{"uuid": "b137a0ae-c33a-41db-9bda-06f0f1f01498", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2001-0731", "type": "seen", "source": "https://gist.github.com/magajay4life-pixel/f7260a84b8e6d9a00baa0febf00bfd83", "content": "ID,Asset,Vulnerability,CVE,CVSS,Severity,Exploitability,Business Impact,Risk Rating,Remediation,Owner,Status\nVULN-001,Metasploitable Linux Server,Outdated Apache server 2.2.x EOL,N/A,9.8,Critical,High - Public exploits,Remote compromise,Critical,Upgrade Apache to 2.4+ and apply patches,WebAdmin,Open\nVULN-002,Metasploitable Linux Server,Operating system Ubuntu 8.04 EOL,N/A,10.0,Critical,High - No patches,Full system compromise,Critical,Upgrade to supported OS version,SysAdmin,Open\nVULN-003,Metasploitable Linux Server,Apache PHP-CGI Remote Code Execution,N/A,7.8,High,High - Metasploit module,Remote code execution,High,Disable CGI or patch PHP/Apache,WebAdmin,Open\nVULN-004,Metasploitable Linux Server,PHP-CGI query string injection,N/A,7.8,High,High - Public PoC,Remote code execution,High,Patch PHP and secure configurations,WebAdmin,Open\nVULN-005,Metasploitable Linux Server,CGI Remote File Inclusion,N/A,9.8,Critical,High - Metasploit module,System takeover,Critical,Disable remote file inclusion and validate inputs,WebAdmin,Open\nVULN-006,Metasploitable Linux Server,Publicly accessible phpinfo file,CWE-552,6.8,Medium,Medium - Recon,aids exploitation,Medium,Remove phpinfo files,WebAdmin,Open\nVULN-007,Metasploitable Linux Server,PHP version exposed via headers,N/A,7.5,High,Medium - Targeting known vulns,Targeted attacks,High,Disable expose_php,WebAdmin,Open\nVULN-008,Metasploitable Linux Server,Backup and sensitive files exposed,N/A,8.0,High,Medium - Direct access,Credential theft,High,Remove backup files and enforce access control,WebAdmin,Open\nVULN-009,Metasploitable Linux Server,Directory indexing enabled,CVE-1999-0678,6.5,Medium,Medium - Recon,Information disclosure,Medium,Disable directory listing,WebAdmin,Open\nVULN-010,Metasploitable Linux Server,Default Apache files exposed,N/A,9.2,Critical,Medium - Fingerprinting,Server fingerprinting,Critical,Remove default files,WebAdmin,Open\nVULN-011,Metasploitable Linux Server,HTTP TRACE/TRACK methods enabled,N/A,5.8,Medium,Medium - XST,Cookie/auth header exposure,Medium,Disable TRACE/TRACK,WebAdmin,Open\nVULN-012,Metasploitable Linux Server,Missing anti-clickjacking protection,N/A,6.8,Medium,Medium - Clickjacking,UI redress attacks,Medium,Add X-Frame-Options or CSP frame-ancestors,WebAdmin,Open\nVULN-013,Metasploitable Linux Server,Missing X-Content-Type-Options header,N/A,6.8,Medium,Medium - MIME sniffing,Malicious content execution,Medium,Add nosniff header,WebAdmin,Open\nVULN-014,Metasploitable Linux Server,Server responds to unsupported HTTP methods,N/A,7.5,High,Medium - Increased attack surface,Exploitation potential,High,Restrict HTTP methods,WebAdmin,Open\nVULN-015,Metasploitable Linux Server,Apache MultiViews enabled,CVE-2001-0731,7.5,High,Medium - Brute force,Discover hidden resources,High,Disable MultiViews,WebAdmin,Open\nVULN-016,Metasploitable Linux Server,phpMyAdmin exposed,N/A,7.0,High,High - SQLi/XSS,Database compromise,High,Restrict access and upgrade phpMyAdmin,DBA,Open\nVULN-017,Metasploitable Linux Server,vsFTPd backdoor vulnerability,CVE-2011-2523,10.0,Critical,High - Metasploit module,Remote root shell,Critical,Remove or patch FTP service,SysAdmin,Open\nVULN-018,Metasploitable Linux Server,UnrealIRCd backdoor,N/A,10.0,Critical,High - Metasploit module,Full compromise,Critical,Replace compromised service,SysAdmin,Open\nVULN-019,Metasploitable Linux Server,Bind shell backdoor detected,N/A,10.0,Critical,High - Active backdoor,Unauthorized remote access,Critical,Investigate and remove backdoor,SysAdmin,Open\nVULN-020,Metasploitable Linux Server,RMI registry remote class loading,N/A,9.0,Critical,High - RCE,Arbitrary code execution,Critical,Secure or disable RMI service,SysAdmin,Open\nVULN-021,Metasploitable Linux Server,VNC weak/default password,N/A,10.0,Critical,High - Brute force,Remote desktop access,Critical,Enforce strong authentication,SysAdmin,Open\nVULN-022,Metasploitable Linux Server,Telnet transmits credentials plaintext,N/A,9.8,Critical,High - MITM/Capture,Credential interception,Critical,Disable Telnet use SSH,SysAdmin,Open\nVULN-023,Metasploitable Linux Server,rlogin and rsh services enabled,N/A,9.8,Critical,High - Credential