ID

10744

Nom

VisualRoute Web Server Detection

Auteurs

This script is Copyright (C) 2005-2007 Tenable Network Security

Catégorie

Web Servers

Action

infos

Résumé

Extracts the banner of the remote visual route server

Description

Synopsis : A VisualRoute server is listening on the remote port. Description : VisualRoute is a web based solution which allows unauthenticated users to perform traceroutes against arbitrary hosts on the Internet. Solution : Disable this service if you do not use it. Risk factor : None

PHP < 4.3.3 Multiple Vulnerabilities
iPlanet Search Engine search CGI Arbitrary File Access
KeyFocus (KF) Web Server Null Byte Request Forced Directory Listing
Compaq Web-Based Management Agent Remote Overflow DoS
Apache <= 1.3.33 htpasswd Local Overflow
Web Server Unconfigured - Default Install Page Present
Microsoft IIS perl.exe HTTP Path Disclosure
Oracle WebLogic Server mod_wl Invalid Parameter Remote Overflow (1150354)
Netscape Enterprise Server Long Traversal Request Remote DoS
Lighttpd Status Module Remote Information Disclosure
Trend Micro OfficeScan Client Traversal Arbitrary File Access
AnalogX SimpleServer:WWW /cgi-bin/ Long GET Request DoS
PHP < 4.3.3 php_check_safe_mode_include_dir Function Safemode Bypass
HTTP TRACE
PHP < 4.3.1 CGI Module Force Redirect Settings Bypass Arbitrary File Access
Microsoft IIS Multiple .cnf File Information Disclosure
SWS Web Server Unfinished Line Remote DoS
Ruby on Rails Multiple Method Session Fixation
IBM WebSphere HTTP Request Header Remote Overflow
Apache < 2.0.47 Multiple Vulnerabilities (DoS, Encryption)
Cherokee Web Server Malformed POST Request Remote DoS
Enhydra Multiserver Default Password
Apache < 1.3.28 Multiple Vulnerabilities (DoS, ID)
IBM Lotus Domino ?open Forced Directory Listing
AnalogX SimpleServer:WWW Short GET /cgi-bin Remote DoS
Caudium Web Server Malformed URI Remote DoS
SilverStream Directory Listing
Apache Multiviews Feature Arbitrary Directory Listing
Apache < 2.2.8 Multiple Vulnerabilities (XSS, DoS)
RDS / MDAC Vulnerability Content-Type overflow
Nortel Contivity HTTP Server cgiproc Special Character DoS
MyServer <= 0.4.2 Multiple Remote DoS
HTTP Server type and version
12Planet Chat Server Administration Authentication ClearText Credential Disclosure
Apache Tomcat contextAdmin Arbitrary File Access
WS-Management Server Detection
shtml.exe reveals full path
Nonexistent Page (404) Physical Path Disclosure
IBM Tivoli SecureWay WebSEAL Proxy Policy Director Encoded URL DoS
Apache on Windows < 1.3.24 / 2.0.34 DOS Batch File Arbitrary Command Execution
Microsoft IIS WebDAV Unicode Request Directory Security Bypass
Apache Tomcat Default Accounts
Apache Chunked Encoding Remote Overflow
Frontpage Overflow (MS03-051)
Dell Remote Access Controller Default password (calvin) for root account
IBM WebSphere Application Server 6.1 < Fix Pack 21 Multiple Flaws
Xerver web server DoS
Apache < 2.0.51 Multiple Vulnerabilities (OF, DoS)
Icecast Crafted URI Remote DoS
lighttpd Trailing Slash Information Disclosure
Polycom Videoconferencing Unit Detection
mod_ssl off by one
Resin Status Page Information Disclosure
XEROX MicroServer Web Server Directory Navigation Crafted URL DoS (XRX05-004)
Microsoft IIS Remote Command Execution
Vulture Reverse Proxy Detection
Microsoft IIS Traversal GET Request Remote DoS
MDaemon WebConfig HTTP Server URL Overflow DoS
Apache < 2.0.55 Multiple DoS
Microsoft IIS FrontPage fp30reg.dll Remote Overflow
IBM WebSphere Application Server < 6.0.2.33 Multiple Vulnerabilities
Apache <= 2.0.39 Win32 Crafted Traversal Arbitrary File Access
HTTP Protocol Version Detection
Xeneo Web Server %A Request Remote DoS
Apache < 2.0.44 DOS Device Name Multiple Remote Vulnerabilities (Code Exec, DoS)
Format string on HTTP header name
WebLogic Encoded Request Forced Directory Listing
Apache Auth Module SQL Injection
