Title Type Severity

TLS ROBOT Vulnerability Detected Vuln 4

Cisco Adaptive Security Appliance Software and Firepower Threat Defense SoftwareVuln 4

OpenSSL Multiple Remote Security Vulnerabilities Practice 4

EOL/Obsolete Software: Microsoft Internet Information Services (IIS) 6.x Detected Vuln 5
EOL/Obsolete Software: Microsoft IIS 7.5 Detected Practice 5

EOL/Obsolete Software: Apache HTTP Server 2.2.x Detected Practice 5

OpenSSL Security Update (OpenSSL Security Advisory 20210325) Practice 4
OpenSSL Multiple Vulnerabilities (OpenSSL Security Advisory 20160128) Practice 4
Apache httpd Server Information Disclosure Vulnerability (OptionsBleed) Practice 4

Apache HTTP Server mod_mime Buffer Overread Practice 4

OpenSSL Diffie-Hellman Weak Encryption Vulnerability (Logjam) Practice 4

OpenSSL Weak RSA Key Exchange Vulnerability Practice 4
OpenSSL Multiple Vulnerabilities (OpenSSL Security Advisory 20150319) Practice 4
OpenSSL BASE64 Decode Interger Underflow Vulnerability Practice 4
OpenSSL Multiple Security Advisories (secadv_20160503) Practice 4
SSL/TLS Server Factoring RSA Export Keys (FREAK) vulnerability Vuln 4
Pulse Connect Secure Multiple Security Vulnerabilities (SA44101) Vuln 4
Apache HTTP Server Privilege Escalation From Modules Scripts Practice 4
CVE ID Vendor Reference Bugtraq ID

CVE-2014-0098, CVE-2013-
6438, CVE-2013-2249,
CVE-2017-6168, CVE-
CVE-2017-
2013-1862, CVE-2012-4558,
17382, CVE-2017-17427,
CVE-2012-3499, CVE-2012-
CVE-2017-17428, CVE-2017-
0883, CVE-2012-0053,
12373, CVE-2017-13098,CVE-
2012-0031, CVE-2011-3348,
CVE-2017-1000385, CVE-
CVE-2011-0419,
2017-13099, CVE-2010-
CVE-2016-
1452,CVE-2012-5081
6883, CVE-2010-0434, CVE- ROBOT 101901, 10219
2010-0408, CVE-2009-3555,
CVE-2009-2699, CVE-2009- cisco-sa-asaftd-ro-path-KJuQhB86
CVE-2020-3452
1891, CVE-2009-1890, CVE-
2009-1195, CVE-2008-2168,
CVE-2007-6750, CVE-2007-
CVE-2014-0224, CVE-2014-
6422, CVE-2007-6421, CVE-
0221, CVE-2014-0195, CVE-
2007-6388, CVE-2007-5000,
2014-0198, CVE-2010-5298,
CVE-2007-4465, CVE-2006-
CVE-2014-3470, CVE-2014-
4154, CVE-2006-3918, CVE-
0076
2009-0023, CVE-2009-1955, OpenSSL Security Advisory [05 Jun 2014] 66363, 67898,
CVE-2017-7269
CVE-2009-1956, CVE-2008-
0456, CVE-2009-1191, CVE- IIS 7.5 End of Life
2009-2412, CVE-2009-3095,
CVE-2009-3094, CVE-2010-
0425, CVE-2010-2068, CVE-
2010-1623, CVE-2009-3560,
CVE-2009-3720, CVE-2011-
3192, CVE-2011-3368, CVE-
2011-4317, CVE-2012-0021,
CVE-2011-3607, CVE-2012-
4557, CVE-2012-2687, CVE-
2013-1896, CVE-2014-0226,
CVE-2014-0118, CVE-2013-
5704, CVE-2014-0231, CVE-
2015-3183, CVE-2016-5387,
CVE-2016-8743, CVE-2017-
7679, CVE-2017-7668, CVE-
2017-3169, CVE-2017-3167,
CVE-2017-9788, CVE-2017-
9798 Apache httpd 2.2.34 43673, 40827,
CVE-2021-3449, CVE-2021-34OpenSSL Security Advisory 20210325
CVE-2016-0701, CVE-2015-31OpenSSL Security Advisory 20160128 91787, 82237,
CVE-2017-9798 Apache httpd 2.4.28 100872, 10559

