Debian can also run on the FreeBSD kernel. I changed o/Linux/ to o/Unix/
and added the debian_kfreebsd CPE to most match lines that mentioned
Debian. I excepted a few that said explicitly "Debian GNU/Linux".
This reflects a deprecation in the official CPE dictionary, which seems
to have happened on 2012-03-08.
<cpe-item deprecation_date="2012-03-08T20:00:15.120Z" deprecated_by="cpe:/o:linux:linux_kernel:2.6.0" deprecated="true" name="cpe:/o:linux:kernel:2.6.0">
<title xml:lang="en-US">Linux Kernel 2.6.0</title>
<meta:item-metadata modification-date="2012-03-08T20:00:15.120Z" status="DRAFT" deprecated-by-nvd-id="35565" nvd-id="91585" />
</cpe-item>
Generally, when we know the specific name of a web server, for example,
running on an embedded system, we prefer to list the server itself in
p// and v//, and the hardware in i//, like so:
match m|| p/thttpd/ v/$1/ i/Foobar 2000 ADSL router http config/
But it's very common that match lines instead look like this:
match m|| p/Foobar 2000 ADSL router http config/ i/thttpd $1/
This commit fixes many of these, with assistance from sv-tidy.
sv-tidy complains:
8487: can't parse m regex (bad character range): |^HTTP/1\.0 405 Method Not Allowed\r\nServer: Membase Server ([\w-.]+)\r\nPragma:|
8488: can't parse m regex (bad character range): |^HTTP/1\.0 405 Method Not Allowed\r\nServer: Couchbase Server ([\w-.]+)\r\nPragma:|
Barracuda HTTP filter - adjustment to match more versions
GlobalScape CuteFTP sshd - additional match line
Cisco ASA WebVPN - additional match line
VMware View - additional match line
Bomgar Remote Access - new product detection
Sybase SQLAnywhere httpd - new product detection, version string
starts an application, and sends a sequence of keystrokes to it. [Patrik
Karlsson]
o [NSE] Added the script mmouse-brute that performs brute force password
auditing against the Mobile Mouse service. [Patrik Karlsson]
