{"vulnerability": "cve-2015-4000", "sightings": [{"uuid": "8821e88b-0d13-40fe-bf23-1eb3382ab4fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "MISP/5b06d57d-f2b8-4357-9038-45d39f590eb0", "content": "", "creation_timestamp": "2018-05-24T15:44:33.000000Z"}, {"uuid": "93ac7063-af90-42e7-aa4b-7137b78aaae6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:42.000000Z"}, {"uuid": "9f704c18-0cee-459e-86a6-cd7449cf7712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:09:40.000000Z"}, {"uuid": "a9810c84-81e1-464a-b85a-9718985edb55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ssl/ssl_version.rb", "content": "", "creation_timestamp": "2022-11-07T22:22:31.000000Z"}, {"uuid": "5152ea71-8c34-47d9-9dc4-ecb447e38da0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "https://t.me/hex4gon1/908", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T03:02:07.000000Z"}, {"uuid": "c90349d8-cf0f-4373-873e-90a2a81e746c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "https://t.me/jokerssec/1351", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T03:00:05.000000Z"}, {"uuid": "2a6e8ebc-74fb-4bdf-aaca-66b2ef7f350a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "https://t.me/endsodomaofficial/7318", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T00:49:09.000000Z"}, {"uuid": "79fd9dc4-9f58-482a-914d-3eb94536f2d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "https://t.me/fucklulzsecisrahell/6294", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T02:55:48.000000Z"}, {"uuid": "c44a5a0e-d923-452a-9a1c-4e543f0c9e06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "https://t.me/marianaalecu/3622", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T00:48:21.000000Z"}, {"uuid": "fec7fbb5-763f-46b6-bfe6-daf52d6bb15f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "https://t.me/thegoodfatherag/8840", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T03:24:44.000000Z"}, {"uuid": "8bf2f3a4-c988-4b1b-b508-9a4e0276224b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "https://t.me/information_security_channel/9760", "content": "A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.\n\nSSL Vulnerabilities Detected by A2SV\n[CVE-2007-1858] Anonymous Cipher\n[CVE-2012-4929] CRIME(SPDY)\n[CVE-2014-0160] CCS Injection\n[CVE-2014-0224] HeartBleed\n[CVE-2014-3566] SSLv3 POODLE\n[CVE-2015-0204] FREAK Attack\n[CVE-2015-4000] LOGJAM Attack\n[CVE-2016-0800] SSLv2 DROWN\nPlanned for future:\n[PLAN] SSL ACCF\n[PLAN] SSL Information Analysis\nInstallation & Requirements for A2SV\nA.\nRead the rest of A2SV \u2013 Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed now! Only available at Darknet. (https://www.darknet.org.uk/2017/10/a2sv-auto-scanning-ssl-vulnerability-tool-poodle-heartbleed/)", "creation_timestamp": "2017-10-09T18:29:26.000000Z"}, {"uuid": "0d75d02f-b89b-4c3b-ab93-9928cbdd1f77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "https://gist.github.com/magajay4life-pixel/f7260a84b8e6d9a00baa0febf00bfd83", "content": "ID,Asset,Vulnerability,CVE,CVSS,Severity,Exploitability,Business Impact,Risk Rating,Remediation,Owner,Status\nVULN-001,Metasploitable Linux Server,Outdated Apache server 2.2.x EOL,N/A,9.8,Critical,High - Public exploits,Remote compromise,Critical,Upgrade Apache to 2.4+ and apply patches,WebAdmin,Open\nVULN-002,Metasploitable Linux Server,Operating system Ubuntu 8.04 EOL,N/A,10.0,Critical,High - No patches,Full system compromise,Critical,Upgrade to supported OS version,SysAdmin,Open\nVULN-003,Metasploitable Linux Server,Apache PHP-CGI Remote Code Execution,N/A,7.8,High,High - Metasploit module,Remote code execution,High,Disable CGI or patch PHP/Apache,WebAdmin,Open\nVULN-004,Metasploitable Linux Server,PHP-CGI query string injection,N/A,7.8,High,High - Public PoC,Remote code execution,High,Patch PHP and secure configurations,WebAdmin,Open\nVULN-005,Metasploitable