WebLogic Crafted GET Request Hostname Disclosure
AnalogX SimpleServer:WWW Buffer Overflow
Microsoft IIS 5.0 WebDAV Malformed PROPFIND Request Remote DoS
WebDAV Directories Enumeration
WebDAV enabled
Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
Microsoft .NET Custom Errors Not Set
RaidenHTTPD Crafted Request Script Source Disclosure
IBM WebSphere Application Server < 6.1.0.17 Multiple Vulnerabilities
Apache mod_ssl ssl_hook_Access Error Handling DoS
PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
Apache mod_proxy_ftp Directory Component Wildcard Character Globbing XSS
Microsoft IIS bdir.htr Arbitrary Directory Listing
PHP php_variables.c Multiple Variable Open Bracket Memory Disclosure
NaviCOPA Trailing Dot Source Code Disclosure
mod_python handle abuse
Apache < 1.3.27 Multiple Vulnerabilities (DoS, XSS)
FogBugz Interface Detection
SMC 2652W AP Malformed HTTP Request Remote DoS
Multiple Web Server ~nobody/ Request Arbitrary File Access
MonkeyWeb POST with too much data
Microsoft IIS Frontpage Server Extensions (FPSE) Malformed Form DoS
Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
IBM WebSphere Application Server 7.0 < Fix Pack 3
Zope Installation Path Disclosure
Apache < 2.0.46 on OS/2 filestat.c Device Name Request DoS
phpPgAdmin sql.php goto Parameter Traversal Arbitrary File Access
Web Server Uses Non Random Session IDs
4D WebStar Arbitrary Multiple Vulnerabilities
Pi3Web tstisap.dll Long URL Overflow
Apache < 2.0.44 Illegal Character Default Script Mapping Bypass
Savant Web Server Malformed Content-Length DoS
BadBlue Hex-encoded Null Byte Request Arbitrary File Access
thttpd 2.04 If-Modified-Since Header Remote Buffer Overflow
PHP mime_split Function POST Request Overflow
Yawcam Web Server Traversal Arbitrary File Access
Apache < 2.0.43 Multiple Vulnerabilities (Log Injection, Source Disc.)
iPlanet Directory Server Traversal Arbitrary File Access
ePolicy orchestrator format string
Microsoft Frontpage authors.pwd Information Disclosure
XEROX WorkCentre Web Server Unspecified Command Injection (XRX09-001)
Format string on URI
Apache < 1.3.41 Multiple Vulnerabilities (DoS, XSS)
Blue Coat Reporter Default password (admin) for admin account
A-A-S Application Access Server Default Admin Password
Sami HTTP Server Multiple vulnerabilities
mod_gzip format string attack
Microsoft Frontpage Unpassworded Installation
CERN httpd Virtual Web Path Disclosure
Roxen Web Server /%00/ Encoded Request Forced Directory Listing
phpAdsNew helperfunction.php Remote File Inclusion
Apache < 2.2.3 mod_rewrite LDAP Protocol URL Handling Overflow
04WebServer Multiple Vulnerabilities (XSS, DoS, more)
WebLogic SSL Certificate Chain User Spoofing
OpenSSL < 0.9.6m / 0.9.7d Multiple Remote DoS
Apache < 2.0.45 Multiple Vulnerabilities (DoS, File Write)
BadBlue ext.dll mfcisapicommand Parameter Remote Overflow
Zope Invalid Query Path Disclosure
Microsoft IIS IDA/IDQ Multiple Vulnerabilities
Resin for Windows \WEB-INF Traversal Arbitrary File Access
Compaq Web Management Server Detection
Broken Web Server Detection
HTTP User-Agent Overflow
MDG Web Server 4D GET Request Remote Overflow
Microsoft IIS 5 .printer ISAPI Filter Enabled
Apache Tomcat Default Error Page Version Detection
Netscape Enterprise Server SSL Handshake DoS
Oracle WebLogic Server mod_wl POST Request Remote Overflow
CERN httpd CGI name heap overflow
Cherokee Web Server URI Traversal Arbitrary File Access
A-A-S Application Access Server Detection
Microsoft IIS .IDA ISAPI Filter Enabled
NetScaler web management login
Web mirroring
Netscape Server ?PageServices bug
HMAP Web Server Fingerprinting
Web Server UDDI Detection
Netscape Administration Server admin password
Jetty < 4.2.19 HTTP Server HttpRequest.java Content-Length Handling Remote Overflow DoS
Microsoft IIS Dangerous Sample Files
Sambar Server Cleartext Password Transmission
Infinite HTTP request
