Top Web Application Vulnerabilities
The Vulnerabilities that Most Reduce Network Security
The beSECURE vulnerability assessment product line produces accurate and false-positive free vulnerability scan results. Results from beSECURE systems around the world have been compiled here into the most accurate picture available of the most common network security vulnerabilities that are also most commonly sought out by attackers.
We’ve included the OWASP Top Ten as well as hundreds more from vulnerability lists compiled from results provided anonymously by thousands of customers across hundreds of thousands of scans shared annually with Beyond Security. Vulnerability frequency is compiled into three groups of 100: High risk, Medium risk and Low risk.
The vast majority of network attacks are focused on the weaknesses that are most often found and the ease of which they can be exploited. Drive by attacks work by looking for a single common vulnerability the ‘low hanging fruit’ and then later decide if any of the hacked network is of interest. Targeted attacks will use the most common vulnerabilities list to form a path from first contact to capturing the flag.
In either attack scenario, a network that has any of these most common 100 vulnerabilities *looks* like it is weak and invites attack. You may have 4 attack dogs in your warehouse for overnight protection, but if you leave the loading door unlocked, you have just increased the chance that someone will try to enter. Yes, keep the dogs, but please also lock the door.
These common vulnerabilities are the most likely paths of attack regardless of how an attacker got their first foothold. An attacker’s first step might be through phishing, access control bypass, endpoint attack, etc., but that’s just the first point of contact. The most valuable targets are deeper in the network and hackers WILL search for the easiest path available.
Find out how Beyond Security can keep your security scans
and web application vulnerability up to date.
Most Common High Risk Vulnerabilities:
1.Microsoft Windows HTTP.sys Code Execution Vulnerability
2. OpenSSH Trusted X11 Cookie Connection Policy Bypass Vulnerability
3. OpenSSH Privilege Separation Monitor Weakness
4. OpenSSL Running Version Prior to 0.9.8zc POODLE
6. Apache APR apr_palloc Heap Overflow
7. .NET Framework and Microsoft Silverlight Allows Code Execution (MS11-039)
8. Combined Security Update(MS12-034)
9. Internet Explorer 8 Allows Code Execution(KB2847140)
10. Cisco SSH Malformed Packet DoS
11. Insecure Library Loading Allows Code Execution (KB2269637)
12. Vulnerabilities in Windows Kernel-Mode Drivers Allow Elevation of Privilege (MS12-047)
13. Vulnerabilities in Elevation of Privilege Using Windows Service Isolation Bypass (982316)
14. PHP Running Version Prior to 5.2.15
15. Unauthorized Digital Certificates Allow Spoofing (KB2728973)
16. VMware ESX Running Version Prior to 4.1
17. OpenSSL Running Version Prior to 1.0.1i
18. Oracle Java SE Multiple Vulnerabilities (October 2010 CPU)
19. Oracle Java SE Multiple Vulnerabilities (June 2011 CPU)
20. Multiple Vendor IPMI ‘cipher zero’ Authentication Bypass Vulnerability
21. Vulnerabilities in MySQL Unsupported Version Detection
22. Vulnerabilities in Server Service Allows Code Execution (MS08-067, Network)
23. Vulnerabilities in Group Policy Allows Code Execution (MS15-011)
24. Vulnerabilities in Apache Running Version Prior to 2.2.28
25. Vulnerabilities in PHP CGI Query String Code Execution
26. Vulnerabilities in SQL Injection