Linux Server,CGI Remote File Inclusion,N/A,9.8,Critical,High - Metasploit module,System takeover,Critical,Disable remote file inclusion and validate inputs,WebAdmin,Open\nVULN-006,Metasploitable Linux Server,Publicly accessible phpinfo file,CWE-552,6.8,Medium,Medium - Recon,aids exploitation,Medium,Remove phpinfo files,WebAdmin,Open\nVULN-007,Metasploitable Linux Server,PHP version exposed via headers,N/A,7.5,High,Medium - Targeting known vulns,Targeted attacks,High,Disable expose_php,WebAdmin,Open\nVULN-008,Metasploitable Linux Server,Backup and sensitive files exposed,N/A,8.0,High,Medium - Direct access,Credential theft,High,Remove backup files and enforce access control,WebAdmin,Open\nVULN-009,Metasploitable Linux Server,Directory indexing enabled,CVE-1999-0678,6.5,Medium,Medium - Recon,Information disclosure,Medium,Disable directory listing,WebAdmin,Open\nVULN-010,Metasploitable Linux Server,Default Apache files exposed,N/A,9.2,Critical,Medium - Fingerprinting,Server fingerprinting,Critical,Remove default files,WebAdmin,Open\nVULN-011,Metasploitable Linux Server,HTTP TRACE/TRACK methods enabled,N/A,5.8,Medium,Medium - XST,Cookie/auth header exposure,Medium,Disable TRACE/TRACK,WebAdmin,Open\nVULN-012,Metasploitable Linux Server,Missing anti-clickjacking protection,N/A,6.8,Medium,Medium - Clickjacking,UI redress attacks,Medium,Add X-Frame-Options or CSP frame-ancestors,WebAdmin,Open\nVULN-013,Metasploitable Linux Server,Missing X-Content-Type-Options header,N/A,6.8,Medium,Medium - MIME sniffing,Malicious content execution,Medium,Add nosniff header,WebAdmin,Open\nVULN-014,Metasploitable Linux Server,Server responds to unsupported HTTP methods,N/A,7.5,High,Medium - Increased attack surface,Exploitation potential,High,Restrict HTTP methods,WebAdmin,Open\nVULN-015,Metasploitable Linux Server,Apache MultiViews enabled,CVE-2001-0731,7.5,High,Medium - Brute force,Discover hidden resources,High,Disable MultiViews,WebAdmin,Open\nVULN-016,Metasploitable Linux Server,phpMyAdmin exposed,N/A,7.0,High,High - SQLi/XSS,Database compromise,High,Restrict access and upgrade phpMyAdmin,DBA,Open\nVULN-017,Metasploitable Linux Server,vsFTPd backdoor vulnerability,CVE-2011-2523,10.0,Critical,High - Metasploit module,Remote root shell,Critical,Remove or patch FTP service,SysAdmin,Open\nVULN-018,Metasploitable Linux Server,UnrealIRCd backdoor,N/A,10.0,Critical,High - Metasploit module,Full compromise,Critical,Replace compromised service,SysAdmin,Open\nVULN-019,Metasploitable Linux Server,Bind shell backdoor detected,N/A,10.0,Critical,High - Active backdoor,Unauthorized remote access,Critical,Investigate and remove backdoor,SysAdmin,Open\nVULN-020,Metasploitable Linux Server,RMI registry remote class loading,N/A,9.0,Critical,High - RCE,Arbitrary code execution,Critical,Secure or disable RMI service,SysAdmin,Open\nVULN-021,Metasploitable Linux Server,VNC weak/default password,N/A,10.0,Critical,High - Brute force,Remote desktop access,Critical,Enforce strong authentication,SysAdmin,Open\nVULN-022,Metasploitable Linux Server,Telnet transmits credentials plaintext,N/A,9.8,Critical,High - MITM/Capture,Credential interception,Critical,Disable Telnet use SSH,SysAdmin,Open\nVULN-023,Metasploitable Linux Server,rlogin and rsh services enabled,N/A,9.8,Critical,High - Credential interception,Unauthorized access,Critical,Disable legacy services,SysAdmin,Open\nVULN-024,Metasploitable Linux Server,NFS shares world-readable,N/A,9.8,Critical,Medium - Mount shares,Data exposure,Critical,Restrict NFS permissions,SysAdmin,Open\nVULN-025,Metasploitable Linux Server,SMB signing not enforced,N/A,9.8,Critical,High - MITM/Session hijack,Session hijacking,Critical,Enable SMB signing,SysAdmin,Open\nVULN-026,Metasploitable Linux Server,Samba Badlock vulnerability,CVE-2016-2118,9.8,Critical,High - Public exploit,Privilege escalation,Critical,Patch