iChat Server Traversal Arbitrary File Access
Microsoft IIS 404 Response Service Pack Signature
Apache < 2.2.9 Multiple Vulnerabilities (DoS, XSS)
MacOS X Finder reveals contents of directories
IBM WebSphere Application Server < 6.0.2.35 Multiple Vulnerabilities
Microsoft IIS Multiple Remote DoS (MS02-018)
MiniWebsvr GET Request Traversal Arbitrary File Access
iPlanet Certificate Management Traversal Arbitrary File Access
Lotus Domino Server Information Disclosure Vulnerabilities
Oracle WebLogic Server Plug-in Remote Overflow (1166189)
Lotus Domino HTTP /cgi-bin Relative URL Request DoS
Apache < 2.0.63 Multiple XSS Vulnerabilities
nsiislog.dll Overflow
Microsoft IIS ISAPI Virtual Directory UNC Mapping ASP Source Disclosure
Imail Host: Header Field Handling Remote Overflow
Icecast utils.c fd_write Function Format String
Netscape Server ?wp bug
Jigsaw < 2.2.4 URI Parsing Remote Code Execution
Resin Traversal Arbitrary File Access
Multiple Web Server Encoded Space (%20) Request ASP Source Disclosure
PHP File Upload Capability Hidden Form Field Modification Arbitrary File Access
PHP < 4.0.4 IMAP Module imap_open() Function Overflow
NETGEAR ProSafe VPN Firewall Web Server Malformed Basic Authorization Header Remote DoS
TeamSpeak Server Administration
Apache < 2.2.6 Multiple Vulnerabilities (DoS, XSS, Info Disc)
Web Server HTTP Header Internal IP Disclosure
Directory listing through WebDAV
Microsoft IIS /scripts Directory Browsable
Apache mod_status /server-status Information Disclosure
HTTP 1.1 header overflow
WebLogic Server Double Dot GET Request Remote Overflow
Avirt Multiple Product HTTP Proxy Overflow
BadBlue ISAPI Extension .hts Crafted File Extension Request Authentication Bypass
HTTP Proxy CONNECT Loop DoS
mod_perl Apache::Status URI XSS
Cherokee Web Server auth_pam Authentication Format String
PHP < 4.3.11 / 5.0.3 Multiple Unspecified Vulnerabilities
Apache <= 2.0.51 Satisfy Directive Access Control Bypass
Microsoft IIS Malformed HTTP Request Header Remote DoS
Zope Image Updating Method
Microsoft Frontpage dvwssr.dll Multiple Vulnerabilities
Cherokee Web Server Port Bind Privilege Drop Weakness
Test HTTP dangerous methods
Apache < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.)
Too long OPTIONS parameter
Apache mod_info /server-info Information Disclosure
Microsoft IIS httpext.dll WebDav LOCK Method Nonexistent File Request Memory Exhaustion DoS
lighttpd on Windows Crafted Filename Request Script Source Disclosure
Yaws Web Server .yaws Script Null Byte Request Source Code Disclosure
Zope ZClass Permission Mapping Bug
IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws
Citrix NFuse Server launch.asp Arbitrary Server/Port Redirect
iPlanet Application Server Prefix Remote Overflow
XEROX WorkCenter Extensible Interface Platform Unspecified Security Bypass (XRX08-006)
IBM WebSphere Application Server 6.1 < Fix Pack 19 Multiple Flaws
Lotus Domino administration databases
Compaq Web-enabled Management Software Default Account
Zeus Web Server Null Byte Request CGI Source Disclosure
Icecast HTTP Basic Authorization Remote Overflow DoS
HTTP 1.0 header overflow
Microsoft IIS repost.asp File Upload
NetScaler web management interface detection
URLScan Detection
IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities
TelCondex Simple Webserver Buffer Overflow
APSIS Pound Load Balancer Format String Overflow
WindWeb <= 2.0 Malformed GET Request Remote DoS
No 404 check
Orange Web Server Malformed HTTP Request Remote DoS
Microsoft IIS /iisadmin Unrestricted Access
Zope Multiple Vulnerabilities
Tomcat Manager Common Administrative Credentials
Netscape Enterprise Server Accept Header Remote Overflow
Novell GroupWise MTA Web Console Accessible
Microsoft .NET Version Information Disclosure
Google Search Appliance Detection
Sambar Server Default Accounts
Xeneo Web Server 2.2.9.0 GET Request Remote Overflow DoS
