From a520bf8f23ce976e6bf4fc334d0dd35b60337e44 Mon Sep 17 00:00:00 2001 From: nnposter Date: Tue, 2 Apr 2019 16:51:36 +0000 Subject: [PATCH] Removes OSVDB references from scripts. Closes #1534 Code specific to OSVDB in vulns.lua is retained for historical reasons --- nselib/data/http-fingerprints.lua | 2 +- nselib/vulns.lua | 2 +- scripts/distcc-cve2004-2687.nse | 12 +++++------- scripts/ftp-libopie.nse | 8 ++++---- scripts/ftp-proftpd-backdoor.nse | 4 ++-- scripts/ftp-vsftpd-backdoor.nse | 8 ++++---- scripts/ftp-vuln-cve2010-4221.nse | 11 +++++------ scripts/http-axis2-dir-traversal.nse | 8 ++++---- scripts/http-iis-short-name-brute.nse | 8 ++++---- scripts/http-vuln-cve2009-3960.nse | 4 ++-- scripts/http-vuln-cve2010-2861.nse | 18 +++++++++--------- scripts/http-vuln-cve2011-3192.nse | 24 ++++++++++++------------ scripts/http-vuln-cve2011-3368.nse | 10 +++++----- scripts/http-vuln-cve2013-6786.nse | 2 +- scripts/ipmi-cipher-zero.nse | 6 ++---- scripts/smtp-vuln-cve2011-1720.nse | 8 ++++---- scripts/smtp-vuln-cve2011-1764.nse | 10 +++++----- scripts/ssl-dh-params.nse | 6 +++--- scripts/ssl-poodle.nse | 8 ++++---- 19 files changed, 77 insertions(+), 82 deletions(-) diff --git a/nselib/data/http-fingerprints.lua b/nselib/data/http-fingerprints.lua index 6fe256aef..24dbaf373 100644 --- a/nselib/data/http-fingerprints.lua +++ b/nselib/data/http-fingerprints.lua @@ -6951,7 +6951,7 @@ table.insert(fingerprints, { matches = { { match = '200', - output = 'Possible DD-WRT router Information Disclosure (OSVDB 70230)' + output = 'Possible DD-WRT router Information Disclosure (BID 45598)' } } }); diff --git a/nselib/vulns.lua b/nselib/vulns.lua index 40d0676df..755ec1bbe 100644 --- a/nselib/vulns.lua +++ b/nselib/vulns.lua @@ -454,7 +454,7 @@ local POPULAR_IDS_LINKS = { return string_format("%s%s", link, id) end, BID = function(id) - local link = 'http://www.securityfocus.com/bid/' + local link = 'https://www.securityfocus.com/bid/' return string_format("%s%s", link, id) end, } diff --git a/scripts/distcc-cve2004-2687.nse b/scripts/distcc-cve2004-2687.nse index 525bc740c..e2b09f229 100644 --- a/scripts/distcc-cve2004-2687.nse +++ b/scripts/distcc-cve2004-2687.nse @@ -33,10 +33,9 @@ present in modern implementation due to poor configuration of the service. -- | uid=118(distccd) gid=65534(nogroup) groups=65534(nogroup) -- | -- | References: --- | http://distcc.googlecode.com/svn/trunk/doc/web/security.html --- | http://http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2687 --- | http://http://www.osvdb.org/13378 --- |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2687 +-- | https://distcc.github.io/security.html +-- | https://nvd.nist.gov/vuln/detail/CVE-2004-2687 +-- |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2687 -- -- @args cmd the command to run at the remote server -- @@ -66,9 +65,8 @@ Allows executing of arbitrary commands on systems running distccd 3.1 and earlier. The vulnerability is the consequence of weak service configuration. ]], references = { - 'http://http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2687', - 'http://http://www.osvdb.org/13378', - 'http://distcc.googlecode.com/svn/trunk/doc/web/security.html', + 'https://nvd.nist.gov/vuln/detail/CVE-2004-2687', + 'https://distcc.github.io/security.html', }, dates = { disclosure = {year = '2002', month = '02', day = '01'}, }, exploit_results = {}, diff --git a/scripts/ftp-libopie.nse b/scripts/ftp-libopie.nse index 13f63b2d2..c5dfd147a 100644 --- a/scripts/ftp-libopie.nse +++ b/scripts/ftp-libopie.nse @@ -18,7 +18,7 @@ Be advised that, if launched against a vulnerable host, this script will crash t -- | VULNERABLE: -- | OPIE off-by-one stack overflow -- | State: LIKELY VULNERABLE --- | IDs: CVE:CVE-2010-1938 OSVDB:64949 +-- | IDs: CVE:CVE-2010-1938 BID:40403 -- | Risk factor: High CVSSv2: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C) -- | Description: -- | An off-by-one error in OPIE library 2.4.1-test1 and earlier, allows remote @@ -26,10 +26,10 @@ Be advised that, if launched against a vulnerable host, this script will crash t -- | via a long username. -- | Disclosure date: 2010-05-27 -- | References: --- | http://osvdb.org/64949 -- | http://site.pi3.com.pl/adv/libopie-adv.txt -- | http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc --- |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1938 +-- | https://www.securityfocus.com/bid/40403 +-- |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1938 -- @@ -43,7 +43,7 @@ portrule = shortport.port_or_service(21, "ftp") action = function(host, port) local opie_vuln = { title = "OPIE off-by-one stack overflow", - IDS = {CVE = 'CVE-2010-1938', OSVDB = '64949'}, + IDS = {CVE = 'CVE-2010-1938', BID = '40403'}, risk_factor = "High", scores = { CVSSv2 = "9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C)", diff --git a/scripts/ftp-proftpd-backdoor.nse b/scripts/ftp-proftpd-backdoor.nse index 0ea5e06de..95fc6701d 100644 --- a/scripts/ftp-proftpd-backdoor.nse +++ b/scripts/ftp-proftpd-backdoor.nse @@ -7,8 +7,8 @@ local stdnse = require "stdnse" -- vim: set filetype=lua : description = [[ -Tests for the presence of the ProFTPD 1.3.3c backdoor reported as OSVDB-ID -69562. This script attempts to exploit the backdoor using the innocuous +Tests for the presence of the ProFTPD 1.3.3c backdoor reported as BID +45150. This script attempts to exploit the backdoor using the innocuous id command by default, but that can be changed with the ftp-proftpd-backdoor.cmd script argument. ]] diff --git a/scripts/ftp-vsftpd-backdoor.nse b/scripts/ftp-vsftpd-backdoor.nse index de897e08e..6b79df85f 100644 --- a/scripts/ftp-vsftpd-backdoor.nse +++ b/scripts/ftp-vsftpd-backdoor.nse @@ -34,7 +34,7 @@ References: -- | VULNERABLE: -- | vsFTPd version 2.3.4 backdoor -- | State: VULNERABLE (Exploitable) --- | IDs: CVE:CVE-2011-2523 OSVDB:73573 +-- | IDs: CVE:CVE-2011-2523 BID:48539 -- | Description: -- | vsFTPd version 2.3.4 backdoor, this was reported on 2011-07-04. -- | Disclosure date: 2011-07-03 @@ -43,8 +43,8 @@ References: -- | Shell command: id -- | Results: uid=0(root) gid=0(root) groups=0(root) -- | References: --- | http://osvdb.org/73573 --- | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523 +-- | https://www.securityfocus.com/bid/48539 +-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523 -- | http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html -- |_ https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb -- @@ -137,7 +137,7 @@ action = function(host, port) local vsftp_vuln = { title = "vsFTPd version 2.3.4 backdoor", - IDS = {CVE = 'CVE-2011-2523', OSVDB = '73573'}, + IDS = {CVE = 'CVE-2011-2523', BID = '48539'}, description = [[ vsFTPd version 2.3.4 backdoor, this was reported on 2011-07-04.]], references = { diff --git a/scripts/ftp-vuln-cve2010-4221.nse b/scripts/ftp-vuln-cve2010-4221.nse index 82f054d04..c02a99664 100644 --- a/scripts/ftp-vuln-cve2010-4221.nse +++ b/scripts/ftp-vuln-cve2010-4221.nse @@ -14,7 +14,7 @@ the context of the proftpd process (CVE-2010-4221). Authentication is not required to exploit this