Vulnerabilities That Reduce Network Security

The beSECURE vulnerability assessment product line produces accurate and false-positive free vulnerability scan results. Results from beSECURE systems around the world have been compiled here into the most accurate picture available of the most common network security vulnerabilities that are also most commonly sought out by attackers.

We’ve included the OWASP Top Ten as well as hundreds more from vulnerability lists compiled from results provided anonymously by thousands of customers across hundreds of thousands of scans shared annually with Beyond Security. Vulnerability frequency is compiled into three groups of 100: High risk, Medium risk and Low risk.

The vast majority of network attacks are focused on the weaknesses that are most often found and the ease of which they can be exploited. Drive by attacks work by looking for a single common vulnerability the ‘low hanging fruit’ and then later decide if any of the hacked network is of interest. Targeted attacks will use the most common vulnerabilities list to form a path from first contact to capturing the flag.

In either attack scenario, a network that has any of these most common 100 vulnerabilities *looks* like it is weak and invites attack. You may have 4 attack dogs in your warehouse for overnight protection, but if you leave the loading door unlocked, you have just increased the chance that someone will try to enter. Yes, keep the dogs, but please also lock the door.

These common vulnerabilities are the most likely paths of attack regardless of how an attacker got their first foothold. An attacker’s first step might be through phishing, access control bypass, endpoint attack, etc., but that’s just the first point of contact. The most valuable targets are deeper in the network and hackers WILL search for the easiest path available.

Find out how Beyond Security can keep your security scans
and web application vulnerability up to date.

Most Common High Risk Vulnerabilities:

1.Microsoft Windows HTTP.sys Code Execution Vulnerability

2. OpenSSH Trusted X11 Cookie Connection Policy Bypass Vulnerability

3. OpenSSH Privilege Separation Monitor Weakness

4. OpenSSL Running Version Prior to 0.9.8zc POODLE

5. Mountable NFS Shares

6. Apache APR apr_palloc Heap Overflow

7. .NET Framework and Microsoft Silverlight Allows Code Execution (MS11-039)

8. Combined Security Update(MS12-034)

9. Internet Explorer 8 Allows Code Execution(KB2847140)

10. Cisco SSH Malformed Packet DoS

11. Insecure Library Loading Allows Code Execution (KB2269637)

12. Vulnerabilities in Windows Kernel-Mode Drivers Allow Elevation of Privilege (MS12-047)

13. Vulnerabilities in Elevation of Privilege Using Windows Service Isolation Bypass (982316)

14. PHP Running Version Prior to 5.2.15

15. Unauthorized Digital Certificates Allow Spoofing (KB2728973)

16. VMware ESX Running Version Prior to 4.1

17. OpenSSL Running Version Prior to 1.0.1i

18. Oracle Java SE Multiple Vulnerabilities (October 2010 CPU)

19. Oracle Java SE Multiple Vulnerabilities (June 2011 CPU)

20. Multiple Vendor IPMI ‘cipher zero’ Authentication Bypass Vulnerability

21. Vulnerabilities in MySQL Unsupported Version Detection

22. Vulnerabilities in Server Service Allows Code Execution (MS08-067, Network)

23. Vulnerabilities in Group Policy Allows Code Execution (MS15-011)

24. Vulnerabilities in Apache Running Version Prior to 2.2.28

25. Vulnerabilities in PHP CGI Query String Code Execution

26. Vulnerabilities in SQL Injection

27. Vulnerabilities in Cross Site Scripting

28. Vulnerabilities in Custom Web Code

29. Vulnerabilities in VMware ESXi 3.5

30. Vulnerabilities in PHP Running Version Prior to 5.3.11

31. Vulnerabilities in NSClient Default Password

32. Vulnerabilities in PHP Unsupported Version Detection

33. .NET Framework Allows Code Execution (MS11-044)

34. .NET Framework Allows Code Execution (MS11-028)

