Vulnerabilities That Reduce Network Security

The beSECURE vulnerability assessment product line produces accurate and false-positive free vulnerability scan results. Results from beSECURE systems around the world have been compiled here into the most accurate picture available of the most common network security vulnerabilities that are also most commonly sought out by attackers.

We’ve included the OWASP Top Ten as well as hundreds more from vulnerability lists compiled from results provided anonymously by thousands of customers across hundreds of thousands of scans shared annually with Beyond Security. Vulnerability frequency is compiled into three groups of 100: High risk, Medium risk and Low risk.

The vast majority of network attacks are focused on the weaknesses that are most often found and the ease of which they can be exploited. Drive by attacks work by looking for a single common vulnerability the ‘low hanging fruit’ and then later decide if any of the hacked network is of interest. Targeted attacks will use the most common vulnerabilities list to form a path from first contact to capturing the flag.

In either attack scenario, a network that has any of these most common 100 vulnerabilities *looks* like it is weak and invites attack. You may have 4 attack dogs in your warehouse for overnight protection, but if you leave the loading door unlocked, you have just increased the chance that someone will try to enter. Yes, keep the dogs, but please also lock the door.

These common vulnerabilities are the most likely paths of attack regardless of how an attacker got their first foothold. An attacker’s first step might be through phishing, access control bypass, endpoint attack, etc., but that’s just the first point of contact. The most valuable targets are deeper in the network and hackers WILL search for the easiest path available.

Find out how Beyond Security can keep your security scans
and web application vulnerability up to date.

Most Common High Risk Vulnerabilities:

