RELAYTO Penetration Test Results (62/101)

Pass HALO Network Server Detection 26 Mar 2004 None Pass IBM DB2 < 8 Fix Pack 7a Multiple Vulnerabilities CVE-2004-1372 CVE-2005-0417 CVE-2005-4863 CVE-2005-4864 CVE-2005-4865 CVE-2005-4866 CVE-2005-4867 CVE-2005-4868 CVE-2005-4869 CVE-2005-4870 CVE-2005-487117 Oct 2004 10 (v2) Critical Pass HP Web JetAdmin setinfo.hts setinclude Parameter Traversal Arbitrary File Access CVE-2004-1857 30 Mar 2004 2.1 (v2) Low Pass Firebird DB Remote Database Name Overﬂow CVE-2004-2043 25 May 2004 10 (v2) Critical Pass RealServer /admin/Docs/default.cfg Information Disclosure 26 May 2004 5 (v2) Medium Pass Subversion Server Detection 08 Jun 2004 None Pass IMP Content-Type Header XSS CVE-2004-0584 08 Jun 2004 4.3 (v2) Medium Pass Invision Power Board ssi.php f Parameter SQL Injection 11 Jun 2004 7.5 (v2) High Pass Gallery init.php Authentication Bypass CVE-2004-0522 15 Jun 2004 7.5 (v2) High Pass Squid ntlm_check_auth Function NTLM Authentication Helper Password Handling Remote Overﬂow CVE-2004-0541 30 Jun 2004 9.8 (v3) Critical Pass Cisco IOS and IOS XE Software Denial of Service Vulnerability (cisco-sa-20180328-bfd) CVE-2018-0155 23 Apr 2020 8.6 (v3) High Pass Treck TCP/IP stack multiple vulnerabilities. (Ripple20) CVE-2020-11896 CVE-2020-11897 CVE-2020-11898 CVE-2020-11899 CVE-2020-11900 CVE-2020-11901 CVE-2020-11902 CVE-2020-11903 CVE-2020-11904 CVE-2020-11905 CVE-2020-11906 CVE-2020-11907 CVE-2020-11908 CVE-2020-11909 CVE-2020-11910 CVE-2020-11911 CVE-2020-11912 CVE-2020-11913 CVE-2020-1191422 Jun 2020 10 (v3) Critical Pass VMware vCenter Server 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2021-0002) CVE-2021-21972 CVE-2021-21973 25 Feb 2021 9.8 (v3) Critical Pass UnrealIRCd IP Cloaking Weakness Information Disclosure CVE-2004-0679 05 Jul 2004 5 (v2) Medium Pass DistCC Detection 07 Jul 2004 7.5 (v2) High Pass PHP < 4.3.8 Multiple Vulnerabilities CVE-2004-0594 CVE-2004-0595 15 Jul 2004 6.8 (v2) Medium Pass phpBB < 2.0.9 Multiple Vulnerabilities 21 Jul 2004 7.5 (v2) High Pass phpBB < 2.0.10 Multiple XSS CVE-2004-0730 CVE-2004-2054 CVE-2004-2055 26 Jul 2004 4.3 (v2) Medium Pass Xitami testssi.ssi HTTP Header XSS 26 Jul 2004 4.3 (v2) Medium Pass Moodle < 1.3.3 'help.php' 'ﬁle' Parameter XSS CVE-2004-0725 26 Jul 2004 4.3 (v2) Medium Pass Horde IMP with MSIE MIME Viewer Email Message XSS CVE-2004-1443 30 Jul 2004 4.3 (v2) Medium Pass phpMyFAQ Image Upload Authentication Bypass CVE-2004-2257 02 Aug 2004 7.5 (v2) High Pass PostNuke Reviews Module title Parameter XSS 02 Aug 2004 4.3 (v2) Medium Pass PostNuke