OpenVAS CVE Scans

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Maksimitoisto
Posts: 1
Joined: Fri May 15, 2020 6:10 am

OpenVAS CVE Scans

Post by Maksimitoisto » Fri May 15, 2020 6:21 am

Anyone concerned about these CVE Problems in Apache in the latest release?

I Would like to know if there is any way to fix these manually for the time being?

I am running the latest version on Windows server:
SoftEther VPN Server and VPN Bridge (Ver 4.34, Build 9745, beta)

Is there still not a way to disable the web service all together as it has been pointed out here?
https://github.com/SoftEtherVPN/SoftEtherVPN/issues/959



CVE:S which I am concerned about
CVE-1999-1412 10.0 (High) 75 % 192.168.x.x Fri, May 15, 2020 5:44 AM UTC
Summary
Detection Result
The host carries the product: cpe:/a:apache:http_server
It is vulnerable according to: CVE-1999-1412.
The product was found at: 5555/tcp.

A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
Product Detection Result
Product cpe:/a:apache:http_server

Method CVE-1999-1412 (OID: CVE-1999-1412)

Log View details of product detection

Detection Method
Details:

CVE-1999-0236 10.0 (High) 75 % 192.168.x.x Fri, May 15, 2020 5:44 AM UTC
Summary
Detection Result
The host carries the product: cpe:/a:apache:http_server
It is vulnerable according to: CVE-1999-0236.
The product was found at: 5555/tcp.

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
Product Detection Result
Product cpe:/a:apache:http_server

Method CVE-1999-0236 (OID: CVE-1999-0236)

Log View details of product detection

Detection Method
Details:

CVE-1999-1237 10.0 (High) 75 % 192.168.x.x Fri, May 15, 2020 5:44 AM UTC
Summary
Detection Result
The host carries the product: cpe:/a:apache:http_server
It is vulnerable according to: CVE-1999-1237.
The product was found at: 5555/tcp.

Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
Product Detection Result
Product cpe:/a:apache:http_server

Method CVE-1999-1237 (OID: CVE-1999-1237)

Log View details of product detection

Detection Method
Details:

CVE-2009-1955 7.8 (High) 75 % 192.168.x.x Fri, May 15, 2020 5:44 AM UTC
Summary
Detection Result
The host carries the product: cpe:/a:apache:http_server
It is vulnerable according to: CVE-2009-1955.
The product was found at: 5555/tcp.

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
Product Detection Result
Product cpe:/a:apache:http_server

Method CVE-2009-1955 (OID: CVE-2009-1955)

Log View details of product detection

Detection Method
Details:

Post Reply