27. Vulnerabilities in Cross Site Scripting
28. Vulnerabilities in Custom Web Code
29. Vulnerabilities in VMware ESXi 3.5
30. Vulnerabilities in PHP Running Version Prior to 5.3.11
31. Vulnerabilities in NSClient Default Password
32. Vulnerabilities in PHP Unsupported Version Detection
33. .NET Framework Allows Code Execution (MS11-044)
34. .NET Framework Allows Code Execution (MS11-028)
35. Vulnerabilities in Microsoft XML Core Services Allows Code Execution (KB2719615)
36. Vulnerabilities in Microsoft SQL Server Allows Code Execution (MS09-004,KB959420)
37. Vulnerabilities in PHP Running Version Prior to 5.3.26
38. Vulnerabilities in PHP Running Version Prior to 5.3.22
39. Vulnerabilities in .NET Framework and Microsoft Silverlight Allow Code Execution (MS12-016)
40. Vulnerabilities in Flash Player Running Version Prior to 10.3.183.75 / 11.7.700.169 (APSB13-14)
41. Vulnerabilities in Remote Portmapper Forwards NFS Requests
42. Flash Player Running Version Prior to 11.7.700.232 / 11.8.800.94 (APSB13-17)
43. Windows 2000 Unsupported Installation Detection
44. Flash Player Running Version Prior to 10.3.183.68 / 11.6.602.180 (APSB13-09)
45. Flash Player Running Version Prior to 10.3.183.75 / 11.7.700.169 (APSB13-11)
46. Flash Player Running Version Prior to 10.3.183.15 / 11.7.102.62 (APSB12-05)
47. Flash Player Running Versions Prior to 10.3.183.15 / 11.1.102.62 (APSB12-03)
48. Flash Player Running Versions Prior to 10.3.183.10 / 11.0.1.152 (APSB11-28)
49. Flash Player Running Version Prior to 10.3.183.67 / 11.6.602.171 (APSB13-08)
50. Flash Player Running Version Prior to 10.3.183.51 / 11.5.502.149 (APSB13-05)
51. Flash Player Running Version Prior to 10.3.183.50 / 11.5.502.146 (APSB13-04)
52. Sun Java JRE Unsupported Version
53. Flash Player Running Version Prior to 10.3.183.7 (APSB11-26)
54. PHP Running Version Prior to 5.3.13
55. Flash Player Running Version Prior to 10.3.183.43 / 11.5.502.110 (APSB12-27)
56. Flash Player Running Version Prior to 10.3.183.48 / 11.5.502.135 (APSB13-01)
57. Flash Player Running Version Prior to 10.3.183.43 / 11.5.502.110 (APSB12-24)
58. Flash Player Running Version Prior to 10.3.183.24 / 11.4.402.279 (APSB12-22)
59. Flash Player Running Version Prior to 10.3.183.23 / 11.4.402.265 (APSB12-19)
60. PHP Running Version Prior to 5.3.14
61. Flash Player Object Confusion Vulnerability (APSB12-09)
62. Flash Player Running Version Prior to 10.3.183.19 / 11.3.300.256 (APSB12-14)
63. Flash Player Running Version Prior to 10.3.183.5 (APSB11-21)
64. Flash Player Running Version Prior to 10.3.181.26 (APSB11-18)
65. Flash Player Unspecified Memory Corruption (APSA11-01)
66. Flash Player Running Version Prior to 10.3.181.14 (APSB11-12)
67. Flash Player Running Version Prior to 10.2.152.26 (APSB11-02)
68. PHP Running Version Prior to 5.4.17
69. Flash Player Unspecified Code Execution (APSB10-22)
70. Adobe Flash Player Multiple Vulnerabilities (APSB10-26)
71. Adobe Flash Player Multiple Vulnerabilities (ASPB10-14)
72. Vulnerability in .NET Framework and Microsoft Silverlight Allow Code Execution (MS11-078)
73. Vulnerability in HTTP.sys Allows Remote Code Execution (MS15-034, Network Check)
74. OpenSSH Running Version Prior to 7.0
75. Obsolete Web Server Software Detection
76. Lighttpd ‘hostname’ Directory Traversal and SQLi Vulnerabilities
77. .NET Framework Allow Code Execution (MS12-035)
78. Samba CAP_DAC_OVERRIDE File Permission Security Bypass (Network)
79. PHP Running Version Prior to 5.3.15
80. Vulnerability in Microsoft Malware Protection Engine Allows Code Execution (KB2846338)