Install Script Admin Password Disclosure 02 Aug 2004 7.5 (v2) High Pass Oracle E-Business Suite Multiple Vulnerabilities (Apr 2019 CPU) CVE-2018-0734 CVE-2019-2551 CVE-2019-2583 CVE-2019-2600 CVE-2019-2603 CVE-2019-2604 CVE-2019-2621 CVE-2019-2622 CVE-2019-2633 CVE-2019-2638 CVE-2019-2639 CVE-2019-2640 CVE-2019-2641 CVE-2019-2642 CVE-2019-2643 CVE-2019-2651 CVE-2019-2652 CVE-2019-2653 CVE-2019-2654 CVE-2019-2655 CVE-2019-2660 CVE-2019-2661 CVE-2019-2662 CVE-2019-2663 CVE-2019-2664 CVE-2019-2665 CVE-2019-2669 CVE-2019-2670 CVE-2019-2671 CVE-2019-2673 CVE-2019-2674 CVE-2019-2675 CVE-2019-2676 CVE-2019-2677 CVE-2019-268217 Apr 2019 9.9 (v3) Critical Pass Jenkins < 2.164.2 LTS / 2.172 Multiple Vulnerabilities CVE-2019-1003049 CVE-2019-1003050 18 Apr 2019 8.1 (v3) High Pass Oracle Primavera Uniﬁer Multiple Vulnerabilities (Apr 2019 CPU) CVE-2016-1000031 CVE-2017-9798 CVE-2018-8034 CVE-2018-11763 CVE-2018-11784 CVE-2018-19360 CVE-2018-19361 CVE-2018-1936219 Apr 2019 9.8 (v3) Critical Pass DNN (DotNetNuke) 7.0.0 < 9.3.1 Multiple Vulnerabilities 24 Apr 2019 6.1 (v3) Medium Pass Oracle WebLogic WLS9-async Remote Code Execution (remote check) CVE-2019-2725 26 Apr 2019 9.8 (v3) Critical Pass Jenkins < 2.176.3 LTS / 2.192 Multiple Vulnerabilities CVE-2019-10383 CVE-2019-10384 10 Oct 2019 8.8 (v3) High Pass Cisco SPA100 Series Multiple Vulnerabilities CVE-2019-12702 CVE-2019-12703 CVE-2019-12704 CVE-2019-15240 CVE-2019-15241 CVE-2019-15242 CVE-2019-15243 CVE-2019-15244 CVE-2019-15245 CVE-2019-15246 CVE-2019-15247 CVE-2019-15248 CVE-2019-15249 CVE-2019-15250 CVE-2019-15251 CVE-2019-15252 CVE-2019-15257 CVE-2019-1525817 Oct 2019 8 (v3) High Pass Atlassian Jira 7.13.x < 8.6.0 JMX monitoring ﬂag CSRF Vulnerability (JRASERVER-70570) CVE-2019-20405 27 Mar 2020 4.3 (v3) Medium Pass Apache Tomcat 7.0.x < 7.0.100 / 8.5.x < 8.5.51 / 9.0.x < 9.0.31 Multiple Vulnerabilities CVE-2019-17569 CVE-2020-1935 CVE-2020-1938 21 Feb 2020 9.8 (v3) Critical Pass Cisco TelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery VCVE-2019-1872ulnerability 05 Mar 2020 5.3 (v3) Medium Pass IBM Spectrum Protect Server and Storage Agent RCE 13 Mar 2020 9.8 (v3) Critical Pass Atlassian JIRA < 8.6.1 Information Disclosure CVE-2019-20407 20 Mar 2020 4.3 (v3) Medium Pass PHP 7.3.x < 7.3.16 Multiple Vulnerabilities CVE-2020-7064 CVE-2020-7065 CVE-2020-7066 27 Mar 2020 8.8 (v3) High Pass Trading Technologies Messaging remove_park Stack Overﬂow 03 Jun 2020 9.8 (v3) Critical Pass Dotnetnuke 3.1.x < 9.6.0 / 5.0.x < 9.6.0 / 6.0.x < 9.6.0 / 7.0.x < 9.6.0 Multiple Vulnerabilities (09.06.00) CVE-2019-19790 03 Jun 2020 9.8 (v3) Critical Pass Dotnetnuke 7.0.x < 9.5.0 XSS 03 Jun 2020 9.8 (v3) Critical Pass Apache Tomcat 8.5.0 < 8.5.56 DoS CVE-2020-11996 03 Jul 2020 7.5 (v3) High Pass Apache Tomcat 9.0.0.M1 < 9.0.36 DoS CVE-2020-11996 03 Jul 2020 7.5 (v3) High Pass Jenkins < 2.263.2 LTS / 2.275 Multiple Vulnerabilities CVE-2021-21602 CVE-2021-21603 CVE-2021-21604 CVE-2021-21605 CVE-2021-21606 CVE-2021-21607 CVE-2021-21608 CVE-2021-21609 CVE-2021-21610 CVE-2021-2161122 Jan 2021 8 (v3) High Pass Oracle Primavera Uniﬁer (Jan 2021 CPU) CVE-2019-10086 CVE-2020-11979 CVE-2020-25020 CVE-2020-35460 29 Jan 2021 9.8 (v3) Critical Pass SonicWall Secure Mobile Access Remote Code Execution (SNWLID-2021-0001) CVE-2021-20016 03 Feb 2021 9.8 (v3) Critical Pass Atlassian JIRA < 8.5.10 / 8.6.x < 8.13.2 Information Disclosure (JRASERVER-72002) CVE-2020-36231 04 Feb 2021 4.3 (v3) Medium Pass Serv-U FTP Server < 15.2.2 Hotﬁx 1 Arbitrary File Read/Write CVE-2021-25276 09 Feb 2021 7.1 (v3) High Pass PHP 7.3.x < 7.3.27 / 7.4.x < 7.4.15 / 8.x < 8.0.2 DoS CVE-2021-21702 09 Feb 2021 7.5 (v3) High Pass Atlassian JIRA < 8.5.13 / 8.6.x < 8.13.5 / 8.14.x < 8.15.1 Multiple Vulnerablities CVE-2020-36238 CVE-2020-36286 CVE-2021-26071 08 Apr 2021 5.3 (v3) Medium Pass Apache Tomcat 7.0.0 < 7.0.107 Information Disclosure CVE-2021-24122 09 Apr 2021 5.9 (v3) Medium Pass Cisco Uniﬁed Communications Manager Self Care Portal Authorization Bypass Vulnerability (cisco-sa-cucm-selfcarCVE-2021-1399e-VRWWWHgE) 15 Apr 2021 4.3 (v3) Medium Pass Oracle E-Business (October 2013 CPU) CVE-2013-5792 17 Oct 2013 5 (v2) Medium Pass Oracle E-Business Multiple Vulnerabilities (January 2017 CPU) CVE-2016-8325 CVE-2017-3246 CVE-2017-3274 CVE-2017-3275 CVE-2017-3277 CVE-2017-3278 CVE-2017-3279 CVE-2017-3280 CVE-2017-3281 CVE-2017-3282 CVE-2017-3283 CVE-2017-3284 CVE-2017-3285 CVE-2017-3286 CVE-2017-3287 CVE-2017-3303 CVE-2017-3326 CVE-2017-3327 CVE-2017-3328 CVE-2017-3333 CVE-2017-3334 CVE-2017-3335 CVE-2017-3336 CVE-2017-3338 CVE-2017-3339 CVE-2017-3340 CVE-2017-3341 CVE-2017-3343 CVE-2017-3344 CVE-2017-3346 CVE-2017-3348 CVE-2017-3349 CVE-2017-3350 CVE-2017-3351 CVE-2017-3352 CVE-2017-3353 CVE-2017-3354 CVE-2017-3357 CVE-2017-3358 CVE-2017-3359 CVE-2017-3360 CVE-2017-3361 CVE-2017-3362 CVE-2017-3363 CVE-2017-3364 CVE-2017-3365 CVE-2017-3366 CVE-2017-3367 CVE-2017-3368 CVE-2017-3369 CVE-2017-3370 CVE-2017-3371 CVE-2017-3372 CVE-2017-3373 CVE-2017-3374 CVE-2017-3375 CVE-2017-3376 CVE-2017-3377 CVE-2017-3378 CVE-2017-3379 CVE-2017-3380 CVE-2017-3381 CVE-2017-3382 CVE-2017-3383 CVE-2017-3384 