This data is a snapshot as of June 1, 2006. Changes from the data set described in Learning DFA Representations of HTTP for Protecting Web Applications by Kenneth L. Ingham, Anil Somayaji, John Burge, and Stephanie Forrest will be described here (currently, no changes have been made).
Each of these links contains:
The whole database is also available as a gzipped tar file.
This work is licensed under a
Creative Commons
Attribution-Share Alike 3.0 License.
Number | Name | Category | Effect | Victim server | OS | Source |
Statistics | Buffer overflow: 10 Failure to Handle Exceptional Conditions: 2 File disclosure: 1 Information leak: 1 Input validation error: 22 Poor memory management: 1 Poor resource management: 2 Signed interpretation of unsigned value: 4 URL decoding error: 22 | Denial of Service: 12 File disclosure: 1 Path disclosure: 2 Remote access: 31 Remote reconfiguration: 2 Unauthorized file access: 16 Write files as web server user: 1 | Active Perl ISAPI: 1 AltaVista Search Engine: 4 AnalogX SimpleServer:WWW v1.01: 1 Apache: 10 Apache with mod_php: 4 Apache, NCSA: 6 CERN 3.0A: 1 FrontPage Personal Web Server: 1 Hughes Technologies Mini SQL: 1 IIS: 29 InetServ 3.0: 1 Netscape FastTrack 2.01a: 1 Nortel Contivity Extranet Switches: 2 OmniHTTPd: 1 PlusMail: 2 | *BSD: 1 Any Unix/Linux: 2 FreeBSD 2.2.x, FreeBSD 3.0, IRIX 5.3, IRIX 6.2: 1 Linux, *BSD, Unix: 6 NT: 2 OpenBSD: 1 SCO UnixWare: 1 Solaris x86: 1 Unix: 6 VxWorks: 2 Windows: 35 Windows NT: 1 Windows, Linux, *BSD, Unix: 3 Windows, Linux, AIX, Mac OS X, *BSD: 3 | Bugtraq: 7 Captured with snort: 20 Cerberus: 1 Lincoln Labs data: 2 No Source information: 3 OSVDB: 2 Packetstorm: 24 Packetstorm, Bugtraq: 5 Packetstorm, NTBugtraq: 1 | |
33 | ADSI path disclosure | Information leak | Path disclosure | IIS | Windows | Packetstorm, NTBugtraq |
46 | Active Perl ISAPI buffer overflow | Buffer overflow | Remote access | Active Perl ISAPI | Windows | Packetstorm |
32 | AltaVista Search Engine Directory Traversal | Input validation error | Unauthorized file access | AltaVista Search Engine | Linux, *BSD, Unix | Bugtraq |
31 | AltaVista Search Engine Directory Traversal | Input validation error | Unauthorized file access | AltaVista Search Engine | Linux, *BSD, Unix | Bugtraq |
29 | AltaVista Search Engine Directory Traversal | Input validation error | Unauthorized file access | AltaVista Search Engine | Linux, *BSD, Unix | Packetstorm |
30 | AltaVista Search Engine Directory Traversal | Input validation error | Unauthorized file access | AltaVista Search Engine | Windows | Bugtraq |
60 | Apache Sioux | Poor memory management | Denial of Service | Apache | FreeBSD 2.2.x, FreeBSD 3.0, IRIX 5.3, IRIX 6.2 | Lincoln Labs data |
59 | Apache Win32 .var File Web Path Disclosure | Input validation error | Path disclosure | Apache | Windows | No Source information |
58 | Apache Win32 Directory Traversal | URL decoding error | Remote access | Apache | Windows | OSVDB |
57 | Apache Win32 Directory Traversal | URL decoding error | Unauthorized file access | Apache | Windows | OSVDB |
61 | Beck, variant 1 | Poor resource management | Denial of Service | Apache | Any Unix/Linux | Packetstorm |
62 | Beck, variant 2 | Poor resource management | Denial of Service | Apache | Any Unix/Linux | Packetstorm |
45 | CERN 3.0 heap overflow | Buffer overflow | Denial of Service | CERN 3.0A | Windows, Linux, *BSD, Unix | Packetstorm |
22 | Chunked transfer error | Signed interpretation of unsigned value | Denial of Service | Apache | Windows, Linux, *BSD, Unix | Bugtraq |
23 | Chunked transfer error | Signed interpretation of unsigned value | Denial of Service | Apache | Windows, Linux, *BSD, Unix | Bugtraq |
24 | Code-red | Buffer overflow | Remote access | IIS | Windows | Captured with snort |
25 | GET Buffer Overflow | Buffer overflow | Remote access | Netscape FastTrack 2.01a | SCO UnixWare | Packetstorm |
47 | IIS 5 remote .printer overflow | Buffer overflow | Remote access | IIS | Windows | Packetstorm |
26 | Long GET Request Vulnerability | Buffer overflow | Remote access | InetServ 3.0 | Windows | Packetstorm |
48 | Long Request Buffer Overflow | Buffer overflow | Denial of Service | OmniHTTPd | Windows | Packetstorm |
43 | MS IIS/PWS Escaped Characters Decoding Command Execution | URL decoding error | Remote access | IIS | Windows | Packetstorm |
44 | MS IIS/PWS Escaped Characters Decoding Command Execution | URL decoding error | Remote access | IIS | Windows | Packetstorm |
55 | Microsoft FrontPage PWS Directory Traversal | Input validation error | Unauthorized file access | FrontPage Personal Web Server | Windows | Packetstorm, Bugtraq |
64 | Microsoft IIS '../..' Denial of Service Vulnerability, variant 1 | Failure to Handle Exceptional Conditions | Denial of Service | IIS | NT | No Source information |
65 | Microsoft IIS '../..' Denial of Service Vulnerability, variant 2 | Failure to Handle Exceptional Conditions | Denial of Service | IIS | NT | Lincoln Labs data |