  1. Microsoft Windows HTTP.sys Code Execution Vulnerability
  2. OpenSSH Trusted X11 Cookie Connection Policy Bypass Vulnerability
  3. OpenSSH Privilege Separation Monitor Weakness
  4. OpenSSL Running Version Prior to 0.9.8zc POODLE
  5. Mountable NFS Shares
  6. Apache APR apr_palloc Heap Overflow
  7. .NET Framework and Microsoft Silverlight Allows Code Execution (MS11-039)
  8. Combined Security Update(MS12-034)
  9. Internet Explorer 8 Allows Code Execution(KB2847140)
  10. Cisco SSH Malformed Packet DoS
  11. Insecure Library Loading Allows Code Execution (KB2269637)
  12. Vulnerabilities in Windows Kernel-Mode Drivers Allow Elevation of Privilege (MS12-047)
  13. Vulnerabilities in Elevation of Privilege Using Windows Service Isolation Bypass (982316)
  14. PHP Running Version Prior to 5.2.15
  15. Unauthorized Digital Certificates Allow Spoofing (KB2728973)
  16. VMware ESX Running Version Prior to 4.1
  17. OpenSSL Running Version Prior to 1.0.1i
  18. Oracle Java SE Multiple Vulnerabilities (October 2010 CPU)
  19. Oracle Java SE Multiple Vulnerabilities (June 2011 CPU)
  20. Multiple Vendor IPMI ‘cipher zero’ Authentication Bypass Vulnerability
  21. Vulnerabilities in MySQL Unsupported Version Detection
  22. Vulnerabilities in Server Service Allows Code Execution (MS08-067, Network)
  23. Vulnerabilities in Group Policy Allows Code Execution (MS15-011)
  24. Vulnerabilities in Apache Running Version Prior to 2.2.28
  25. Vulnerabilities in PHP CGI Query String Code Execution
  26. Vulnerabilities in SQL Injection
  27. Vulnerabilities in Cross Site Scripting
  28. Vulnerabilities in Custom Web Code
  29. Vulnerabilities in VMware ESXi 3.5
  30. Vulnerabilities in PHP Running Version Prior to 5.3.11
  31. Vulnerabilities in NSClient Default Password
  32. Vulnerabilities in PHP Unsupported Version Detection
  33. .NET Framework Allows Code Execution (MS11-044)
  34. .NET Framework Allows Code Execution (MS11-028)
  35. Vulnerabilities in Microsoft XML Core Services Allows Code Execution (KB2719615)
  36. Vulnerabilities in Microsoft SQL Server Allows Code Execution (MS09-004,KB959420)
  37. Vulnerabilities in PHP Running Version Prior to 5.3.26
  38. Vulnerabilities in PHP Running Version Prior to 5.3.22
  39. Vulnerabilities in .NET Framework and Microsoft Silverlight Allow Code Execution (MS12-016)
  40. Vulnerabilities in Flash Player Running Version Prior to / 11.7.700.169 (APSB13-14)
  41. Vulnerabilities in Remote Portmapper Forwards NFS Requests
  42. Flash Player Running Version Prior to 11.7.700.232 / 11.8.800.94 (APSB13-17)
  43. Windows 2000 Unsupported Installation Detection
  44. Flash Player Running Version Prior to / 11.6.602.180 (APSB13-09)
  45. Flash Player Running Version Prior to / 11.7.700.169 (APSB13-11)
  46. Flash Player Running Version Prior to / (APSB12-05)
  47. Flash Player Running Versions Prior to / (APSB12-03)
  48. Flash Player Running Versions Prior to / (APSB11-28)
  49. Flash Player Running Version Prior to / 11.6.602.171 (APSB13-08)
  50. Flash Player Running Version Prior to / 11.5.502.149 (APSB13-05)
  51. Flash Player Running Version Prior to / 11.5.502.146 (APSB13-04)
  52. Sun Java JRE Unsupported Version
  53. Flash Player Running Version Prior to (APSB11-26)
  54. PHP Running Version Prior to 5.3.13
  55. Flash Player Running Version Prior to / 11.5.502.110 (APSB12-27)
  56. Flash Player Running Version Prior to / 11.5.502.135 (APSB13-01)
  57. Flash Player Running Version Prior to / 11.5.502.110 (APSB12-24)
  58. Flash Player Running Version Prior to / 11.4.402.279 (APSB12-22)
  59. Flash Player Running Version Prior to / 11.4.402.265 (APSB12-19)
  60. PHP Running Version Prior to 5.3.14
  61. Flash Player Object Confusion Vulnerability (APSB12-09)
  62. Flash Player Running Version Prior to / 11.3.300.256 (APSB12-14)
  63. Flash Player Running Version Prior to (APSB11-21)
  64. Flash Player Running Version Prior to (APSB11-18)
  65. Flash Player Unspecified Memory Corruption (APSA11-01)
  66. Flash Player Running Version Prior to (APSB11-12)
  67. Flash Player Running Version Prior to (APSB11-02)
  68. PHP Running Version Prior to 5.4.17
  69. Flash Player Unspecified Code Execution (APSB10-22)
  70. Adobe Flash Player Multiple Vulnerabilities (APSB10-26)
  71. Adobe Flash Player Multiple Vulnerabilities (ASPB10-14)
  72. Vulnerability in .NET Framework and Microsoft Silverlight Allow Code Execution (MS11-078)
  73. Vulnerability in HTTP.sys Allows Remote Code Execution (MS15-034, Network Check)
  74. OpenSSH Running Version Prior to 7.0
  75. Obsolete Web Server Software Detection
  76. Lighttpd ‘hostname’ Directory Traversal and SQLi Vulnerabilities
  77. .NET Framework Allow Code Execution (MS12-035)
  78. Samba CAP_DAC_OVERRIDE File Permission Security Bypass (Network)
  79. PHP Running Version Prior to 5.3.15
  80. Vulnerability in Microsoft Malware Protection Engine Allows Code Execution (KB2846338)
  81. Microsoft Malware Protection Engine (MMPE) Privilege Escalation (2491888)
  82. Dropbear SSH Server Channel Concurrency Use-after-free Code Execution
  83. Proxy Allows Gopher:// Requests
  84. Cisco IOS Software Processing of SAA Packets Flaw
  85. SNMP Disclosure of HP JetDirect EWS Password
  86. Dabber Worm Detection (MS04-011)
  87. PHP Running Version Prior to 5.3.2_5.2.13
  88. Flash Player Multiple Memory Corruption Vulnerabilities (APSB12-07)
  89. Microsoft Windows SMB2 ‘_Smb2ValidateProviderCallback()’ Vulnerability (MS09-050, Network Check)
  90. Microsoft SQL Server Blank Password
  91. statd RPC Format String
  92. HP StorageWorks MSA P2000 Hidden ‘admin’ User Default Credentials
  93. Vulnerabilities in .NET Framework Allows Code Execution (MS12-038)
  94. radmin Detection
  95. Vulnerabilities in .NET Framework Allow Code Execution (MS12-074)
  96. Flash Player ActionScript Predefined Class Prototype Addition Code Execution (APSB11-07)
  97. NFS Shares World Readable
  98. Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program (KB3097617)
  99. NVIDIA Display Driver Service Stack Buffer Overflow (Registry)
  100. Flash Player Memory Corruption (APSB13-16)