35. Vulnerabilities in Microsoft XML Core Services Allows Code Execution (KB2719615)

36. Vulnerabilities in Microsoft SQL Server Allows Code Execution (MS09-004,KB959420)

37. Vulnerabilities in PHP Running Version Prior to 5.3.26

38. Vulnerabilities in PHP Running Version Prior to 5.3.22

39. Vulnerabilities in .NET Framework and Microsoft Silverlight Allow Code Execution (MS12-016)

40. Vulnerabilities in Flash Player Running Version Prior to / 11.7.700.169 (APSB13-14)

41. Vulnerabilities in Remote Portmapper Forwards NFS Requests

42. Flash Player Running Version Prior to 11.7.700.232 / 11.8.800.94 (APSB13-17)

43. Windows 2000 Unsupported Installation Detection

44. Flash Player Running Version Prior to / 11.6.602.180 (APSB13-09)

45. Flash Player Running Version Prior to / 11.7.700.169 (APSB13-11)

46. Flash Player Running Version Prior to / (APSB12-05)

47. Flash Player Running Versions Prior to / (APSB12-03)

48. Flash Player Running Versions Prior to / (APSB11-28)

49. Flash Player Running Version Prior to / 11.6.602.171 (APSB13-08)

50. Flash Player Running Version Prior to / 11.5.502.149 (APSB13-05)

51. Flash Player Running Version Prior to / 11.5.502.146 (APSB13-04)

52. Sun Java JRE Unsupported Version

53. Flash Player Running Version Prior to (APSB11-26)

54. PHP Running Version Prior to 5.3.13

55. Flash Player Running Version Prior to / 11.5.502.110 (APSB12-27)

56. Flash Player Running Version Prior to / 11.5.502.135 (APSB13-01)

57. Flash Player Running Version Prior to / 11.5.502.110 (APSB12-24)

58. Flash Player Running Version Prior to / 11.4.402.279 (APSB12-22)

59. Flash Player Running Version Prior to / 11.4.402.265 (APSB12-19)

60. PHP Running Version Prior to 5.3.14

61. Flash Player Object Confusion Vulnerability (APSB12-09)

62. Flash Player Running Version Prior to / 11.3.300.256 (APSB12-14)

63. Flash Player Running Version Prior to (APSB11-21)

64. Flash Player Running Version Prior to (APSB11-18)

65. Flash Player Unspecified Memory Corruption (APSA11-01)

66. Flash Player Running Version Prior to (APSB11-12)

67. Flash Player Running Version Prior to (APSB11-02)

68. PHP Running Version Prior to 5.4.17

69. Flash Player Unspecified Code Execution (APSB10-22)

70. Adobe Flash Player Multiple Vulnerabilities (APSB10-26)

71. Adobe Flash Player Multiple Vulnerabilities (ASPB10-14)

72. Vulnerability in .NET Framework and Microsoft Silverlight Allow Code Execution (MS11-078)

73. Vulnerability in HTTP.sys Allows Remote Code Execution (MS15-034, Network Check)

74. OpenSSH Running Version Prior to 7.0

75. Obsolete Web Server Software Detection

76. Lighttpd ‘hostname’ Directory Traversal and SQLi Vulnerabilities

77. .NET Framework Allow Code Execution (MS12-035)

78. Samba CAP_DAC_OVERRIDE File Permission Security Bypass (Network)

79. PHP Running Version Prior to 5.3.15

80. Vulnerability in Microsoft Malware Protection Engine Allows Code Execution (KB2846338)

81. Microsoft Malware Protection Engine (MMPE) Privilege Escalation (2491888)

82. Dropbear SSH Server Channel Concurrency Use-after-free Code Execution

83. Proxy Allows Gopher:// Requests

84. Cisco IOS Software Processing of SAA Packets Flaw

85. SNMP Disclosure of HP JetDirect EWS Password

86. Dabber Worm Detection (MS04-011)

87. PHP Running Version Prior to 5.3.2_5.2.13

88. Flash Player Multiple Memory Corruption Vulnerabilities (APSB12-07)

89. Microsoft Windows SMB2 ‘_Smb2ValidateProviderCallback()’ Vulnerability (MS09-050, Network Check)

90. Microsoft SQL Server Blank Password

91. statd RPC Format String

92. HP StorageWorks MSA P2000 Hidden ‘admin’ User Default Credentials

93.Vulnerabilities in .NET Framework Allows Code Execution (MS12-038)