CVE-2017-7679 Apache httpd 2.4.26, Apache httpd 2.2.34 99170

CVE-2015-4000 OpenSSL Security Advisory [11 Jun 2015] 74733, 91787

CVE-2015-0204 OpenSSL Security Advisory [19 March 2015] 91787, 71936
CVE-2015-0286, CVE-2015-0287,
OpenSSL
CVE-2015-0289,
Security Advisory
CVE-2015-0293,
[19 Mar 2015]
CVE-2015-0209,
73225, CVE-2015-0288
73237,
CVE-2015-0292, CVE-2014-81OpenSSL Security Advisory [19 March 2015], , 73228, 75159
CVE-2016-2107, CVE-2016-2105,
OpenSSL
CVE-2016-2106,
Security Advisory
CVE-2016-2109,
[3rd May 2016]
CVE-2016-2176,
91787, CVE-2016-2178
91081,
CVE-2015-0204 71936, 91787
CVE-2019-11510, CVE-2019-
11508, CVE-2019-11540,
CVE-2019-11543, CVE-2019-
11541, CVE-2019-11542,
CVE-2019-11539, CVE-2019-
11538, CVE-2019-11509,
CVE-2019-11507, CVE-2019-
11477, CVE-2019-11478,
CVE-2019-11479 SA44101 108073
CVE-2019-0211, CVE-2019-02Fixed in Apache httpd 2.4.39 107666
Cisco Adaptive Security Appliance (ASA) is the core operating system for the Cisco ASA Family. Cisco FirePOWER Threat De
features
The OpenSSLsuch Project
as firewall
is ancapabilities,
Open Source monitoring, alerts, Intrusion
toolkit implementing Detection
the Secure System
Sockets (IDS)
Layer and
(SSL Intrusion
v2/v3) PreventionLayer
and Transport System
Sec
A vulnerability
general purpose incryptography
the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Thre
library.
unauthenticated,
OpenSSL containsremote attacker
the following to conduct directory traversal attacks and read sensitive files on a targeted system. The
vulnerabilities:
proper input validation
CVE-2014-0224: of URLs
An attacker usingin HTTP requests
a carefully processed
crafted by ancan
handshake affected
force device.
the use of weak keying material in OpenSSL SSL
Threat
Affected Versions:
exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked clien
Cisco ASA Software
CVE-2014-0221: By 9.6.x andan
sending prior through
invalid DTLS9.6.4.41
handshake to an OpenSSL DTLS client the code can be made to recurse eventu
Cisco ASA Software
applications 9.7.x, 9.8.x
using OpenSSL as athrough 9.8.4.19
DTLS client are affected.
Cisco ASA Software
CVE-2014-0195: 9.9.x through
A buffer overrun9.9.2.73
attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or
Cisco ASA Software
run arbitrary code on 9.10.x through client
a vulnerable 9.10.1.41
or server. Only applications using OpenSSL as a DTLS client or server affected.
Cisco ASA Software 9.12.x
CVE-2014-3470: OpenSSL TLS clientsthrough 9.12.3.11
enabling anonymous ECDH ciphersuites are subject to a denial of service attack.
Cisco ASA Software 9.13.x through 9.13.1.9
Cisco ASAVersions:
Affected Software 9.14.x through 9.14.1.9
The
CiscoTLS
OpenSSLFTDvulnerability
Software
before is also
6.2.2
0.9.8za, known
through
1.0.0 as 1.0.0m,
Return of
6.2.3.15
before Bleichenbacher's
and Oracle Threat (ROBOT). ROBOT allows an attacker to obt
1.0.1 before 1.0.1h.
Cisco FTD Software 6.3.x, 6.4.x, 6.5.x, 6.6.x prior to 6.6.0.1
Steps
QID for detection
disabling
TheDetection
QID Logic:the vulnerable
relies on the changeciphersin(https://qualys.secure.force.com/articles/How_To/000002963
openssl behavior. )
Internet
This Information
unauthenticated
1. The scanner starts QIDServices
a SSLdetects(IIS, formerly
(TLSv1 vulnerable Internet
session) bysystems Information
sendingby Server)
requesting message
a ClientHello is an to the server or portal_inc.lua by
extensible web
for localization_inc.lua server created Microsoft
files via directf
supports
NOTE
2. HTTP,
The:scanner HTTP/2,
The webwaits
services HTTPS, FTP,
file server
for the FTPS,
systemtoisrespond SMTP
enabled with and NNTP.
whenitsthe It has been an integral
affected device is configured
Serverhello,KeyExchange part of the Windows
with eithermessage.
and ServerDone NT family since W
WebVPN or AnyConnec
from some editions (e.g. Windows XP Home edition), and is not
3. Then the scanner sends a ChangeCipherSpec message. This message is out-of-order.active by default.
4. The fixed version of openssl will reject this message with an alert "Unexpected message". The vulnerable version will att
AffectedItVersions:
session. will fail because of the missing shared key and return an alert "Decryption failed". The target would be vulnerab
IIS 7.5
proceeded to the point where itServices
attempted
Microsoft Internet Information WebtoServer
decrypt6.xanything.
was detected on the target host.
Microsoft
QIDQID ended
Detection support for IIS 6.0 on July 14, 2015 and provides no further support for this application.
The resultsLogic (Authenticated)
of "Expecting Unexpected Message Alert(0x0A)" means the target attempted to decrypt and did NOT send
This
alert.checks for vulnerable version of IIS in the windows registry path against unsupported Windows Server 2008 , 2008 R2
Note: IIS 6.0 servers are being exploited with the "EXPLODINGCAN" exploit.
This
QID information
Detection Logiccomes from the Shadow Brokers' "Equation Group" data dump and security researchers Zhiniang Peng an
(Unauthenticated)
This checks for vulnerable version of IIS by checking the banner information.