Most Common Medium Risk Vulnerabilities:

  1. SMB Listens on Port
  2. Windows Terminal Service Detection
  3. Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure
  4. SMB Signing Disabled
  5. Deprecated SSL Protocol Usage
  6. Source Disclosure
  7. Shared Directory Access (Login)
  8. SSL Medium Strength Cipher Suites Supported
  9. Default Community Names (SNMP Agent)
  10. Microsoft’s SQL TCP/IP Listener
  11. SNMPwalk Port Scanner
  12. VNC Security Types Detection
  13. AutoComplete Not Disabled
  14. Unencrypted Telnet Server
  15. Obtain Network Interfaces List via SNMP
  16. SSL Suites Weak Ciphers
  17. SNMP Agent Default Community Name (public)
  18. SSL Certificate Expiry
  19. Database Reachable from the Internet
  20. Non-SSL Login
  21. Vulnerabilities in SQL Server Allows Elevation of Privilege (MS12-070, Network)
  22. Microsoft IIS Tilde Character Information Disclosure Vulnerability
  23. LDAP Null Directory Bases
  24. Appweb Insecure SSL Renegotiation
  25. Web Server Cross Site Scripting
  26. DNS Server Allows Recursive Queries
  27. WebDAV Detection
  28. Linux Kernel UDP Implementation IP Identification Field OS Disclosure
  29. SSH Protocol Version 1 Detection
  30. MS SQL Server Resolution Service Amplification Reflected DRDoS Vulnerability
  31. SMB Shares Enumeration
  32. Apache HTTP Server Range Header Denial of Service Vulnerability (DoS)
  33. PHP expose_php Information Disclosure
  34. Apache HTTP Server Byte Range DoS
  35. SMTP Service Cleartext Login Permitted
  36. Apache UserDir Sensitive Information Disclosure
  37. Obtain Processes List via SNMP
  38. Remotely Accessible Registry
  39. OpenSSL Heartbeat Vulnerability (Heartbleed)
  40. Apache mod_negotiation Multi-Line Filename Upload Vulnerabilities
  41. Microsoft ASP.NET Information Disclosure Vulnerability (Network, MS10-070)
  42. Apache Running Version Prior to 2.2.25
  43. Apache Running Version Prior to 2.2.24
  44. Apache Running Version Prior to 2.2.23
  45. Shell Detection
  46. Shared Directory Access (Share Access)
  47. Guest Account Accessible (SMB)
  48. Oracle tnslsnr Version Detection
  49. Apache mod_suexec Multiple Privilege Escalation Vulnerabilities
  50. Credit Card Information
  51. Apache Running Version Prior to 2.2.22
  52. OpenSSH S/KEY Authentication Account Enumeration
  53. ntpd Mode 7 Error Response Packet Loop DoS
  54. Enumerate LANMAN Services via SNMP
  55. Apache Running Version Prior to 2.2.27
  56. Enumerate LANMAN Users via SNMP
  57. OpenSSL Running Version Prior to 0.9.8za
  58. SMB Host SID User Enumeration
  59. OpenSSH Multiple Vulnerabilities
  60. SMB Users Listing
  61. Enumerate LANMAN Shares via SNMP
  62. Passwordless Lexmark Printer
  63. Apache Tomcat Transfer-Encoding Header Vulnerability
  64. Apache mod_proxy_ajp DoS
  65. Users in the ‘Admin’ Group
  66. NFS Server Superfluous
  67. OpenSSH X11 Session Hijacking Vulnerability
  68. Unsupported Microsoft XML Parser (MSXML) and XML Core Services
  69. Apache APR apr_fnmatch DoS
  70. Fraudulent Digital Certificates Allow Spoofing (KB2524375)
  71. OpenSSH ‘ForceCommand’ Directive Bypass
  72. Remotely Accessible Registry (Full Access)
  73. Vulnerability in Microsoft XML Core Services Allow sCode Execution (MS07-042)
  74. IIS Sensitive Authentication Information Disclosure
  75. rsh Detection
  76. Citrix Server Detection
  77. SMTP Server Listening on a Non-Default Port
  78. Source Disclosure
  79. Missing X-Frame-Options Response
  80. HSTS Missing From HTTPS Server
  81. Malformed Bind Request (LDAP Anonymous)
  82. LDAP NT Search Request Information Retrieval
  83. SSL RC4 Cipher Suites Supported
  84. SSLv3 Padding Oracle On Downgraded Legacy Encryption (POODLE)
  85. Web Application Cookies Lack Secure Flag
  86. pcAnywhere Detection
  87. Web Application Cookies Lack HttpOnly Flag
  88. SSL Certificate is a Self Signed
  89. Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration Without Credentials
  90. Microsoft Windows SMB Shares Unprivileged Access
  91. HP System Management Homepage Cross-site Request Forgery
  92. DNS Amplification
  93. OpenSSL Running Version Prior to 0.9.8zb
  94. Microsoft Windows Kernel Win32k.sys PATHRECORD chain Multiple Vulnerabilities
  95. VNC Server Authentication-less
  96. SMB Use Host SID to Enumerate Local Users Without Credentials
  97. Vulnerability in MHTML Allows Information Disclosure (MS11-037)
  98. OpenSSL Running Version Prior to 0.9.8zf
  99. Directory Disclosure
  100. phpCMS parser.php XSS
  101. Chargen Detection
  102. My Little Forum Cross Site Scripting
  103. Keene Digital Media Server XSS
  104. WebCam Watchdog sresult.exe XSS
  105. Faq-O-Matic fom.cgi XSS
  106. Goollery viewpic.php XSS
  107. DCP-Portal Cross Site Scripting Bugs
  108. Apache Jakarta Cross-Site Scripting Vulnerability
  109. PHP-CSL Cross Site Scripting