94. radmin Detection

95. Vulnerabilities in .NET Framework Allow Code Execution (MS12-074)

96. Flash Player ActionScript Predefined Class Prototype Addition Code Execution (APSB11-07)

97. NFS Shares World Readable

98. Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program (KB3097617)

99. NVIDIA Display Driver Service Stack Buffer Overflow (Registry)

100.Flash Player Memory Corruption (APSB13-16)

Most Common Medium Risk Vulnerabilities:

1. SMB Listens on Port

2. Windows Terminal Service Detection

3. Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure

4. SMB Signing Disabled

5. Deprecated SSL Protocol Usage

6. Source Disclosure

7. Shared Directory Access (Login)

8. SSL Medium Strength Cipher Suites Supported

9. Default Community Names (SNMP Agent)

10. Microsoft’s SQL TCP/IP Listener

11. SNMPwalk Port Scanner

12. VNC Security Types Detection

13. AutoComplete Not Disabled

14. Unencrypted Telnet Server

15.Obtain Network Interfaces List via SNMP

16. SSL Suites Weak Ciphers

17. SNMP Agent Default Community Name (public)

18. SSL Certificate Expiry

19. Database Reachable from the Internet

20. Non-SSL Login

21. Vulnerabilities in SQL Server Allows Elevation of Privilege (MS12-070, Network)

22. Microsoft IIS Tilde Character Information Disclosure Vulnerability

23.LDAP Null Directory Bases

24. Appweb Insecure SSL Renegotiation

25. Web Server Cross Site Scripting

26. DNS Server Allows Recursive Queries

27. WebDAV Detection

28. Linux Kernel UDP Implementation IP Identification Field OS Disclosure

29. SSH Protocol Version 1 Detection

30. MS SQL Server Resolution Service Amplification Reflected DRDoS Vulnerability

31. SMB Shares Enumeration

32. Apache HTTP Server Range Header Denial of Service Vulnerability (DoS)

33. PHP expose_php Information Disclosure

34. Apache HTTP Server Byte Range DoS

35.SMTP Service Cleartext Login Permitted

36. Apache UserDir Sensitive Information Disclosure

37. Obtain Processes List via SNMP

38. Remotely Accessible Registry

39. OpenSSL Heartbeat Vulnerability (Heartbleed)

40. Apache mod_negotiation Multi-Line Filename Upload Vulnerabilities

41. Microsoft ASP.NET Information Disclosure Vulnerability (Network, MS10-070)

42. Apache Running Version Prior to 2.2.25

43. Apache Running Version Prior to 2.2.24

44. Apache Running Version Prior to 2.2.23

45. Shell Detection

46. Shared Directory Access (Share Access)

47. Guest Account Accessible (SMB)

48. Oracle tnslsnr Version Detection

49. Apache mod_suexec Multiple Privilege Escalation Vulnerabilities

50. Credit Card Information

51. Apache Running Version Prior to 2.2.22

52. OpenSSH S/KEY Authentication Account Enumeration

53. ntpd Mode 7 Error Response Packet Loop DoS

54. Enumerate LANMAN Services via SNMP

55. Apache Running Version Prior to 2.2.27

56. Enumerate LANMAN Users via SNMP

57. OpenSSL Running Version Prior to 0.9.8za

58. SMB Host SID User Enumeration

59. OpenSSH Multiple Vulnerabilities

60. SMB Users Listing

61. Enumerate LANMAN Shares via SNMP

62. Passwordless Lexmark Printer

63. Apache Tomcat Transfer-Encoding Header Vulnerability

64. Apache mod_proxy_ajp DoS

65. Users in the ‘Admin’ Group

66. NFS Server Superfluous

67. OpenSSH X11 Session Hijacking Vulnerability

68. Unsupported Microsoft XML Parser (MSXML) and XML Core Services

69. Apache APR apr_fnmatch DoS