MyServer 0.4.3 / 0.7 Crafted Traversal Arbitrary File Access
Sun GlassFish Enterprise < 2.1 Patch 02 Denial of Service
Embedded Web Server Detection
Zope DocumentTemplate package problem
SharePoint Detection
BadBlue Connection Saturation Remote DoS
Apache < 2.0.50 Multiple Remote DoS
Abyss Web Server GET Request Multiple Vulnerabilities
ipMonitor Directory Traversal
Microsoft IIS WebDAV Malformed PROPFIND Request Remote DoS
Abyss Web Server MS-DOS Device Name DoS
Monkey HTTP Post_Method Function Crafted Content-Length Header DoS
Apache < 1.3.31 / 2.0.49 Log Entry Terminal Escape Sequence Injection
Apache < 2.0.46 Multiple DoS
thttpd Host Header Traversal Arbitrary File Access
Kerio MailServer < 6.0.1 Embedded HTTP Server Unspecified Issue
Novell GroupWise Enhancement Pack Java Server URL Handling Overflow DoS
Resin MS-DOS Device Request Path Disclosure
Lotus Domino Authentication Bypass
CERN HTTPD access control bypass
IBM WebSphere Edge Caching Proxy DoS
Apache mod_proxy Content-Length Overflow
Netscape FastTrack get
mod_python malformed query
Sun Glassfish Default Administrator Credentials
HTTP TRACE / TRACK Methods
Web server traversal
Apache Tomcat servlet/JSP container default files
Web Server Load Balancer Detection
BadBlue ISAPI Extension ext.dll LoadPage Parameter Arbitrary File Access
XEROX Document Centre Web Server Unspecified Unauthorised Access
PHP socket_iovec_alloc() Function Overflow
Icecast Multiple Unspecified Remote Overflows
Shambala web server DoS
Network camera detection
BadBlue Malformed GET Request Remote DoS
Abyss Web Server Malformed GET Request Remote DoS
BEA WebLogic <= 8.1 SP4 Multiple Vulnerabilities (XSS, DoS, ID, more)
Compaq Web-enabled Management Software HTTP Server Arbitrary Traffic Proxy
Lotus Domino Directory Traversal Arbitrary File Access
ArGoSoft Mail Server HTTP Daemon GET Request Saturation DoS
Microsoft IIS / Site Server codebrws.asp Arbitrary Source Disclosure
Basic Authentication Overflow DoS
Fortify 360 Web Interface Detection
Microsoft IIS .HTR ISAPI Filter Enabled
Microsoft IIS /iisadmpwd/aexp2.htr Password Policy Bypass
NaviCOPA < 3.01 6th February 2009 Multiple Vulnerabilities
mod_survey ENV tags SQL injection
12Planet Chat Server Error Message Path Disclosure
Pi3Web Malformed GET Request Remote Overflow
Apache < 1.3.31 mod_access IP Address Netmask Rule Bypass
Microsoft IIS Malformed File Extension URL DoS
IIS : Directory listing through WebDAV
Xitami Malformed POST Request Infinite Loop Remote DoS
Apache < 1.3.31 / 2.0.49 Socket Connection Blocking Race Condition DoS
ReadDesign Checker
MDaemon WorldClient HTTP Server URL Overflow DoS
HyperText Transfer Protocol Information
F5 BIG-IP web management interface detection
McAfee Common Management Agent 3.6.0 UDP Packet Handling Format String
iPlanet Web Server shtml File Handling Remote Overflow
OpenText FirstClass HTTP Daemon /Search Large Request Remote DoS
Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
BrowseGate HTTP headers overflows
Blue Coat Reporter Detection
Multiple Web Server on Windows MS/DOS Device Request Remote DOS
Apache mod_ssl Plain HTTP Request DoS
Polycom ViaVideo Web Server Incomplete HTTP Connection Saturation Remote DoS
Too long POST command
mod_perl Apache::Status Info Disclosure
Proxomitron GET Request Overflow Remote DoS
Microsoft IIS / Site Server viewcode.asp Arbitrary File Access
Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
Resin for Windows Encoded URI Traversal Arbitrary File Access
Personal Web Sharing overflow
PHP rfc1867.c $_FILES Array Crafted MIME Header Arbitrary File Upload
Fastream NETFile FTP/Web Server HEAD Request Saturation DoS
RDS / MDAC Vulnerability (msadcs.dll) located
PHP Safe Mode mail Function 5th Parameter Arbitrary Command Execution
Apache-SSL < 1.3.23+1.46 i2d_SSL_SESSION Function SSL Client Certificate Overflow
HTTP Method Overflow
Web Server reverse proxy bug