vulnerability. Reference: -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4221 +* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4221 * http://www.exploit-db.com/exploits/15449/ * http://www.metasploit.com/modules/exploit/freebsd/ftp/proftp_telnet_iac ]] @@ -30,7 +30,7 @@ Reference: -- | VULNERABLE: -- | ProFTPD server TELNET IAC stack overflow -- | State: VULNERABLE --- | IDs: CVE:CVE-2010-4221 BID:44562 OSVDB:68985 +-- | IDs: CVE:CVE-2010-4221 BID:44562 -- | Risk factor: High CVSSv2: 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- | Description: -- | ProFTPD server (version 1.3.2rc3 through 1.3.3b) is vulnerable to @@ -39,11 +39,10 @@ Reference: -- | execute arbitrary code. -- | Disclosure date: 2010-11-02 -- | References: --- | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4221 --- | http://osvdb.org/68985 +-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4221 -- | http://www.metasploit.com/modules/exploit/freebsd/ftp/proftp_telnet_iac -- | http://bugs.proftpd.org/show_bug.cgi?id=3521 --- |_ http://www.securityfocus.com/bid/44562 +-- |_ https://www.securityfocus.com/bid/44562 -- author = "Djalal Harouni" @@ -169,7 +168,7 @@ action = function(host, port) port = port, vuln = { title = 'ProFTPD server TELNET IAC stack overflow', - IDS = {CVE = 'CVE-2010-4221', OSVDB = '68985', BID = '44562'}, + IDS = {CVE = 'CVE-2010-4221', BID = '44562'}, risk_factor = "High", scores = { CVSSv2 = "10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C)", diff --git a/scripts/http-axis2-dir-traversal.nse b/scripts/http-axis2-dir-traversal.nse index 1826207e4..bf90cac7f 100644 --- a/scripts/http-axis2-dir-traversal.nse +++ b/scripts/http-axis2-dir-traversal.nse @@ -10,7 +10,7 @@ local table = require "table" description = [[ Exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by sending a specially crafted request to the parameter xsd -(OSVDB-59001). By default it will try to retrieve the configuration file of the +(BID 40343). By default it will try to retrieve the configuration file of the Axis2 service '/conf/axis2.xml' using the path '/axis2/services/' to return the username and password of the admin account. @@ -26,8 +26,8 @@ To check the version of an Apache Axis2 installation go to: http://domain/axis2/services/Version/getVersion Reference: -* http://osvdb.org/show/osvdb/59001 -* http://www.exploit-db.com/exploits/12721/ +* https://www.securityfocus.com/bid/40343 +* https://www.exploit-db.com/exploits/12721/ ]] --- @@ -162,7 +162,7 @@ action = function(host, port) return end - output[#output+1] = "\nApache Axis2 Directory Traversal (OSVDB-59001)" + output[#output+1] = "\nApache Axis2 Directory Traversal (BID 40343)" --Retrieve file or only show credentials if downloading the configuration file if rfile ~= DEFAULT_FILE then diff --git a/scripts/http-iis-short-name-brute.nse b/scripts/http-iis-short-name-brute.nse index 6a5a603ee..bc4762fb9 100644 --- a/scripts/http-iis-short-name-brute.nse +++ b/scripts/http-iis-short-name-brute.nse @@ -11,7 +11,7 @@ Notes: References: * Research paper: http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf -* IIS Shortname Scanner PoC: http://code.google.com/p/iis-shortname-scanner-poc/ +* IIS Shortname Scanner PoC: https://github.com/irsdl/IIS-ShortName-Scanner ]] --- @@ -42,7 +42,7 @@ References: -- | -- | References: -- | http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf --- |_ http://code.google.com/p/iis-shortname-scanner-poc/ +-- |_ https://github.com/irsdl/IIS-ShortName-Scanner --- author = {"Jesper Kueckelhahn", "Paulino Calderon"} @@ -156,8 +156,8 @@ cause a denial of service condition. ]], references = { 'http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf', - 'http://code.google.com/p/iis-shortname-scanner-poc/', - 'http://www.osvdb.org/83771' + 'https://github.com/irsdl/IIS-ShortName-Scanner', + 'https://www.securityfocus.com/archive/1/523424' } } local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port) diff --git a/scripts/http-vuln-cve2009-3960.nse b/scripts/http-vuln-cve2009-3960.nse index da6d67ec9..38c1e9da8 100644 --- a/scripts/http-vuln-cve2009-3960.nse +++ b/scripts/http-vuln-cve2009-3960.nse @@ -15,7 +15,7 @@ ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0 For more information see: * http://www.security-assessment.com/files/advisories/2010-02-22_Multiple_Adobe_Products-XML_External_Entity_and_XML_Injection.pdf -* http://www.osvdb.org/62292 +* https://www.securityfocus.com/bid/38197 * Metasploit module: auxiliary/scanner/http/adobe_xml_inject ]] @@ -131,7 +131,7 @@ Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0]], references = { 'http://www.security-assessment.com/files/advisories/2010-02-22_Multiple_Adobe_Products-XML_External_Entity_and_XML_Injection.pdf', - 'http://www.osvdb.org/62292' + 'https://www.securityfocus.com/bid/38197' }, dates = { disclosure = {year = '2010', month = '02', day = '15'}, diff --git a/scripts/http-vuln-cve2010-2861.nse b/scripts/http-vuln-cve2010-2861.nse index dd01345b8..9b48c04ae 100644 --- a/scripts/http-vuln-cve2010-2861.nse +++ b/scripts/http-vuln-cve2010-2861.nse @@ -30,7 +30,7 @@ the password hash. -- | VULNERABLE: -- | Adobe ColdFusion enter.cfm Traversal password.properties Information Disclosure -- | State: VULNERABLE --- | IDs: CVE:CVE-2010-2861 OSVDB:67047 +-- | IDs: CVE:CVE-2010-2861 BID:42342 -- | Description: -- | Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion -- | 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter @@ -44,10 +44,10 @@ the password hash. -- | -- | References: -- | http://www.blackhatacademy.org/security101/Cold_Fusion_Hacking --- | http://www.nessus.org/plugins/index.php?view=single&id=48340 --- | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2861 --- | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2861 --- |_ http://osvdb.org/67047 +-- | https://www.tenable.com/plugins/nessus/48340 +-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2861 +-- | https://nvd.nist.gov/vuln/detail/CVE-2010-2861 +-- |_ https://www.securityfocus.com/bid/42342 -- -- -- This script relies on the service being identified as HTTP or HTTPS. If the @@ -66,16 +66,16 @@ action = function(host, port) local vuln = { title = 'Adobe ColdFusion Directory Traversal Vulnerability', state = vulns.STATE.NOT_VULN, -- default - IDS = {CVE = 'CVE-2010-2861', OSVDB = '67047'}, + IDS = {CVE = 'CVE-2010-2861', BID = '42342'}, description = [[ Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter]], references = { 'http://www.blackhatacademy.org/security101/Cold_Fusion_Hacking', - 'http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2861', - 'http://osvdb.org/67047', - 'http://www.nessus.org/plugins/index.php?view=single&id=48340', + 'https://nvd.nist.gov/vuln/detail/CVE-2010-2861', + 'https://www.securityfocus.com/bid/42342', + 'https://www.tenable.com/plugins/nessus/48340', }, dates = { disclosure = {year = '2010', month = '08', day = '10'}, diff --git a/scripts/http-vuln-cve2011-3192.nse b/scripts/http-vuln-cve2011-3192.nse index a92a26ede..bbbf2a7ee 100644 --- a/scripts/http-vuln-cve2011-3192.nse +++ b/scripts/http-vuln-cve2011-3192.nse @@ -8,9 +8,9 @@ Detects a denial of service vulnerability in the way the Apache web server handles requests for multiple overlapping/simple ranges of a page. References: -* http://seclists.org/fulldisclosure/2011/Aug/175 -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 -* http://nessus.org/plugins/index.php?view=single&id=55976 +* https://seclists.org/fulldisclosure/2011/Aug/175 +* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 +* https://www.tenable.com/plugins/nessus/55976 ]] --- @@ -26,16 +26,16 @@ References: -- | VULNERABLE: -- | Apache byterange filter DoS -- | State: VULNERABLE --- | IDs: CVE:CVE-2011-3192 OSVDB:74721 +-- | IDs: CVE:CVE-2011-3192 BID:49303 -- | Description: -- | The Apache web server is vulnerable to a denial of service attack when numerous -- | overlapping byte ranges are requested. -- | Disclosure date: 2011-08-19 -- | References: --- | http://seclists.org/fulldisclosure/2011/Aug/175 --- | http://nessus.org/plugins/index.php?view=single&id=55976 --- | http://osvdb.org/74721 --- |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 +-- | https://seclists.org/fulldisclosure/2011/Aug/175 +-- | https://www.tenable.com/plugins/nessus/55976 +-- | https://www.securityfocus.com/bid/49303 +-- |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 -- -- @args http-vuln-cve2011-3192.hostname Define the host name to be used in the HEAD request sent to the server -- @args http-vuln-cve2011-3192.path Define the request path @@ -62,14 +62,14 @@ action = function(host, port) local vuln = { title = 'Apache byterange filter DoS', state = vulns.STATE.NOT_VULN, -- default - IDS = {CVE = 'CVE-2011-3192', OSVDB = '74721'}, + IDS = {CVE = 'CVE-2011-3192', BID = '49303'}, description = [[ The Apache web server is vulnerable to a denial of service attack when numerous overlapping byte ranges are requested.]], references = { - 'http://seclists.org/fulldisclosure/2011/Aug/175', - 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192', - 'http://nessus.org/plugins/index.php?view=single&id=55976', + 'https://seclists.org/fulldisclosure/2011/Aug/175', + 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192', + 'https://www.tenable.com/plugins/nessus/55976', }, dates = { disclosure = {year = '2011', month = '08', day = '19'}, diff --git a/scripts/http-vuln-cve2011-3368.nse b/scripts/http-vuln-cve2011-3368.nse index 0c613fc72..e60f1f5c8 100644 --- a/scripts/http-vuln-cve2011-3368.nse +++ b/scripts/http-vuln-cve2011-3368.nse @@ -28,7 +28,7 @@ References: -- | VULNERABLE: -- | Apache mod_proxy Reverse Proxy Security Bypass -- | State: VULNERABLE --- | IDs: CVE:CVE-2011-3368 OSVDB:76079 +-- | IDs: CVE:CVE-2011-3368 BID:49957 -- | Description: -- | An exposure was reported affecting the use of Apache HTTP Server in -- | reverse proxy mode. The exposure could inadvertently expose internal @@ -37,8 +37,8 @@ References: -- | Extra information: -- | Proxy allows requests to external websites -- | References: --- | http://osvdb.org/76079 --- |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368 +-- | https://www.securityfocus.com/bid/49957 +-- |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368 -- -- @args http-vuln-cve2011-3368.prefix sets the path prefix (directory) to check for the vulnerability. -- @@ -55,12 +55,12 @@ action = function(host, port) local vuln = { title = 'Apache mod_proxy Reverse Proxy Security Bypass', - IDS = { CVE='CVE-2011-3368', OSVDB='76079'}, + IDS = { CVE='CVE-2011-3368', BID='49957'}, description = [[ An exposure was reported affecting the use of