interception,Unauthorized access,Critical,Disable legacy services,SysAdmin,Open\nVULN-024,Metasploitable Linux Server,NFS shares world-readable,N/A,9.8,Critical,Medium - Mount shares,Data exposure,Critical,Restrict NFS permissions,SysAdmin,Open\nVULN-025,Metasploitable Linux Server,SMB signing not enforced,N/A,9.8,Critical,High - MITM/Session hijack,Session hijacking,Critical,Enable SMB signing,SysAdmin,Open\nVULN-026,Metasploitable Linux Server,Samba Badlock vulnerability,CVE-2016-2118,9.8,Critical,High - Public exploit,Privilege escalation,Critical,Patch Samba,SysAdmin,Open\nVULN-027,Metasploitable Linux Server,DNS cache poisoning,N/A,9.8,Critical,High - Cache poisoning,Traffic redirection,Critical,Patch DNS server,SysAdmin,Open\nVULN-028,Metasploitable Linux Server,DNS cache snooping,N/A,9.8,Critical,Medium - Info disclosure,Network activity inference,Critical,Restrict DNS recursion,SysAdmin,Open\nVULN-029,Metasploitable Linux Server,BIND DNS vulnerable to DoS,N/A,9.8,Critical,Medium - DoS,Service disruption,Critical,Upgrade BIND,SysAdmin,Open\nVULN-030,Metasploitable Linux Server,Slowloris DoS vulnerability,CVE-2007-6750,9.8,Critical,High - Resource exhaustion,Service unavailability,Critical,Configure connection limits/timeouts,WebAdmin,Open\nVULN-031,Metasploitable Linux Server,Weak SSL/TLS protocols SSLv2 SSLv3 TLS1.0,N/A,9.8,Critical,High - Downgrade attacks,Traffic interception,Critical,Disable weak protocols,WebAdmin,Open\nVULN-032,Metasploitable Linux Server,SSL POODLE vulnerability,CVE-2014-3566,9.8,Critical,Medium - Padding oracle,Decrypt encrypted traffic,Critical,Disable SSLv3,WebAdmin,Open\nVULN-033,Metasploitable Linux Server,SSL CCS Injection vulnerability,CVE-2014-0224,9.8,Critical,High - MITM,Session hijacking,Critical,Patch OpenSSL,WebAdmin,Open\nVULN-034,Metasploitable Linux Server,Weak Diffie-Hellman parameters Logjam,CVE-2015-4000,7.5,High,Medium - Downgrade,Decrypt traffic,High,Use strong DH groups,WebAdmin,Open\nVULN-035,Metasploitable Linux Server,Weak/anonymous cipher suites,N/A,7.5,High,Medium - Intercept,Communication interception,High,Disable weak ciphers,WebAdmin,Open\nVULN-036,Metasploitable Linux Server,RC4 cipher supported,N/A,6.8,Medium,Medium - Cryptographic attacks,Communication exposure,Medium,Disable RC4,WebAdmin,Open\nVULN-037,Metasploitable Linux Server,FREAK vulnerability,CVE-2015-0204,6.8,Medium,Medium - Downgrade,Weak encryption,Critical,Disable export ciphers,WebAdmin,Open\nVULN-038,Metasploitable Linux Server,SWEET32 vulnerability,N/A,9.8,Critical,Medium - Collision attacks,Session collision,Critical,Disable 3DES,WebAdmin,Open\nVULN-039,Metasploitable Linux Server,DROWN vulnerability,N/A,9.8,Critical,High - SSLv2 exploit,TLS session decryption,Critical,Disable SSLv2,WebAdmin,Open\nVULN-040,Metasploitable Linux Server,SSL certificate issues,N/A,9.8,Critical,Medium - MITM,Trust reduction/C MITM,Critical,Use valid certificates,WebAdmin,Open\nVULN-041,Metasploitable Linux Server,Weak SSH algorithms,N/A,9.8,Critical,High - Session compromise,Encrypted session compromise,Critical,Use strong algorithms,SysAdmin,Open\nVULN-042,Metasploitable Linux Server,Session cookies lack HttpOnly flag,N/A,9.8,Critical,High - XSS token theft,Session token access,Critical,Set HttpOnly and Secure flags,WebAdmin,Open\nVULN-043,Metasploitable Linux Server,Multiple exposed admin panels,N/A,9.8,Critical,High - Unauthorized access,File upload attacks,Critical,Restrict access and secure endpoints,WebAdmin,Open\nVULN-044,Metasploitable Linux Server,Apache Tomcat EOL version,N/A,9.8,Critical,High - Known exploits,Remote code execution,Critical,Upgrade Tomcat,WebAdmin,Open\nVULN-045,Metasploitable Linux Server,Weak password hashing MD5,N/A,9.8,Critical,High - Cracking,Password cracking,Critical,Use bcrypt/Argon2,SysAdmin,Open\nVULN-046,Metasploitable Linux Server,Application error disclosure,N/A,7.5,Critical,Medium - Info disclosure,Targeted attacks,Critical,Implement generic error handling,WebAdmin,Open\nVULN-047,Metasploitable Linux Server,Missing Content Security Policy,N/A,9.8,Critical,High - XSS/Data injection,XSS and data injection,Critical,Implement CSP header,WebAdmin,Open\nVULN-048,Metasploitable Linux Server,Vulnerable/outdated JavaScript library,N/A,6.8,Critical,Medium - XSS/Script injection,Client-side attacks,Critical,Update JS libraries,WebAdmin,Open", "creation_timestamp": "2026-06-16T06:00:26.000000Z"}