An
TheOpenSSL
OpenSSLTLS server
Project is may
an Open crashSourceif senttoolkit
a maliciously craftedthe
implementing renegotiation
Secure Sockets ClientHello message
Layer (SSL v2/v3)fromand aTransport
client. If aLayer
TLSv1.2Sec
signature_algorithms
purpose cryptography library. extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert e
dereference
OpenSSL contains will result, leading to
the following a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and ren
vulnerabilities:
configuration). OpenSSL TLS clients are not impacted by this issue.
Apache HTTP Server is a free and open-source cross-platform web server software, released under the terms of Apache Lic
-Apache
OpenSSL HTTP1.0.2 introduced
Server Projectthe abilityversion
released to generate 2.2.34X9.42of thestyle parameter
Apache files as(Apache)
HTTP Server requiredin byJuly
RFC2017,
5114.theThefinal
primes genera
maintenanc
Affected
contain aVersions:
small factor subgroup. Furthermore, OpenSSL prior to 1.0.2f will by default reuse this number for the life ofWeb
the p
2.2 releases
OpenSSL are
version anticipated.
1.1.1-1.1.1j This version of Apache is principally a security and bug fix maintenance release. Apache
particularly
release of the if re-used,
2.2.x series, severelyalthoughweakens someapplications
security patchesof themayDiffie-Hellman
be published protocol
through such as TLS, allowing
December of 2017. an attacker in som
Diffie-Hellman
The
ApacheOpenSSL private2.2.x
HTTP Project
Server isexponent
an is Open
detectedand decrypt
Source ontoolkit the
the host. underlying traffic.
implementing (CVE-2016-0701)
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Sec
NOTE:
general purpose cryptography library.
OpenSSL
A malicious
OpenSSL 1.1.0 is out
client
contains can
the ofnegotiate
support and
following SSLv2 nociphers
longer that
vulnerabilities: receiving
have updates of any on
been disabled kind.theThe impact
server andof these issues
complete SSLv2onhandshakes
OpenSSL 1.1.0 even
QID
ApacheDetection
OpenSSL Web
1.0.2 Logic:
Server
is not isimpacted
an open-source by this web server.
issue.
provided
The remote
On systems that
CVE-2015-0286:
Apache with the
detection
Module TheSSLv2
the mod_mime protocol
ASN1_TYPE_cmp
reviews
Limit directive the was not
Apache
set within
is used also
function disabled
version
to assign in from
a '.htaccess' via
theSSL_OP_NO_SSLv2.
crypto/asn1/a_type.c
banner
file and set
content metadata of
totothe inHTTP
theancontent(CVE-2016-3197)
OpenSSLServer.fails
invalid selected to
HTTP method,perform
for anaHTTP boolean-type
remote user can
response compar
by send
mapp
cause
The
request
the a denial
authenticated
for a path
metadata of service
values. detection
to trigger(invalid readApache
areviews operation
use-after-free and application
version
memory from
errorthe crash)
andcommand
view via"httpd
a crafted
potentially -v".X.509information
sensitive certificate tofroman endpoint
process memothat u
QID Detection
Affected Logic:(Unauthenticated)
Versions:The
CVE-2015-0287: ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL fails to reinitialize CHOICE and AD
This
This vulnerability
QID matches isvulnerable
referred to as "Optionsbleed".
versions based on the exposedthat banner information.
OpenSSL
to do
Apache
In a
Apache 1.0.2
invalid
HTTP
httpd prior
write
Server to
2.2.xthrough OpenSSL
operation
before by1.0.2f
2.2.34
2.2.33 leveraging 2.4.xan
andtoolkit
and 2.4.x application
through
before relies
2.4.27mod_mime
2.4.26, oncanASN.1readstructure
one byte reuse.
past theand
endTransport
of a buffer when
The OpenSSL
OpenSSL 1.0.1
CVE-2015-0289: Project
priorThe to is an Open
OpenSSL
PKCS7 Source
1.0.1r
implementation in implementing
OpenSSL does the
not Secure
handle Sockets
a lack of Layer
outer (SSL v2/v3)
ContentInfo. An attackerLayer Secs
can craft
QID Detection
response
purpose header. Logic
cryptography (Un-authenticated)
library.
with
This missing
will check content
for vulnerableand trigger a NULL