Apache HTTP Server in reverse proxy mode. The exposure could inadvertently expose internal servers to remote users who send carefully crafted requests.]], - references = { 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368' }, + references = { 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368' }, dates = { disclosure = { year='2011', month='10', day='05'} }, diff --git a/scripts/http-vuln-cve2013-6786.nse b/scripts/http-vuln-cve2013-6786.nse index ba8f94ced..1f0953a16 100644 --- a/scripts/http-vuln-cve2013-6786.nse +++ b/scripts/http-vuln-cve2013-6786.nse @@ -54,7 +54,7 @@ can be injected into the resulting 404 page. This includes linking to an untrusted website and XSS injection.]], IDS = { CVE = "CVE-2013-6786", - OSVDB = "99694", + BID = "63721", }, references = { 'https://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf', diff --git a/scripts/ipmi-cipher-zero.nse b/scripts/ipmi-cipher-zero.nse index aa90b240d..716bef470 100644 --- a/scripts/ipmi-cipher-zero.nse +++ b/scripts/ipmi-cipher-zero.nse @@ -35,8 +35,7 @@ description = [[ -- | -- | References: -- | http://fish2.com/ipmi/cipherzero.html --- | http://osvdb.org/show/osvdb/93039 --- |_ http://osvdb.org/show/osvdb/93040 +-- |_ https://www.us-cert.gov/ncas/alerts/TA13-207A -- author = "Claudiu Perta " @@ -63,8 +62,7 @@ functionality ]], references = { 'http://fish2.com/ipmi/cipherzero.html', - 'http://osvdb.org/show/osvdb/93040', - 'http://osvdb.org/show/osvdb/93039', + 'https://www.us-cert.gov/ncas/alerts/TA13-207A', } } diff --git a/scripts/smtp-vuln-cve2011-1720.nse b/scripts/smtp-vuln-cve2011-1720.nse index 5552c47dd..31402492a 100644 --- a/scripts/smtp-vuln-cve2011-1720.nse +++ b/scripts/smtp-vuln-cve2011-1720.nse @@ -27,7 +27,7 @@ Reference: -- | VULNERABLE: -- | Postfix SMTP server Cyrus SASL Memory Corruption -- | State: VULNERABLE --- | IDs: CVE:CVE-2011-1720 OSVDB:72259 +-- | IDs: CVE:CVE-2011-1720 BID:47778 -- | Description: -- | The Postfix SMTP server is vulnerable to a memory corruption vulnerability -- | when the Cyrus SASL library is used with authentication mechanisms other @@ -39,8 +39,8 @@ Reference: -- | Available AUTH MECHANISMS: CRAM-MD5 DIGEST-MD5 NTLM PLAIN LOGIN -- | References: -- | http://www.postfix.org/CVE-2011-1720.html --- | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1720 --- |_ http://osvdb.org/72259 +-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1720 +-- |_ https://www.securityfocus.com/bid/47778 author = "Djalal Harouni" license = "Same as Nmap--See https://nmap.org/book/man-legal.html" @@ -261,7 +261,7 @@ action = function(host, port) smtp.get_domain(host), vuln = { title = 'Postfix SMTP server Cyrus SASL Memory Corruption', - IDS = {CVE = 'CVE-2011-1720', OSVDB = '72259'}, + IDS = {CVE = 'CVE-2011-1720', BID = '47778'}, description = [[ The Postfix SMTP server is vulnerable to a memory corruption vulnerability when the Cyrus SASL library is used with authentication mechanisms other diff --git a/scripts/smtp-vuln-cve2011-1764.nse b/scripts/smtp-vuln-cve2011-1764.nse index 8c9683ab2..d64fcd2d4 100644 --- a/scripts/smtp-vuln-cve2011-1764.nse +++ b/scripts/smtp-vuln-cve2011-1764.nse @@ -16,7 +16,7 @@ and execute arbitrary code with the privileges of the Exim daemon. Reference: * http://bugs.exim.org/show_bug.cgi?id=1106 * http://thread.gmane.org/gmane.mail.exim.devel/4946 -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-1764 +* https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1764 * http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail ]] @@ -31,7 +31,7 @@ Reference: -- | VULNERABLE: -- | Exim DKIM format string -- | State: VULNERABLE --- | IDs: CVE:CVE-2011-1764 OSVDB:72156 +-- | IDs: CVE:CVE-2011-1764 BID:47736 -- | Risk factor: High CVSSv2: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) -- | Description: -- | Exim SMTP server (version 4.70 through 4.75) with DomainKeys Identified @@ -40,8 +40,8 @@ Reference: -- | arbitrary code with the privileges of the Exim daemon. -- | Disclosure date: 2011-04-29 -- | References: --- | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1764 --- | http://osvdb.org/72156 +-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1764 +-- | https://www.securityfocus.com/bid/47736 -- |_ http://bugs.exim.org/show_bug.cgi?id=1106 -- -- @args smtp-vuln-cve2011-1764.mailfrom Define the source email address to @@ -206,7 +206,7 @@ action = function(host, port) mailto = stdnse.get_script_args('smtp-vuln-cve2011-1764.mailto'), vuln = { title = 'Exim DKIM format string', - IDS = {CVE = 'CVE-2011-1764', OSVDB = '72156'}, + IDS = {CVE = 'CVE-2011-1764', BID = '47736'}, risk_factor = "High", scores = { CVSSv2 = "7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P)", diff --git a/scripts/ssl-dh-params.nse b/scripts/ssl-dh-params.nse index 0d7481d25..458242017 100644 --- a/scripts/ssl-dh-params.nse +++ b/scripts/ssl-dh-params.nse @@ -31,7 +31,7 @@ Opportunistic STARTTLS sessions are established on services that support them. -- | VULNERABLE: -- | Transport Layer Security (TLS) Protocol DHE_EXPORT Ciphers Downgrade MitM (Logjam) -- | State: VULNERABLE --- | IDs: OSVDB:122331 CVE:CVE-2015-4000 +-- | IDs: BID:74733 CVE:CVE-2015-4000 -- | The Transport Layer Security (TLS) protocol contains a flaw that is triggered -- | when handling Diffie-Hellman key exchanges defined with the DHE_EXPORT cipher. -- | This may allow a man-in-the-middle attacker to downgrade the security of a TLS @@ -50,7 +50,7 @@ Opportunistic STARTTLS sessions are established on services that support them. -- | References: -- | https://weakdh.org -- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000 --- | http://osvdb.org/122331 +-- | https://www.securityfocus.com/bid/74733 -- | -- | Diffie-Hellman Key Exchange Insufficient Diffie-Hellman Group Strength -- | State: VULNERABLE @@ -837,7 +837,7 @@ the encrypted stream.]], state = vulns.STATE.NOT_VULN, IDS = { CVE = 'CVE-2015-4000', - OSVDB = '122331' + BID = '74733' }, SCORES = { CVSSv2 = '4.3' diff --git a/scripts/ssl-poodle.nse b/scripts/ssl-poodle.nse index 9b2b12149..9a71b49a7 100644 --- a/scripts/ssl-poodle.nse +++ b/scripts/ssl-poodle.nse @@ -34,7 +34,7 @@ your TLS ciphersuites. -- | VULNERABLE: -- | SSL POODLE information leak -- | State: VULNERABLE --- | IDs: CVE:CVE-2014-3566 OSVDB:113251 +-- | IDs: CVE:CVE-2014-3566 BID:70574 -- | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and -- | other products, uses nondeterministic CBC padding, which makes it easier -- | for man-in-the-middle attackers to obtain cleartext data via a @@ -44,8 +44,8 @@ your TLS ciphersuites. -- | TLS_RSA_WITH_3DES_EDE_CBC_SHA -- | References: -- | https://www.imperialviolet.org/2014/10/14/poodle.html --- | http://osvdb.org/113251 --- | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 +-- | https://www.securityfocus.com/bid/70574 +-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 -- |_ https://www.openssl.org/~bodo/ssl-poodle.pdf -- @@ -321,7 +321,7 @@ action = function(host, port) state = vulns.STATE.NOT_VULN, IDS = { CVE = 'CVE-2014-3566', - OSVDB = '113251' + BID = '70574' }, SCORES = { CVSSv2 = '4.3'