CVE-2017-3385 CVE-2017-3386 CVE-2017-3387 CVE-2017-3388 CVE-2017-3389 CVE-2017-3390 CVE-2017-3391 CVE-2017-3392 CVE-2017-3394 CVE-2017-3395 CVE-2017-3396 CVE-2017-3397 CVE-2017-3398 CVE-2017-3399 CVE-2017-3400 CVE-2017-3401 CVE-2017-3402 CVE-2017-3403 CVE-2017-3404 CVE-2017-3405 CVE-2017-3406 CVE-2017-3407 CVE-2017-3408 CVE-2017-3409 CVE-2017-3410 CVE-2017-3411 CVE-2017-3412 CVE-2017-3413 CVE-2017-3414 CVE-2017-3415 CVE-2017-3416 CVE-2017-3417 CVE-2017-3418 CVE-2017-3419 CVE-2017-3420 CVE-2017-3421 CVE-2017-3422 CVE-2017-3423 CVE-2017-3424 CVE-2017-3425 CVE-2017-3426 CVE-2017-3427 CVE-2017-3428 CVE-2017-3429 CVE-2017-3430 CVE-2017-3431 CVE-2017-3433 CVE-2017-3435 CVE-2017-3436 CVE-2017-3437 CVE-2017-3438 CVE-2017-3439 CVE-2017-3440 CVE-2017-3441 CVE-2017-3442 CVE-2017-344318 Jan 2017 8.2 (v3) High Pass Oracle E-Business Multiple Vulnerabilities (April 2017 CPU) CVE-2017-3337 CVE-2017-3393 CVE-2017-3432 CVE-2017-3515 CVE-2017-3528 CVE-2017-3549 CVE-2017-3550 CVE-2017-3555 CVE-2017-3556 CVE-2017-3557 CVE-2017-359219 Apr 2017 6.5 (v3) Medium Pass Apache 2.4.x < 2.4.47 Multiple Vulnerabilities CVE-2019-17567 CVE-2020-13938 CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 04 Jun 2021 9.8 (v3) Critical Pass SonicWall Secure Remote Access (SRA) Unsupported Version 11 Jun 2021 9.8 (v3) Critical Pass Tenable Nessus 8.x.x < 8.15.0 Multiple Vulnerabilities (TNS-2021-11) CVE-2018-20843 CVE-2019-15903 CVE-2019-16168 CVE-2021-20099 CVE-2021-20100 15 Jun 2021 6.7 (v3) Medium Pass Apache Tomcat 10.0.0-M1 < 10.0.2 multiple vulnerabilities CVE-2020-9484 CVE-2021-25122 CVE-2021-25329 17 Jun 2021 7.5 (v3) High Pass Pulse Connect Secure < 9.1R11.5 (SA44800) CVE-2021-22908 21 Jun 2021 8.8 (v3) High Pass Liferay Portal 7.x <= 7.2.1 / 7.3 < 7.3.6 Multiple Vulnerabilities CVE-2021-29043 CVE-2021-29044 02 Jul 2021 6.1 (v3) Medium Pass Apache Tomcat 10.0.3 < 10.0.5 vulnerability CVE-2021-30639 12 Jul 2021 7.5 (v3) High Pass Apache Tomcat 7.0.x <= 7.0.108 / 8.5.x <= 8.5.65 / 9.0.x <= 9.0.45 / 10.0.x <= 10.0.5 vulnerability CVE-2021-30640 12 Jul 2021 6.5 (v3) Medium Pass Liferay Portal 7.2.x < 7.3.6 XSS CVE-2021-29051 13 Jul 2021 6.1 (v3) Medium Pass VMware Carbon Black App Control 8.0.x / 8.1.x / 8.5.x < 8.5.8 / 8.6.x < 8.6.2 Authentication Bypass (VMSA-2021-0012)CVE-2021-21998 23 Jul 2021 9.8 (v3) Critical Pass Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS CVE-2005-0808 15 Mar 2005 5.3 (v3) Medium Pass Apache Tomcat 4.x < 4.1.36 Multiple Vulnerabilities CVE-2005-2090 CVE-2007-0450 CVE-2007-1358 18 Nov 2011 5.3 (v3) Medium Pass Apache Tomcat < 6.0.13 