versions ofpointer
Apachedereference
httpd serveron parsing.by reviewing the httpd banner.
remotely
OpenSSL contains the
CVE-2015-0293: A denial of service following security
flaw vulnerabilities:
was found in the way OpenSSL handled certain SSLv2 messages. A malicious clien
CVE-2016-2107:
servers that both Asupport
MITM attackerSSLv2 and can use a export
enable padding oracle
cipher attack
suites bytosending
decrypta traffic
speciallywhen the connection
crafted uses an AES CBCm
SSLv2 CLIENT-MASTER-KEY
QID Detection
CVE-2016-2105: LogicAn (Unauthenticated):
overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary
CVE-2015-0209:
This
The QID matches
OpenSSL ProjectAvulnerable
use-after-free
is an Openversionsvulnerability
Source based
toolkit onin theexposed
the d2i_ECPrivateKey
implementing banner
the function
information
Secure Sockets inunder
crypto/ec/ec_asn1.c
Layer the HTTP
(SSL v2/v3)service. in OpenSSL.
and Transport ThisSec
Layer cod
large
privateamounts
key parsing of input data
functions then a length
(suchallows check
as d2i_PrivateKey can overflow resulting
or EVP_PKCS82PKEY) in a heap corruption.
and could lead to a DoS attack or memory
ACVE-2016-2106:
vulnerability in An
the TLS protocol
overflow can occur ina the man-in-the-middle
EVP_EncryptUpdate() attacker to downgrade
function. vulnerable
If an attacker is ableTLS
toconnections usingcorru
supply very large eph
am
private
OpenSSL keyshasfrom
added untrusted
protection sources.
for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limi
to EVP_EncryptUpdate()
CVE-2015-0288: The is with aX509_to_X509_REQ
function partial block then a will length check
crash with can overflow
a NULL pointerresulting in a heap
dereference corruption.
if the certificate keyLayer
is invali
Affected
The Versions:
OpenSSL
CVE-2016-2109: ProjectWhen an ASN.1Open Source
data is readtoolkit
fromimplementing the Secure
a BIO using functions such Sockets Layer
as d2i_CMS_bio() (SSL v2/v3)
a short and Transport
invalid encoding canSecc
Affected
OpenSSL
general Versions:
versions
purpose prior
cryptography to 1.0.1n library. A vulnerability has been confirmed in OpenSSL which exist while processing base64
memory
OpenSSL potentially consuming excessive resources or exhausting memory.
OpenSSL
string
The via versions
OpenSSLversions
certain
CVE-2016-2176: ProjectPEMprior
prior
ASN1 is
to
to 0.9.8zf
an 1.0.2b
processing
Open
Strings routines
Source
that that,
toolkit
are over 1024 when parsed
implementing
bytes can by
thethe
cause anOpenSSL
Secure Sockets
overread library
in Layer leads
(SSLtov2/v3)
applications an integer
using and underflow,
theTransport leading
Layer
X509_NAME_oneli Sec
OpenSSL
The
can remote
cause versions
theSSL/TLS
OpenSSL prior
server to 1.0.0r
serveris vulnerable
to crash An toInvalid
FREAK attack
free when:
vulnerability has been reported in DTLS which exists when DTLS pee
OpenSSL
could
OpenSSL versions:
result in
versions
1.The "RSA+EXPORT" arbitrary0.9.8
prior prior
stack
to
ciphers 1.0.1m to
data 0.9.8.zd,
being
aremessages, 1.0.0
returned priorin to
the 1.0.0p
buffer.and 1.0.1 prior to 1.0.1k.
supported;buffering of such data may cause an invalid free, resulting in a segmentation fa
ChangeCipherSpec
CVE-2016-2178: The and Finished
dsa_sign_setup functionisinnot crypto/dsa/dsa_ossl.c
OpenSSL
2.The sizeversions
Affected of the RSA
Versions: prior to 1.0.2a
public key in certificate stronger than 1024; in OpenSSL through 1.0.2h does not properly ensur
which
3.The makes
temporary it easier for local users to discover
1024;prior to private
a DSA key via a timing side-channel attack.
OpenSSL
Affected versions:RSA
Versions: 0.9.8 keypriorsize tois less than 1.0.0
0.9.8.za, 1.0.0m and 1.0.1 prior to 1.0.1h.
4.The temporary RSA key is stable(used multiple times);
OpenSSL versions prior to 1.0.2h and 1.0.1t
Only SSLv3 and TLSv1 are potentially vulnerable
Pulse Connect Secure 8.3R1 - 8.3R7
Pulse Connect Secure 8.2R1 - 8.2R12
Pulse Connect Secure 8.1R1 - 8.1R15