81. Microsoft Malware Protection Engine (MMPE) Privilege Escalation (2491888)
82. Dropbear SSH Server Channel Concurrency Use-after-free Code Execution
83. Proxy Allows Gopher:// Requests
84. Cisco IOS Software Processing of SAA Packets Flaw
85. SNMP Disclosure of HP JetDirect EWS Password
86. Dabber Worm Detection (MS04-011)
87. PHP Running Version Prior to 5.3.2_5.2.13
88. Flash Player Multiple Memory Corruption Vulnerabilities (APSB12-07)
89. Microsoft Windows SMB2 ‘_Smb2ValidateProviderCallback()’ Vulnerability (MS09-050, Network Check)
90. Microsoft SQL Server Blank Password
92. HP StorageWorks MSA P2000 Hidden ‘admin’ User Default Credentials
93.Vulnerabilities in .NET Framework Allows Code Execution (MS12-038)
94. radmin Detection
95. Vulnerabilities in .NET Framework Allow Code Execution (MS12-074)
96. Flash Player ActionScript Predefined Class Prototype Addition Code Execution (APSB11-07)
98. Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program (KB3097617)
99. NVIDIA Display Driver Service Stack Buffer Overflow (Registry)
100.Flash Player Memory Corruption (APSB13-16)
Here are the Most Common Medium Risk Vulnerabilities:
2. Windows Terminal Service Detection
3. Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure
5. Deprecated SSL Protocol Usage
7. Shared Directory Access (Login)
8. SSL Medium Strength Cipher Suites Supported
9. Default Community Names (SNMP Agent)
10. Microsoft’s SQL TCP/IP Listener
12. VNC Security Types Detection
15.Obtain Network Interfaces List via SNMP
17. SNMP Agent Default Community Name (public)
19. Database Reachable from the Internet
20. Non-SSL Login
21. Vulnerabilities in SQL Server Allows Elevation of Privilege (MS12-070, Network)
22. Microsoft IIS Tilde Character Information Disclosure Vulnerability
24. Appweb Insecure SSL Renegotiation
25. Web Server Cross Site Scripting
26. DNS Server Allows Recursive Queries
27. WebDAV Detection
28. Linux Kernel UDP Implementation IP Identification Field OS Disclosure
29. SSH Protocol Version 1 Detection
30. MS SQL Server Resolution Service Amplification Reflected DRDoS Vulnerability
32. Apache HTTP Server Range Header Denial of Service Vulnerability (DoS)
33. PHP expose_php Information Disclosure
34. Apache HTTP Server Byte Range DoS
35.SMTP Service Cleartext Login Permitted
36. Apache UserDir Sensitive Information Disclosure
37. Obtain Processes List via SNMP
38. Remotely Accessible Registry
39. OpenSSL Heartbeat Vulnerability (Heartbleed)
40. Apache mod_negotiation Multi-Line Filename Upload Vulnerabilities
41. Microsoft ASP.NET Information Disclosure Vulnerability (Network, MS10-070)
42. Apache Running Version Prior to 2.2.25
43. Apache Running Version Prior to 2.2.24
44. Apache Running Version Prior to 2.2.23
45. Shell Detection
46. Shared Directory Access (Share Access)
47. Guest Account Accessible (SMB)
48. Oracle tnslsnr Version Detection
49. Apache mod_suexec Multiple Privilege Escalation Vulnerabilities
51. Apache Running Version Prior to 2.2.22
52. OpenSSH S/KEY Authentication Account Enumeration
53. ntpd Mode 7 Error Response Packet Loop DoS
54. Enumerate LANMAN Services via SNMP
55. Apache Running Version Prior to 2.2.27
56. Enumerate LANMAN Users via SNMP
57. OpenSSL Running Version Prior to 0.9.8za
58. SMB Host SID User Enumeration
59. OpenSSH Multiple Vulnerabilities
61. Enumerate LANMAN Shares via SNMP
62. Passwordless Lexmark Printer
63. Apache Tomcat Transfer-Encoding Header Vulnerability
65. Users in the ‘Admin’ Group
67. OpenSSH X11 Session Hijacking Vulnerability
