Web Servers Family for Nessus

ID	Name	Severity
100511	Netscape Enterprise Server Basic Authentication Buffer Overflow RCE (EGGBASKET/XP_NS-HTTPD)	critical
100221	IBM WebSphere Application Server 8.0 < 8.0.0.14 / 8.5 < 8.5.5.12 Administrative Console Information Disclosure	high
100123	IBM WebSphere Application Server 7.0 < 7.0.0.45 / 8.0 < 8.0.0.14 / 8.5 < 8.5.5.12 / 9.0 < 9.0.0.4 / Liberty 17.0 < 17.0.0.2 OAuth Service Provider XSRF	high
97999	Intel Management Engine Authentication Bypass (INTEL-SA-00075) (remote check)	critical
97998	Intel Management Engine Insecure Read / Write Operations RCE (INTEL-SA-00075) (remote check)	critical
99591	HP OfficeJet Pro Wi-Fi Direct Support Printer Configuration Unauthenticated Access	critical
99523	Microsoft Windows Server 2003 IIS 6.0 WebDAV PROPFIND Request Handling RCE (EXPLODINGCAN)	critical
99522	Oracle GlassFish Server 3.1.2.x < 3.1.2.17 Java Server Faces Information Disclosure (April 2017 CPU)	low
97994	Microsoft IIS 6.0 Unsupported Version Detection	critical
99368	Apache Tomcat 8.5.0 < 8.5.13 multiple vulnerabilities	critical
99367	Apache Tomcat 8.0.0.RC1 < 8.0.43	high
99362	Apache Tomcat 9.0.0.M11 < 9.0.0.M17	high
99361	Apache Tomcat 8.5.7 < 8.5.11	high
99281	Microsoft Windows Server 2003 R2 IIS 6.0 WebDAV PROPFIND Request Handling RCE (EXPLODINGCAN)	critical
97858	IBM WebSphere Application Server 8.0.0.10 < 8.0.0.14 / 8.5.5.3 < 8.5.5.12 / 9.0.0.0 < 9.0.0.4 OIDC Privilege Escalation	high
97355	IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.14 / 8.5 < 8.5.5.12 / 9.0 < 9.0.0.3 Admin Console Multiple XSS	medium
97328	OpenSSL 1.1.0 < 1.1.0e Vulnerability	high
97145	Acme thttpd Detection	info
97144	Acme thttpd < 2.26 Multiple Vulnerabilities	high
96874	OpenSSL 1.1.0 < 1.1.0d Multiple Vulnerabilities	medium
96873	OpenSSL 1.0.2 < 1.0.2k Multiple Vulnerabilities	medium
96803	Oracle WebLogic Java Object RMI Connect-Back Deserialization RCE (January 2017 CPU)	critical
96624	Oracle GlassFish Server 2.1.1.x < 2.1.1.30 / 3.0.1.x < 3.0.1.15 / 3.1.2.x < 3.1.2.16 Multiple Vulnerabilities (January 2017 CPU)	high
96451	Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy)	high
96450	Apache 2.2.x < 2.2.32 Multiple Vulnerabilities (httpoxy)	high
96178	IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.13 / 8.5 < 8.5.5.10 Information Disclosure	medium
96177	IBM BigFix Platform 9.x < 9.1.9.1301 / 9.2.9.36 / 9.5.4.38 Multiple Vulnerabilities	critical
96003	Apache Tomcat 8.5.0 < 8.5.9	high
95438	Apache Tomcat 8.5.0 < 8.5.8 multiple vulnerabilities	critical
94963	OpenSSL 1.1.0 < 1.1.0c Multiple Vulnerabilities	high
94962	IBM BigFix Web Reports Detection	info
94961	IBM BigFix Platform 9.x < 9.5.3 Remote Command Injection	high
94654	HP System Management Homepage < 7.6 Multiple Vulnerabilities (HPSBMU03653) (httpoxy)	high
94582	IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.13 / 8.5 < 8.5.5.10 / 9.0 < 9.0.0.1 / Liberty 16.0 < 16.0.0.3 Information Disclosure	low
94578	Apache Tomcat 8.5.0 < 8.5.5 multiple vulnerabilities	critical
94512	IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.13 / 8.5 < 8.5.5.11 / 9.0 < 9.0.0.2 Multiple Vulnerabilities	high
94511	Oracle WebLogic Server Java Object Deserialization RCE (October 2016 CPU)	critical
94161	Oracle GlassFish Server 2.1.1.x < 2.1.1.29 / 3.0.1.x < 3.0.1.14 / 3.1.2.x < 3.1.2.15 Java Server Faces RCE (October 2016 CPU)	high
94160	Oracle GlassFish Server 2.1.1.x < 2.1.1.29 Mozilla NSS ASN.1 Structure Handling RCE (October 2016 CPU)	high
93816	OpenSSL 1.1.0 < 1.1.0a Multiple Vulnerabilities	high
93815	OpenSSL 1.0.2 < 1.0.2i Multiple Vulnerabilities	critical
93814	OpenSSL 1.0.1 < 1.0.1u Multiple Vulnerabilities	critical
93787	OpenSSL 1.1.0a < 1.1.0b Vulnerability	critical
93786	OpenSSL 1.0.2i < 1.0.2j Vulnerability	high
93225	IBM BigFix Server 9.2.x < 9.2.8.74 .beswrpt File Handling XSS	medium
93224	IBM BigFix Server 9.2.x < 9.2.7.53 BES Gather XSS	medium
93223	IBM BigFix Server 9.1.x < 9.1.1275.0 Multiple XSS	medium
93112	OpenSSL < 1.0.2i Default Weak 64-bit Block Cipher (SWEET32)	high
92725	IBM WebSphere Application Server Liberty Detection	info
92724	IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.13 / 8.5 < 8.5.5.10 / Liberty 16.0 < 16.0.0.2 CRLF Sequences HTTP Response Splitting	medium

Detections

Analytics

Web Servers Family for Nessus

critical

high

high

critical

critical

critical

critical

low

critical

critical

high

high

high

critical

high

medium

high

info

high

medium

medium

critical

high

high

high

medium

critical

high

critical

high

info

high

high

low

critical

high

critical

high

high

high

critical

critical

critical

high

medium

medium

medium

high

info

medium