Most Common Low Risk Vulnerabilities:

  1.  HTTP Packet Inspection
  2. ICMP Timestamp Request
  3. NetBIOS Information Retrieval
  4. Windows Host NetBIOS to Information Retrieval
  5. rpcinfo -p Information Disclosure
  6. Supported SSL Ciphers Suites
  7. SSL Verification Test
  8. Remote Host Replies to SYN+FIN
  9. Directory Scanner
  10. TCP Timestamps Retrieval
  11. VMWare Host Detection
  12. SSH Server Backported Security Patches
  13. NULL Session Available (SMB)
  14. Identify Unknown Services via GET Requests
  15. VNCviewer in Listen Mode Detection
  16. robot(s).txt Detection
  17. DNS Bypass Firewall Rules (UDP 53)
  18. RPC Portmapper
  19. SNMP Protocol Version Detection
  20. Telnet Detection
  21. IIS Allows BASIC and/or NTLM Authentication
  22. FTP Clear Text Authentication
  23. SNMP Route Enumeration
  24. Device Type
  25. HTTP TRACE Method XSS Vulnerability
  26. Microsoft IIS Default Page
  27. Microsoft’s SQL UDP Info Query
  28. HTTP Server Backported Security Patches
  29. LANMAN Browse Listing
  30. IPSEC IKE Detection
  31. Apache HTTP Server httpOnly Cookie Information Leak
  32. Microsoft .NET Handlers Enumeration
  33. Flash Cross-Domain Policy File
  34. Veritas NetBackup Agent Detection
  35. SLP Detection
  36. VMware ESX/GSX Server Detection
  37. TTL Anomaly Detection
  38. Apache HTTP Server httpOnly Cookie Information Disclosure
  39. SMTP Service STARTTLS Command Support
  40. SLP Server Detection (udp)
  41. IIS Content-Location HTTP Header
  42. Appweb HTTP Server Version
  43. SMTP Authentication Methods
  44. TFTPd Detection
  45. Apache Tomcat Default Error Page Version Detection