QID Detection
In Apache HTTPlogic:(Authenticated)
Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged
ItAffected
uses snmpwalk
Versions:request and oid to get the vulnerable version of Pulse Connect Secure at scan result
2.4.38, 2.4.37, 2.4.35, 2.4.34, 2.4.33, 2.4.30, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17
QID Detection logic:(Unauthenticated)
It
QIDuses two detection
Detection with modified requests: /dana/html5acc/guacamole/ to the targets to display find the vulnerable tar
Logic (Unauthenticated):
contents at scan result.
This QID Checks for the vulnerable versions based on the exposed banner information under the HTTP service.
Our
QID Authenticated
Detection Logicdetection is the only detection that prints the product version information at scan result.
(Authenticated):
This QID Checks for the vulnerable versions of Apache HTTP Server based on version detected from the command.
 State Available Signature Name Signature Sev

Enabled SSL: Possible Bleichenbacher SSL Attack Informative

HTTP: Cisco ASA Directory Traversal Vulnerability (CVE-2020-3452)
Enabled High
SSL: OpenSSL DTLS Possible Hello Message Denial Of Service
SSL: OpenSSL DTLS Recursion Denial Of Service
SSL: OpenSSL DTLS Hello Message DoS Vulnerability Medium
SSL: OpenSSL Dtls Reassemble Fragment Invalid Fragment Buffer Overflow Medium
SSL: OpenSSL do_ssl3_write Denial of Service Vulnerability High
High
Enabled High
Enabled HTTP: IIS 6.0 WebDAV Service ScStoragePathFromUrl Function Buffer Overflow High
Signature Set not available

HTTP: Apache APR Apr_fnmatch Stack Overflow Denial Of Service

SSL: Server-Initiated Key Renegotiation Detected
SSL: Client-Initiated Key Renegotiation Detected High
HTTP: Cross Site Scripting - Apache HTTP Server mod_negotiation Filename Low
Handling Medium
HTTP: Apache mod_isapi Module Unload Vulnerability High
HTTP: Apache httpd mod_deflate Resource Exhaustion Denial Of Service High
HTTP: Apache HTTPD Cookie Handling Denial Of Service (CVE-2012-0021) High
HTTP: Apache HTTP Server mod_deflate Denial of Service Medium
HTTP: HTTP Proxy CGI MITM Vulnerability Low
HTTP: Apache httpd ap_find_token Out of Bounds Read Vulnerability (CVE-2017- Low
7668) High
HTTP: Apache Information Leak Vulnerability (CVE-2017-9788) Medium
Enabled Medium
Signature Set not available
Signature Set not available
Enabled HTTP: Apache Options Memory Leak Vulnerability (CVE-2017-9798) Medium

Signature Set
a general purpose cryptography not available
library.
change to 512-bit export-grade cryptography, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client. This vulnerab
in a future release.
SSL: OpenSSL Request For Export Grade Cipher Suite Detected
SSL: TLS DHE_EXPORT Information Disclosure
as a general purpose cryptography library. A vulnerability has been confirmed in OpenSSL which exist inMedium
ssl3_get_key_exchange functi
SSL: OpenSSL Request For Export Grade Cipher Suite Detected Medium
Enabled SSL: OpenSSL ASN1_TYPE_cmp Denial of Service Vulnerability
Signature Set not available
Enabled SSL: OpenSSL Oracle Padding in AES-NI CBC vulnerability High
Enabled SSL: OpenSSL Request For Export Grade Cipher Suite Detected High
 HTTP: Pulse Secure Platform Stack-Based Buffer Overflow (CVE-2019-11542) High
Enabled HTTP: Pulse Secure Diag Cgi Command Injection (CVE-2019-11539) High
Enabled Signature Set not available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability
HTTP: Cisco ASA Directory Traversal Vulnerability (CVE-2020-3452)
 either
WebVPN
or
AnyConne
ct
Vuln 4 CVE-2020-3452 cisco-sa-asaftd-ro-p features.