Multiple Vulnerabilities CVE-2005-2090 CVE-2007-1355 18 Nov 2011 5.3 (v3) Medium Pass Apache Tomcat Cross-Application File Manipulation CVE-2009-0783 22 Jun 2009 5.9 (v3) Medium Pass Apache Tomcat WAR Deployment Multiple Vulnerabilities CVE-2009-2693 CVE-2009-2901 CVE-2009-2902 26 Jan 2010 5.4 (v3) Medium Pass Oracle Database Multiple Vulnerabilities (January 2010 CPU) CVE-2009-1996 CVE-2009-3410 CVE-2009-3411 CVE-2009-3412 CVE-2009-3413 CVE-2009-3414 CVE-2009-3415 CVE-2010-0071 CVE-2010-007226 Apr 2010 10 (v2) Critical Pass Oracle Database Multiple Vulnerabilities (April 2010 CPU) CVE-2010-0851 CVE-2010-0852 CVE-2010-0854 CVE-2010-0860 CVE-2010-0866 CVE-2010-0867 26 Apr 2010 7.1 (v2) High Pass Apache Tomcat < 4.1.40 / 5.5.28 / 6.0.20 Multiple Vulnerabilities CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 28 May 2010 5.3 (v3) Medium Pass Apache Tomcat 4.x < 4.1.39 Multiple Vulnerabilities CVE-2008-0128 CVE-2008-1232 CVE-2008-2370 11 Jun 2010 5.3 (v3) Medium Pass Apache Tomcat 5.x < 5.5.1 Information Disclosure CVE-2008-3271 16 Jun 2010 5.3 (v3) Medium Pass Apache Tomcat 4.x < 4.1.32 Multiple Vulnerabilities CVE-2005-3510 CVE-2005-4838 CVE-2006-3835 CVE-2006-7196 CVE-2007-1858 CVE-2008-3271 16 Jun 2010 5.3 (v3) Medium Pass Apache Tomcat < 5.5.26 Multiple Vulnerabilities CVE-2007-5333 CVE-2007-5342 CVE-2007-5461 CVE-2007-6286 01 Jul 2010 6.5 (v3) Medium Pass Apache Tomcat < 6.0.16 Multiple Vulnerabilities CVE-2007-5333 CVE-2007-5342 CVE-2007-5461 CVE-2007-6286 CVE-2008-0002 01 Jul 2010 6.5 (v3) Medium Pass Oracle Database Multiple Vulnerabilities (July 2010 CPU) CVE-2010-0892 CVE-2010-0900 CVE-2010-0901 CVE-2010-0902 CVE-2010-0903 CVE-2010-0911 14 Jul 2010 7.8 (v2) High Pass Apache Tomcat 5.5.x < 5.5.30 CVE-2010-1157 CVE-2010-2227 CVE-2010-3718 16 Jul 2010 6.5 (v3) Medium Pass Apache Tomcat 6.0 < 6.0.28 Multiple Vulnerabilities CVE-2010-1157 CVE-2010-2227 05 Aug 2010 6.5 (v3) Medium Pass Oracle Database Multiple Vulnerabilities (April 2008 CPU) CVE-2008-1812 CVE-2008-1813 CVE-2008-1814 CVE-2008-1815 CVE-2008-1816 CVE-2008-1817 CVE-2008-1818 CVE-2008-1819 CVE-2008-1820 CVE-2008-182116 Nov 2011 8.5 (v2) High Pass Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.25 Multiple Vulnerabilities CVE-2007-2449 CVE-2007-2450 CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 07 Dec 2010 5.3 (v3) Medium Pass Oracle Database Multiple Vulnerabilities (January 2011 CPU) CVE-2010-3590 CVE-2010-3600 CVE-2010-4413 CVE-2010-4420 CVE-2010-4421 CVE-2010-4423 19 Jan 2011 7.5 (v2) High Pass Apache Tomcat 7.x < 7.0.4 SecurityManager Local Security