209.104.246.121

Regular View Raw Data

Last Seen: 2024-06-13

GeneralInformation

Hostnames	121.ne.business.static.dsci-net.com
Domains	dsci-net.com
Country	United States
City	Mansfield
Organization	TPx Communications
ISP	TPx Communications
ASN	AS14265

WebTechnologies

JavaScript libraries

jQuery1.7.23.6.0

Security

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

OpenPorts

480004960 | 2024-06-13T02:28:02.047710

80 / tcp

National Lumber Dropbox

HTTP/1.1 200 OK
Date: Thu, 13 Jun 2024 02:28:18 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.3.10-1ubuntu3.48
Vary: Accept-Encoding
Content-Length: 5778
Content-Type: text/html

CVE-2022-31813 CVE-2022-22720 CVE-2021-44790 CVE-2021-39275 CVE-2017-7679 61 moreCVE-2017-3169 CVE-2017-3167 CVE-2013-4365 CVE-2011-2688 CVE-2007-4723 CVE-2022-30556 CVE-2022-29404 CVE-2022-28615 CVE-2022-28614 CVE-2022-28330 CVE-2022-22721 CVE-2022-22719 CVE-2021-40438 CVE-2021-34798 CVE-2021-32792 CVE-2021-32791 CVE-2021-32786 CVE-2021-32785 CVE-2020-11023 CVE-2020-11022 CVE-2020-7656 CVE-2019-11358 CVE-2018-1303 CVE-2018-1302 CVE-2018-1301 CVE-2017-9798 CVE-2017-9788 CVE-2016-8743 CVE-2016-5387 CVE-2016-4975 CVE-2015-9251 CVE-2015-3183 CVE-2015-0228 CVE-2014-0231 CVE-2014-0226 CVE-2014-0118 CVE-2014-0098 CVE-2013-6438 CVE-2013-5704 CVE-2013-2765 CVE-2013-1896 CVE-2013-1862 CVE-2013-0942 CVE-2012-6708 CVE-2012-4558 CVE-2012-4360 CVE-2012-4001 CVE-2012-3526 CVE-2012-3499 CVE-2012-0883 CVE-2011-1176 CVE-2009-2299 CVE-2008-0455 CVE-2023-45802 CVE-2023-31122 CVE-2022-37436 CVE-2016-8612 CVE-2013-0941 CVE-2012-2687 CVE-2009-0796 CVE-2006-20001

701288398 | 2024-06-13T07:13:22.585537

9090 / tcp

HTTP/1.1 200 
Cache-Control: no-cache, no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: JSESSIONID=2CE833C8D79AF055A4AF421FC14F43FE; Path=/; HttpOnly
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
Date: Thu, 13 Jun 2024 07:13:22 GMT

Products

Pricing

Contact Us

support@shodan.io

Shodan ® - All rights reserved

\", which results in the enclosed script logic to be executed.","verified":false},"CVE-2019-11358":{"cvss":4.3,"ports":[80],"summary":"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.","verified":false},"CVE-2018-1303":{"cvss":5.0,"ports":[80],"summary":"A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.","verified":false},"CVE-2018-1302":{"cvss":4.3,"ports":[80],"summary":"When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.","verified":false},"CVE-2018-1301":{"cvss":4.3,"ports":[80],"summary":"A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.","verified":false},"CVE-2017-9798":{"cvss":5.0,"ports":[80],"summary":"Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.","verified":false},"CVE-2017-9788":{"cvss":6.4,"ports":[80],"summary":"In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.","verified":false},"CVE-2017-7679":{"cvss":7.5,"ports":[80],"summary":"In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.","verified":false},"CVE-2017-3169":{"cvss":7.5,"ports":[80],"summary":"In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.","verified":false},"CVE-2017-3167":{"cvss":7.5,"ports":[80],"summary":"In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.","verified":false},"CVE-2016-8743":{"cvss":5.0,"ports":[80],"summary":"Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.","verified":false},"CVE-2016-8612":{"cvss":3.3,"ports":[80],"summary":"Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.","verified":false},"CVE-2016-5387":{"cvss":6.8,"ports":[80],"summary":"The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability.","verified":false},"CVE-2016-4975":{"cvss":4.3,"ports":[80],"summary":"Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).","verified":false},"CVE-2015-9251":{"cvss":4.3,"ports":[80],"summary":"jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.","verified":false},"CVE-2015-3183":{"cvss":5.0,"ports":[80],"summary":"The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.","verified":false},"CVE-2015-0228":{"cvss":5.0,"ports":[80],"summary":"The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.","verified":false},"CVE-2014-0231":{"cvss":5.0,"ports":[80],"summary":"The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.","verified":false},"CVE-2014-0226":{"cvss":6.8,"ports":[80],"summary":"Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.","verified":false},"CVE-2014-0118":{"cvss":4.3,"ports":[80],"summary":"The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.","verified":false},"CVE-2014-0098":{"cvss":5.0,"ports":[80],"summary":"The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.","verified":false},"CVE-2013-6438":{"cvss":5.0,"ports":[80],"summary":"The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.","verified":false},"CVE-2013-5704":{"cvss":5.0,"ports":[80],"summary":"The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass \"RequestHeader unset\" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states \"this is not a security issue in httpd as such.\"","verified":false},"CVE-2013-4365":{"cvss":7.5,"ports":[80],"summary":"Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.","verified":false},"CVE-2013-2765":{"cvss":5.0,"ports":[80],"summary":"The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.","verified":false},"CVE-2013-1896":{"cvss":4.3,"ports":[80],"summary":"mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.","verified":false},"CVE-2013-1862":{"cvss":5.1,"ports":[80],"summary":"mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.","verified":false},"CVE-2013-0942":{"cvss":4.3,"ports":[80],"summary":"Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","verified":false},"CVE-2013-0941":{"cvss":2.1,"ports":[80],"summary":"EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.","verified":false},"CVE-2012-6708":{"cvss":4.3,"ports":[80],"summary":"jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.","verified":false},"CVE-2012-4558":{"cvss":4.3,"ports":[80],"summary":"Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.","verified":false},"CVE-2012-4360":{"cvss":4.3,"ports":[80],"summary":"Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","verified":false},"CVE-2012-4001":{"cvss":5.0,"ports":[80],"summary":"The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.","verified":false},"CVE-2012-3526":{"cvss":5.0,"ports":[80],"summary":"The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.","verified":false},"CVE-2012-3499":{"cvss":4.3,"ports":[80],"summary":"Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.","verified":false},"CVE-2012-2687":{"cvss":2.6,"ports":[80],"summary":"Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.","verified":false},"CVE-2012-0883":{"cvss":6.9,"ports":[80],"summary":"envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.","verified":false},"CVE-2011-2688":{"cvss":7.5,"ports":[80],"summary":"SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.","verified":false},"CVE-2011-1176":{"cvss":4.3,"ports":[80],"summary":"The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.","verified":false},"CVE-2009-2299":{"cvss":5.0,"ports":[80],"summary":"The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.","verified":false},"CVE-2009-0796":{"cvss":2.6,"ports":[80],"summary":"Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.","verified":false},"CVE-2008-0455":{"cvss":4.3,"ports":[80],"summary":"Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) \"406 Not Acceptable\" or (2) \"300 Multiple Choices\" HTTP response when the extension is omitted in a request for the file.","verified":false},"CVE-2007-4723":{"cvss":7.5,"ports":[80],"summary":"Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a \"/...../\" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.","verified":false},"CVE-2006-20001":{"cvss":0,"ports":[80],"summary":"A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.54 and earlier.\n","verified":false}}; setupBannerCve(); setupVulns(VULNS); })();