40 | Microsoft IIS Chunked Encoding Transfer Heap Overflow | Buffer overflow | Remote access | IIS | Windows | Packetstorm, Bugtraq |
63 | Microsoft IIs '..' hole | File disclosure | File disclosure | IIS | Windows NT | No Source information |
50 | Mini-SQL w3-msql Buffer Overflow | Buffer overflow | Remote access | Hughes Technologies Mini SQL | Solaris x86 | Packetstorm |
27 | NT Index Server Directory Traversal 01 | Input validation error | Unauthorized file access | IIS | Windows | Cerberus |
28 | NT Index Server Directory Traversal 02 | Input validation error | Unauthorized file access | IIS | Windows | Packetstorm |
01 | Nimda, variant 01 | URL decoding error | Remote access | IIS | Windows | Captured with snort |
02 | Nimda, variant 02 | URL decoding error | Remote access | IIS | Windows | Captured with snort |
03 | Nimda, variant 03 | URL decoding error | Remote access | IIS | Windows | Captured with snort |
04 | Nimda, variant 04 | URL decoding error | Remote access | IIS | Windows | Captured with snort |
05 | Nimda, variant 05 | URL decoding error | Remote access | IIS | Windows | Captured with snort |
06 | Nimda, variant 06 | URL decoding error | Remote access | IIS | Windows | Captured with snort |
07 | Nimda, variant 07 | URL decoding error | Remote access | IIS | Windows | Captured with snort |
08 | Nimda, variant 08 | URL decoding error | Remote access | IIS | Windows | Captured with snort |
09 | Nimda, variant 09 | URL decoding error | Remote access | IIS | Windows | Captured with snort |
10 | Nimda, variant 10 | URL decoding error | Remote access | IIS | Windows | Captured with snort |
11 | Nimda, variant 11 | URL decoding error | Remote access | IIS | Windows | Captured with snort |
12 | Nimda, variant 12 | URL decoding error | Remote access | IIS | Windows | Captured with snort |
13 | Nimda, variant 13 | URL decoding error | Remote access | IIS | Windows | Captured with snort |
14 | Nimda, variant 14 | URL decoding error | Remote access | IIS | Windows | Captured with snort |
15 | Nimda, variant 15 | URL decoding error | Remote access | IIS | Windows | Captured with snort |
16 | Nimda, variant 16 | URL decoding error | Remote access | IIS | Windows | Captured with snort |
17 | Nimda, variant 17 | URL decoding error | Remote access | IIS | Windows | Captured with snort |
18 | Nimda, variant 18 | URL decoding error | Remote access | IIS | Windows | Captured with snort |
52 | Nortel Contivity File Viewing, variant 2 | Input validation error | Unauthorized file access | Nortel Contivity Extranet Switches | VxWorks | Packetstorm |
51 | Nortel Contivity File Viewing, variant one | Input validation error | Unauthorized file access | Nortel Contivity Extranet Switches | VxWorks | Packetstorm |
20 | Nosejob | Signed interpretation of unsigned value | Remote access | Apache | *BSD | Packetstorm |
56 | PHP File Upload | Input validation error | Write files as web server user | Apache with mod_php | Linux, *BSD, Unix | Bugtraq |
41 | PHP HTTP POST Incorrect MIME Header Parsing | Input validation error | Denial of Service | Apache with mod_php | Linux, *BSD, Unix | Packetstorm, Bugtraq |
42 | PHP HTTP POST Incorrect MIME Header Parsing | Input validation error | Denial of Service | Apache with mod_php | Linux, *BSD, Unix | Captured with snort |
49 | PHP Interpreter Direct Invocation | Input validation error | Denial of Service | Apache with mod_php | Windows, Linux, AIX, Mac OS X, *BSD | Bugtraq |
53 | PowerScripts PlusMail WebConsole Poor Authentication | Input validation error | Remote reconfiguration | PlusMail | Windows, Linux, AIX, Mac OS X, *BSD | Packetstorm, Bugtraq |
54 | PowerScripts PlusMail WebConsole Poor Authentication | Input validation error | Remote reconfiguration | PlusMail | Windows, Linux, AIX, Mac OS X, *BSD | Packetstorm, Bugtraq |
19 | Remote GET Buffer Overflow Vulnerability | Buffer overflow | Remote access | AnalogX SimpleServer:WWW v1.01 | Windows | Packetstorm |
21 | Scalp | Signed interpretation of unsigned value | Remote access | Apache | OpenBSD | Packetstorm |
34 | phf CGI Arbitrary Command Execution (and related), variant 1 | Input validation error | Unauthorized file access | Apache, NCSA | Unix | Packetstorm |
35 | phf CGI Arbitrary Command Execution (and related), variant 2 | Input validation error | Unauthorized file access | Apache, NCSA | Unix | Packetstorm |
36 | phf CGI Arbitrary Command Execution (and related), variant 3 | Input validation error | Unauthorized file access | Apache, NCSA | Unix | Packetstorm |
37 | phf CGI Arbitrary Command Execution (and related), variant 4 | Input validation error | Unauthorized file access | Apache, NCSA | Unix | Packetstorm |
38 | phf CGI Arbitrary Command Execution (and related), variant 5 | Input validation error | Unauthorized file access | Apache, NCSA | Unix | Packetstorm |
39 | phf CGI Arbitrary Command Execution (and related), variant 6 | Input validation error | Unauthorized file access | Apache, NCSA | Unix | Packetstorm |
Data collected by Kenneth Ingham.