Web Servers Family for Nessus

ID	Name	Severity
141263	Apache Tomcat Site Enumeration	info
140791	IBM WebSphere Application Server 7.0.0.x through 7.0.0.45 / 8.0.0.x through 8.0.0.15 / 8.5.x through to 8.5.5.17 / 9.0.x through to 9.0.5.5 XXE (CVE-2020-4643)	high
140735	HTTP Smuggling Detection	medium
140655	Microsoft Internet Information Services (IIS) Sites Enumeration	info
140504	SAP NetWeaver AS Java Multiple XSS (2953112)	medium
140464	IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x <= 8.5.5.14 / 9.0.x <= 9.0.0.9 XSS (729547)	medium
140463	IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x <= 8.5.5.13 / 9.0.x <= 9.0.0.7 Information Disclosure (715271)	medium
140462	IBM WebSphere Application Server 8.0.0.x <= 8.0.0.15 / 8.5.x <= 8.5.5.13 / 9.0.x <= 9.0.0.8 Information Disclosure (711983)	high
140453	IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x <= 8.5.5.17 / 9.0.x <= 9.0.5.4 RCE (6255074)	high
139871	IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.17 / 9.0.x < 9.0.5.4 RCE (6258333)	critical
139615	Microsoft Internet Information Services (IIS) Installed	info
139583	SAP NetWeaver AS Java DoS (2941315)	high
139574	Apache 2.4.x < 2.4.46 Multiple Vulnerabilities	critical
139065	IBM WebSphere Application Server 8.5.x < 8.5.5.18 Server-side Request Forgery (6209099)	medium
138882	Cisco Small Business Router Web UI Detection	info
138878	IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.5 RCE (6250059)	high
138851	Apache Tomcat 7.0.27 < 7.0.105	high
138762	SAP NetWeaver : Authentication Bypass (CVE-2020-6287) (Direct Check)	critical
138591	Apache Tomcat 9.0.0.M1 < 9.0.37 multiple vulnerabilities	high
138574	Apache Tomcat 8.5.0 < 8.5.57 multiple vulnerabilities	high
138509	Oracle WebLogic IIOP JNDI Lookup RCE Direct Check	critical
138506	SAP NetWeaver AS Java Multiple Vulnerabilities	critical
138499	SAP Netweaver Application Server (AS) HTTP Server Detection	info
138098	Apache Tomcat 9.0.0.M1 < 9.0.36	high
138097	Apache Tomcat 8.5.0 < 8.5.56	high
138091	IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.5 Information Disclosure (CVE-2020-4449)	high
138074	Oracle WebLogic Server Java Object Deserialization RCE (CVE-2020-2883)	critical
137398	IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.4 Remote Code Execution (CVE-2020-4448)	critical
137368	IBM WebSphere Application Server 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.5 RCE (CVE-2020-4450)	critical
136931	Apache Traffic Server - HTTP Smuggling and Cache poisoning	medium
136897	IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.14 / 9.0.0.0 <= 9.0.0.9 XSS	medium
136892	IBM WebSphere Application Server Admin Console 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.14 / 9.0.0.0 <= 9.0.0.9 XSS	medium
136807	Apache Tomcat 8.5.0 < 8.5.55	high
136806	Apache Tomcat 9.0.0 < 9.0.35	high
136770	Apache Tomcat 7.0.0 < 7.0.104	high
136764	IBM MQ Console Detection	info
136763	IBM MQ Default Credentials	critical
136426	IBM WebSphere Application Server 9.0.0.0 < 9.0.0.9 Information Disclosure (CVE-2018-1957)	medium
136410	IBM WebSphere Application Server 7.0 < 7.0.0.46 / 8.0 < 8.0.0.16 / 8.5 < 8.5.5.18 / 9.0 < 9.0.5.4 / Liberty 17.0.0.3 < 20.0.0.5 Information Disclosure	medium
136340	nginx Installed (Linux/UNIX)	info
136183	IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.14 / 9.0.0.0 <= 9.0.0.9 Cross-Site Scripting Vulnerability	medium
136180	IBM WebSphere Application Server 7.x / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.14 / 9.0.0.0 <= 9.0.0.9 Directory Traversal Vulnerability	medium
135919	OpenSSL 1.1.1d < 1.1.1g Vulnerability	high
135771	IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.15 / 9.x < 9.0.0.10 XSS (CVE-2018-1794)	medium
135720	IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.15 / 9.0.0.0 <= 9.0.0.10 Connection Spoofing Vulnerability	medium
135702	IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.17 / 9.0.0.0 <= 9.0.5.3 Privilege Escalation (CVE-2020-4362)	high
135677	Oracle Fusion Middleware Oracle HTTP Server (Apr 2020 CPU)	high
135290	Apache 2.4.x < 2.4.42 Multiple Vulnerabilities	medium
135180	IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.4 Privilege Escalation (CVE-2020-4276)	high
134862	Apache Tomcat AJP Connector Request Injection (Ghostcat)	critical

Detections

Analytics

Web Servers Family for Nessus

info

high

medium

info

medium

medium

medium

high

high

critical

info

high

critical

medium

info

high

high

critical

high

high

critical

critical

info

high

high

high

critical

critical

critical

medium

medium

medium

high

high

high

info

critical

medium

medium

info

medium

medium

high

medium

medium

high

high

medium

high

critical