, CAN-2002-1437, CAN-2002-1438 5520 Netware Netware NDS Object Enumeration NIS bootparamd service CAN-1999-0647 NIS NIS server CAN-1999-0620 Howlett_AppE.fm Page 527 Friday, June 25, 2004 1:50 PM 528 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Peer-To-Peer File Sharing Web Server hosting copy- righted material Peer-To-Peer File Sharing WinMX P2P check Peer-To-Peer File Sharing Trillian is installed 5677, 5733, 5755, 5765, 5769, 5775, 5776, 5777, 5783 Peer-To-Peer File Sharing mldonkey telnet Peer-To-Peer File Sharing mldonkey www Peer-To-Peer File Sharing Kazaa is installed CAN-2002-0314, CAN-2002-0315 3135, 4121, 4122, 5317, 6435, 6747 Peer-To-Peer File Sharing eDonkey detection Peer-To-Peer File Sharing ICQ is installed CAN-1999-1418, CAN-1999-1440, CAN-2000-0046, CAN-2000-0564, CVE-2000-0552, CAN-2001-0367, CVE-2002-0028, CAN-2001-1305 Peer-To-Peer File Sharing SMB share hosting copy- righted material Peer-To-Peer File Sharing LimeWire is installed Peer-To-Peer File Sharing shareaza P2P check Peer-To-Peer File Sharing WinMX is installed Peer-To-Peer File Sharing Gnutella servent detection Howlett_AppE.fm Page 528 Friday, June 25, 2004 1:50 PM . 7 255 Misc. Motorola Vanguard with No Password Misc. IPSwitch IMail SMTP Buffer Overflow 2651 Misc. Oracle tnslsnr security Misc. OSPF detection Misc. Netscape /.perf accessible Misc. Directory. Number(s) Peer -To- Peer File Sharing Web Server hosting copy- righted material Peer -To- Peer File Sharing WinMX P2P check Peer -To- Peer File Sharing Trillian is installed 5677, 5733, 5 755, 5765,. CAN-2001-1305 Peer -To- Peer File Sharing SMB share hosting copy- righted material Peer -To- Peer File Sharing LimeWire is installed Peer -To- Peer File Sharing shareaza P2P check Peer -To- Peer File Sharing WinMX