68. Unsupported Microsoft XML Parser (MSXML) and XML Core Services
69. Apache APR apr_fnmatch DoS
70. Fraudulent Digital Certificates Allow Spoofing (KB2524375)
71. OpenSSH ‘ForceCommand’ Directive Bypass
72. Remotely Accessible Registry (Full Access)
73. Vulnerability in Microsoft XML Core Services Allow sCode Execution (MS07-042)
74. IIS Sensitive Authentication Information Disclosure
75. rsh Detection
77. SMTP Server Listening on a Non-Default Port
79. Missing X-Frame-Options Response
80. HSTS Missing From HTTPS Server
81. Malformed Bind Request (LDAP Anonymous)
82. LDAP NT Search Request Information Retrieval
83. SSL RC4 Cipher Suites Supported
84. SSLv3 Padding Oracle On Downgraded Legacy Encryption (POODLE)
85. Web Application Cookies Lack Secure Flag
87. Web Application Cookies Lack HttpOnly Flag
88. SSL Certificate is a Self Signed
89. Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration Without Credentials
90. Microsoft Windows SMB Shares Unprivileged Access
91. PHP Running Version Prior to 5.3.9
92. HP System Management Homepage Cross-site Request Forgery
94. OpenSSL Running Version Prior to 0.9.8zb
95. Microsoft Windows Kernel Win32k.sys PATHRECORD chain Multiple Vulnerabilities
96. VNC Server Authentication-less
97. SMB Use Host SID to Enumerate Local Users Without Credentials
98. Vulnerability in MHTML Allows Information Disclosure (MS11-037)
99. OpenSSL Running Version Prior to 0.9.8zf
100. Directory Disclosure
102. Chargen Detection
103. My Little Forum Cross Site Scripting
104. Keene Digital Media Server XSS
105. WebCam Watchdog sresult.exe XSS
108. DCP-Portal Cross Site Scripting Bugs
109. Apache Jakarta Cross-Site Scripting Vulnerability
110. PHP-CSL Cross Site Scripting
Here are the Most Common Low Risk Vulnerabilities:
3. NetBIOS Information Retrieval
4. Windows Host NetBIOS to Information Retrieval
5. rpcinfo -p Information Disclosure
6. Supported SSL Ciphers Suites
8. Remote Host Replies to SYN+FIN
12. SSH Server Backported Security Patches
13. NULL Session Available (SMB)
14. Identify Unknown Services via GET Requests
15. VNCviewer in Listen Mode Detection
17. DNS Bypass Firewall Rules (UDP 53)
18. RPC Portmapper
19. SNMP Protocol Version Detection
20. Telnet Detection
21. IIS Allows BASIC and/or NTLM Authentication
22. FTP Clear Text Authentication
24. Device Type
25. HTTP TRACE Method XSS Vulnerability
26. Microsoft IIS Default Page
27. Microsoft’s SQL UDP Info Query
28. HTTP Server Backported Security Patches
31. Apache HTTP Server httpOnly Cookie Information Leak
32. Microsoft .NET Handlers Enumeration
33. Flash Cross-Domain Policy File
34. Veritas NetBackup Agent Detection
35. SLP Detection
36. VMware ESX/GSX Server Detection
38. Apache HTTP Server httpOnly Cookie Information Disclosure
39. SMTP Service STARTTLS Command Support
40. SLP Server Detection (udp)
41. IIS Content-Location HTTP Header
42. Appweb HTTP Server Version
43. SMTP Authentication Methods
44. TFTPd Detection
Written by Beyond Security
We had an impossible mission: transform the hackers brain into a machine. Mission accomplished. Using automated software, Beyond Security is dedicated to finding common vulnerabilities and zero-day exploits at a fraction of the cost of human-based penetration testing. Businesses around the world have been relying on Beyond Security's vulnerability and compliance solutions since 1999. Whether you need to accurately assess and manage security weaknesses in your networks, applications, industrial systems or networked software, we're here for you - one step ahead of the hackers.