Samba,SysAdmin,Open\nVULN-027,Metasploitable Linux Server,DNS cache poisoning,N/A,9.8,Critical,High - Cache poisoning,Traffic redirection,Critical,Patch DNS server,SysAdmin,Open\nVULN-028,Metasploitable Linux Server,DNS cache snooping,N/A,9.8,Critical,Medium - Info disclosure,Network activity inference,Critical,Restrict DNS recursion,SysAdmin,Open\nVULN-029,Metasploitable Linux Server,BIND DNS vulnerable to DoS,N/A,9.8,Critical,Medium - DoS,Service disruption,Critical,Upgrade BIND,SysAdmin,Open\nVULN-030,Metasploitable Linux Server,Slowloris DoS vulnerability,CVE-2007-6750,9.8,Critical,High - Resource exhaustion,Service unavailability,Critical,Configure connection limits/timeouts,WebAdmin,Open\nVULN-031,Metasploitable Linux Server,Weak SSL/TLS protocols SSLv2 SSLv3 TLS1.0,N/A,9.8,Critical,High - Downgrade attacks,Traffic interception,Critical,Disable weak protocols,WebAdmin,Open\nVULN-032,Metasploitable Linux Server,SSL POODLE vulnerability,CVE-2014-3566,9.8,Critical,Medium - Padding oracle,Decrypt encrypted traffic,Critical,Disable SSLv3,WebAdmin,Open\nVULN-033,Metasploitable Linux Server,SSL CCS Injection vulnerability,CVE-2014-0224,9.8,Critical,High - MITM,Session hijacking,Critical,Patch OpenSSL,WebAdmin,Open\nVULN-034,Metasploitable Linux Server,Weak Diffie-Hellman parameters Logjam,CVE-2015-4000,7.5,High,Medium - Downgrade,Decrypt traffic,High,Use strong DH groups,WebAdmin,Open\nVULN-035,Metasploitable Linux Server,Weak/anonymous cipher suites,N/A,7.5,High,Medium - Intercept,Communication interception,High,Disable weak ciphers,WebAdmin,Open\nVULN-036,Metasploitable Linux Server,RC4 cipher supported,N/A,6.8,Medium,Medium - Cryptographic attacks,Communication exposure,Medium,Disable RC4,WebAdmin,Open\nVULN-037,Metasploitable Linux Server,FREAK vulnerability,CVE-2015-0204,6.8,Medium,Medium - Downgrade,Weak encryption,Critical,Disable export ciphers,WebAdmin,Open\nVULN-038,Metasploitable Linux Server,SWEET32 vulnerability,N/A,9.8,Critical,Medium - Collision attacks,Session collision,Critical,Disable 3DES,WebAdmin,Open\nVULN-039,Metasploitable Linux Server,DROWN vulnerability,N/A,9.8,Critical,High - SSLv2 exploit,TLS session decryption,Critical,Disable SSLv2,WebAdmin,Open\nVULN-040,Metasploitable Linux Server,SSL certificate issues,N/A,9.8,Critical,Medium - MITM,Trust reduction/C MITM,Critical,Use valid certificates,WebAdmin,Open\nVULN-041,Metasploitable Linux Server,Weak SSH algorithms,N/A,9.8,Critical,High - Session compromise,Encrypted session compromise,Critical,Use strong algorithms,SysAdmin,Open\nVULN-042,Metasploitable Linux Server,Session cookies lack HttpOnly flag,N/A,9.8,Critical,High - XSS token theft,Session token access,Critical,Set HttpOnly and Secure flags,WebAdmin,Open\nVULN-043,Metasploitable Linux Server,Multiple exposed admin panels,N/A,9.8,Critical,High - Unauthorized access,File upload attacks,Critical,Restrict access and secure endpoints,WebAdmin,Open\nVULN-044,Metasploitable Linux Server,Apache Tomcat EOL version,N/A,9.8,Critical,High - Known exploits,Remote code execution,Critical,Upgrade Tomcat,WebAdmin,Open\nVULN-045,Metasploitable Linux Server,Weak password hashing MD5,N/A,9.8,Critical,High - Cracking,Password cracking,Critical,Use bcrypt/Argon2,SysAdmin,Open\nVULN-046,Metasploitable Linux Server,Application error disclosure,N/A,7.5,Critical,Medium - Info disclosure,Targeted attacks,Critical,Implement generic error handling,WebAdmin,Open\nVULN-047,Metasploitable Linux Server,Missing Content Security Policy,N/A,9.8,Critical,High - XSS/Data injection,XSS and data injection,Critical,Implement CSP header,WebAdmin,Open\nVULN-048,Metasploitable Linux Server,Vulnerable/outdated JavaScript library,N/A,6.8,Critical,Medium - XSS/Script injection,Client-side attacks,Critical,Update JS libraries,WebAdmin,Open", "creation_timestamp": "2026-06-16T06:00:26.000000Z"}]}