Bypass CVE-2010-3718 11 Feb 2011 6.3 (v3) Medium Pass Apache Tomcat < 6.0.32 / 7.0.8 NIO Connector DoS CVE-2011-0534 15 Feb 2011 5.3 (v3) Medium Pass Apache Tomcat 7.x < 7.0.12 Multiple Vulnerabilities CVE-2011-1183 CVE-2011-1184 CVE-2011-1475 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 07 Apr 2011 6.5 (v3) Medium Pass Oracle Database Multiple Vulnerabilities (April 2011 CPU) CVE-2009-3555 CVE-2011-0785 CVE-2011-0787 CVE-2011-0792 CVE-2011-0793 CVE-2011-0799 CVE-2011-0804 CVE-2011-0805 CVE-2011-080613 May 2011 7.5 (v2) High Pass Apache Tomcat 6.0.x < 6.0.33 Multiple Vulnerabilities CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-2729 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 30 Aug 2011 5.3 (v3) Medium Pass Oracle Database Multiple Vulnerabilities (January 2006 CPU) CVE-2006-0256 CVE-2006-0257 CVE-2006-0258 CVE-2006-0259 CVE-2006-0260 CVE-2006-0261 CVE-2006-0262 CVE-2006-0263 CVE-2006-0265 CVE-2006-0266 CVE-2006-0267 CVE-2006-0268 CVE-2006-0269 CVE-2006-0270 CVE-2006-0271 CVE-2006-0272 CVE-2006-0282 CVE-2006-0283 CVE-2006-0285 CVE-2006-0290 CVE-2006-0291 CVE-2006-0435 CVE-2006-0547 CVE-2006-0548 CVE-2006-0549 CVE-2006-0551 CVE-2006-0552 CVE-2006-058616 Nov 2011 10 (v2) Critical Pass Oracle Database Multiple Vulnerabilities (April 2007 CPU) CVE-2007-2108 CVE-2007-2109 CVE-2007-2110 CVE-2007-2111 CVE-2007-2112 CVE-2007-2113 CVE-2007-2114 CVE-2007-2115 CVE-2007-2116 CVE-2007-2117 CVE-2007-2118 CVE-2007-2119 CVE-2007-2129 CVE-2007-213016 Nov 2011 10 (v2) Critical Pass Oracle Database Multiple Vulnerabilities (October 2007 CPU) CVE-2007-5504 CVE-2007-5505 CVE-2007-5506 CVE-2007-5507 CVE-2007-5508 CVE-2007-5509 CVE-2007-5510 CVE-2007-5511 CVE-2007-5512 CVE-2007-5513 CVE-2007-5514 CVE-2007-5515 CVE-2007-5520 CVE-2007-5530 CVE-2007-5531 CVE-2007-555416 Nov 2011 9 (v2) High Pass Oracle Database Multiple Vulnerabilities (January 2008 CPU) CVE-2008-0339 CVE-2008-0340 CVE-2008-0341 CVE-2008-0342 CVE-2008-0343 CVE-2008-0344 CVE-2008-0345 CVE-2008-0346 CVE-2008-034716 Nov 2011 6 (v2) Medium Pass Apache Tomcat 5.5.x < 5.5.34 Multiple Vulnerabilities CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-2729 CVE-2011-3190 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 26 Sep 2011 7.3 (v3) High Pass Apache Tomcat 6.x < 6.0.35 Multiple Vulnerabilities CVE-2011-3190 CVE-2011-3375 CVE-2011-4858 CVE-2012-0022 12 Dec 2011 7.3 (v3) High Pass Apache Tomcat 5.x < 5.5.35 Hash Collision Denial of Service CVE-2011-4858 CVE-2012-0022 13 Jan 2012 5.3 (v3) Medium Pass Apache Tomcat 5.5.x < 5.5.36 DIGEST Authentication Multiple