lighttpd Null Byte Request CGI Script Source Code Disclosure
Web Server Uses Plain Text Authentication Forms
Microsoft IIS webhits.dll Hit-Highlighting Authentication Bypass
Lotus Domino Web Service NLSCCSTR.DLL Malformed GET Request Overflow DoS
Eserv GET Request Traversal Arbitrary File Access
Sami HTTP Server v1.0.4
Zope DoS
Anti-Nessus Defense Detection
MyServer HTTP POST Request Remote Overflow DoS
Microsoft .NET Handlers Enumeration
IMail account hijack
Apache Banner Linux Distribution Disclosure
Apache mod_include get_tag() Function Local Overflow
Savant Web Server Multiple Percent Request Remote DoS
Apache HTTP Server on Mac OS X HFS+ Arbitrary File Source Disclosure
Web Server Incomplete Basic Authentication DoS
Sun Java Web Console < 3.0.5 Remote File Enumeration
Web Server Directory Enumeration
Tomcat servlet engine MS/DOS device names denial of service
Apache UserDir Directive Username Enumeration
Microsoft IIS 5.0 Malformed HTTP Printer Request Header Remote Buffer Overflow
PHP < 4.3.10 / 5.0.3 Multiple Vulnerabilities
Null httpd Content-Length Header Handling Remote Overflow
IBM WebSphere Application Server < 6.0.2.31 Multiple Vulnerabilities
NetScaler web management cookie cipher weakness
Microsoft FrontPage Extensions shtml.exe Remote Overflow
Microsoft IIS Unicode Remote Command Execution
Pi3Web < 2.0.1 CGI Handler Long Parameter Handling Overflow
thttpd 2.0.7 Directory Traversal (Windows)
XEROX WorkCentre Web Server Unspecified Command Injection (XRX09-002)
F5 BIG-IP Cookie Information Disclosure
VisualRoute Web Server Detection
Icecast / libshout Multiple Remote Overflows
Apache Tomcat Cross-Application File Manipulation
Microsoft Frontpage Extensions Check
Unencrypted NetScaler web management interface
Web Server / Application favicon.ico Vendor Fingerprinting
thttpd Double Slash Request Arbitrary File Access
mod_auth_any for Apache Metacharacter Remote Command Execution
Apache < 2.0.59 mod_rewrite LDAP Protocol URL Handling Overflow
Microsoft Frontpage MS-DOS Device Request DoS
Alibaba Web Server 2.0 HTTP Request Overflow DoS
ShowOff! Digital Media Software <= 1.5.4 Multiple Remote Vulnerabilities
Ipswitch Imail WebCalendar Directory Traversal Vulnerability
mod_gzip running
Icecast HTTP Header Processing Remote Overflow
mod_frontpage installed
Web Server Uses Basic Authentication
Obsolete Web Server Detection
SEDUM HTTP Server Long HTTP Request Overflow DoS
mod_ssl overflow
iPlanet Chunked Encoding Processing Remote Overflow
Microsoft IIS 5.0 ServerVariables_Jscript.asp Path Disclosure
lighttpd < 1.4.20 Multiple Vulnerabilities
AnalogX SimpleServer:WWW Encoded Traversal Arbitrary File Access
Apache mod_imap Image Map Referer XSS
Alibaba Web Server Traversal Arbitrary File Access
LabVIEW Web Server HTTP Get Newline DoS
mod_jk2 <= 2.0.3 Multiple Buffer Overflows
Microsoft IIS Cookie information disclosure
Lotus Domino HTTP Server Filesystem Setup Disclosure
Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
IBM WebSphere Application Server < 6.1.0.25 Multiple Vulnerabilities
Lighttpd mod_fastcgi HTTP Request Header Overflow
Web Server robots.txt Information Disclosure
Samba Multiple Remote Vulnerabilities
GeoHttpServer Unauthorized Image Access Vulnerability
Lotus Domino Banner Nonexistent .pl File Request Path Disclosure
LiteServe HTTP Service Malformed URL Decoding Remote DoS
OmniHTTPd Pro Long POST Request DoS
Hidden WWW Server Name
Apache < 1.3.29 Multiple Modules Local Overflow
IBM WebSphere Application Server 7.0 < Fix Pack 1
Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
mod_access_referer 1.0.2 for Apache HTTP Server Malformed Referer DoS
Apache < 1.3.37 mod_rewrite LDAP Protocol URL Handling Overflow
Jigsaw Webserver MS/DOS Device Request Remote DoS
CiscoSecure ACS for Windows CSAdmin Login Overflow DoS
HTTP Cookies
RaidenHTTPD Crafted Request Arbitrary File Access