70. Fraudulent Digital Certificates Allow Spoofing (KB2524375)

71. OpenSSH ‘ForceCommand’ Directive Bypass

72. Remotely Accessible Registry (Full Access)

73. Vulnerability in Microsoft XML Core Services Allow sCode Execution (MS07-042)

74. IIS Sensitive Authentication Information Disclosure

75. rsh Detection

76. Citrix Server Detection

77. SMTP Server Listening on a Non-Default Port

78. Source Disclosure

79. Missing X-Frame-Options Response

80. HSTS Missing From HTTPS Server

81. Malformed Bind Request (LDAP Anonymous)

82. LDAP NT Search Request Information Retrieval

83. SSL RC4 Cipher Suites Supported

84. SSLv3 Padding Oracle On Downgraded Legacy Encryption (POODLE)

85. Web Application Cookies Lack Secure Flag

86. pcAnywhere Detection

87. Web Application Cookies Lack HttpOnly Flag

88. SSL Certificate is a Self Signed

89. Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration Without Credentials

90. Microsoft Windows SMB Shares Unprivileged Access

92. HP System Management Homepage Cross-site Request Forgery

93. DNS Amplification

94. OpenSSL Running Version Prior to 0.9.8zb

95. Microsoft Windows Kernel Win32k.sys PATHRECORD chain Multiple Vulnerabilities

96. VNC Server Authentication-less

97. SMB Use Host SID to Enumerate Local Users Without Credentials

98. Vulnerability in MHTML Allows Information Disclosure (MS11-037)

99. OpenSSL Running Version Prior to 0.9.8zf

100. Directory Disclosure

101. phpCMS parser.php XSS

102. Chargen Detection

103. My Little Forum Cross Site Scripting

104. Keene Digital Media Server XSS

105. WebCam Watchdog sresult.exe XSS

106. Faq-O-Matic fom.cgi XSS

107. Goollery viewpic.php XSS

108. DCP-Portal Cross Site Scripting Bugs

109. Apache Jakarta Cross-Site Scripting Vulnerability

110. PHP-CSL Cross Site Scripting

Most Common Low Risk Vulnerabilities:

1. HTTP Packet Inspection

2. ICMP Timestamp Request

3. NetBIOS Information Retrieval

4. Windows Host NetBIOS to Information Retrieval

5. rpcinfo -p Information Disclosure

6. Supported SSL Ciphers Suites

7. SSL Verification Test

8. Remote Host Replies to SYN+FIN

9. Directory Scanner

10. TCP Timestamps Retrieval

11. VMWare Host Detection

12. SSH Server Backported Security Patches

13. NULL Session Available (SMB)

14. Identify Unknown Services via GET Requests

15. VNCviewer in Listen Mode Detection

16. robot(s).txt Detection

17. DNS Bypass Firewall Rules (UDP 53)

18. RPC Portmapper

19. SNMP Protocol Version Detection

20. Telnet Detection

21. IIS Allows BASIC and/or NTLM Authentication

22. FTP Clear Text Authentication

23. SNMP Route Enumeration

24. Device Type

25. HTTP TRACE Method XSS Vulnerability

26. Microsoft IIS Default Page

27. Microsoft’s SQL UDP Info Query

28. HTTP Server Backported Security Patches

29. LANMAN Browse Listing

30. IPSEC IKE Detection

31. Apache HTTP Server httpOnly Cookie Information Leak

32. Microsoft .NET Handlers Enumeration

33. Flash Cross-Domain Policy File

34. Veritas NetBackup Agent Detection

35. SLP Detection

36. VMware ESX/GSX Server Detection

37. TTL Anomaly Detection

38. Apache HTTP Server httpOnly Cookie Information Disclosure

39. SMTP Service STARTTLS Command Support

40. SLP Server Detection (udp)

41. IIS Content-Location HTTP Header

42. Appweb HTTP Server Version

43. SMTP Authentication Methods

44. TFTPd Detection

45. Apache Tomcat Default Error Page Version Detection