Security Weaknesses CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 21 Nov 2012 5.3 (v3) Medium Pass Apache Tomcat 7.0.x < 7.0.30 Multiple Vulnerabilities CVE-2012-3544 CVE-2012-3546 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 21 Nov 2012 5.3 (v3) Medium Pass Apache Tomcat 7.0.x < 7.0.32 XSRF Filter Bypass CVE-2012-4431 10 Dec 2012 7.3 (v3) High Pass Apache Tomcat 7.0.x < 7.0.33 Session Fixation CVE-2013-2067 15 May 2013 7.3 (v3) High Pass Oracle Database Multiple Vulnerabilities (October 2013 CPU) (BEAST) CVE-2011-3389 CVE-2013-0169 CVE-2013-3826 CVE-2013-5771 16 Oct 2013 6.4 (v2) Medium Pass Apache Tomcat 6.0.x < 6.0.40 Multiple Vulnerabilities CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 30 May 2014 5.3 (v3) Medium Pass Apache Tomcat 7.0.x < 7.0.53 Multiple Vulnerabilities CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 30 May 2014 5.3 (v3) Medium Pass Apache Tomcat 8.0.x < 8.0.4 Multiple Vulnerabilities CVE-2014-0075 CVE-2014-0095 CVE-2014-0096 CVE-2014-0099 30 May 2014 5.3 (v3) Medium Pass Apache Tomcat 7.0.x < 7.0.55 Multiple Vulnerabilities CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-0227 CVE-2014-0230 CVE-2014-3470 02 Sep 2014 9.3 (v3) Critical Pass Apache Tomcat 8.0.x < 8.0.9 Multiple DoS CVE-2014-0227 CVE-2014-0230 01 Mar 2015 6.5 (v3) Medium Pass Oracle Database Multiple Vulnerabilities (July 2015 CPU) CVE-2015-0468 CVE-2015-2585 CVE-2015-2586 CVE-2015-2595 CVE-2015-2599 CVE-2015-2629 CVE-2015-2655 CVE-2015-4740 CVE-2015-4753 CVE-2015-475517 Jul 2015 9 (v2) High Pass Oracle Database Multiple Vulnerabilities (January 2016 CPU) CVE-2015-4921 CVE-2015-4923 CVE-2015-4925 CVE-2016-0461 CVE-2016-0467 CVE-2016-0472 CVE-2016-0499 25 Jan 2016 9 (v2) High Pass Apache Struts 2.x < 2.3.24.1 Multiple Vulnerabilities (S2-026) (S2-027) CVE-2015-5209 CVE-2016-3090 12 Feb 2016 8.8 (v3) High Pass Apache Tomcat 6.0.x < 6.0.45 Multiple Vulnerabilities CVE-2015-5174 CVE-2015-5345 CVE-2016-0706 CVE-2016-0714 24 Feb 2016 8.8 (v3) High Pass Apache Tomcat 7.0.x < 7.0.68 Multiple Vulnerabilities CVE-2015-5345 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 24 Feb 2016 8.8 (v3) High Pass Apache Tomcat 8.0.0.RC1 < 8.0.32 Multiple Vulnerabilities CVE-2015-5346 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 24 Feb 2016 8.8 (v3) High Pass Apache Struts 2.x < 2.3.28 Multiple Vulnerabilities (S2-028) (S2-029) (S2-030) (S2-034) CVE-2016-0785 CVE-2016-2162 CVE-2016-3093 CVE-2016-4003 24 Mar 2016 8.8 (v3) High 62

RELAYTO Penetration Test Results - Page 62

RELAYTO Penetration Test Results Page 61 Page 63