#
#
# Rules that deduce a CVE number from information in text field
# yes/no refers to whether its in the SANS top 10 list
#
/mountd may be vulnerable/i				yes	1999-0002
/tooltalk version may be vulnerable to buffer overflow/i	yes	1999-0003
/imap version may be vulnerable to buffer overflow/i	yes	1999-0005 1999-0042
/vulnerable pop3 version: QPopper pre 2.5$/i		yes	1999-0006 2000-0442
/vulnerable pop3 version: QPopper pre 2.53/i		yes	2000-0442
/vulnerable pop3 version: QPopper pre 3.0b20/i		yes	1999-0006 2000-0442
/vulnerable pop3 version: UW pre 3.3r27/i		yes	1999-0042
/pop version may be vulnerable to buffer overflow/i	yes	1999-0006 1999-0042
/possible buffer overflow in BIND ([0-9.]+)/i && ($1 < "4.9.6")	yes	1999-0009 1999-0024
/possible buffer overflow in BIND ([0-9.]+)/i && ($1 >= "4.9.6")	yes	1999-0009
/ssh is vulnerable/i					no	1999-0013
/FTP server can do FTP bounce/i				no	1999-0017
/rpc.statd is enabled and may be vulnerable/i		yes	1999-0018 1999-0019 1999-0210 1999-0493
/unauthorized access via web server \(count.cgi\)/i	yes	1999-0021
/unauthorized access via web server \(webdist.cgi\)/i	yes	1999-0039
/INN pre 1.6 buffer overflow/i				no	1999-0043 1999-0100 1999-0705 1999-0868
/CGI gives information about system \(nph-test-cgi\)/i	yes	1999-0045
/Vulnerable Sendmail version: 5/i			yes	1999-0131 1999-0203
/Vulnerable Sendmail version: 8\.([0-9]+)/i && $1<6	yes	1999-0129 1999-0131 1999-0203
/Vulnerable Sendmail version: 8\.6$/i			yes	1999-0129 1999-0131 1999-0203 1999-0204
/Vulnerable Sendmail version: 8\.6\.([0-9]+)/i && $1<10	yes	1999-0129 1999-0131 1999-0203 1999-0204
/Vulnerable Sendmail version: 8\.6\.([0-9]+)/i && $1>9	yes	1999-0129 1999-0131
/Vulnerable Sendmail version: 8\.7$/i			yes	1999-0129 1999-0130 1999-0131
/Vulnerable Sendmail version: 8\.7\.([0-9]+)/i && $1<6	yes	1999-0129 1999-0130 1999-0131
/Vulnerable Sendmail version: 8\.7\.([0-9]+)/i && $1>5	yes	1999-0129 1999-0130
/Vulnerable Sendmail version: 8\.8$/i			yes	1999-0129 1999-0130 1999-0206
/Vulnerable Sendmail version: 8\.8\.([0-9]+)/i && $1<2	yes	1999-0129 1999-0130 1999-0206
/Vulnerable Sendmail version: 8\.8\.2$/i		yes	1999-0129 1999-0130
/Vulnerable Sendmail version: 8\.8\.3$/i		yes	1999-0047 1999-0129
/Vulnerable Sendmail version: 8\.8\.4$/i		yes	1999-0047
/unauthorized access via web server \(php.cgi\)/i	yes	1999-0058
/unauthorized access via web server \(phf\)/i		yes	1999-0067
/CGI gives information about system \(test-cgi\)/i	yes	1999-0070
/WUFtp pre 2.4/i					no	1999-0035 1999-0080 1999-0879 1999-0880 1999-0955
/WUFtp 2.4/i						no	1999-0035 1999-0368 1999-0878 1999-0879 1999-0880
/WUFtp 2.5/i						no	1999-0878 1999-0879 1999-0880
/BeroFTP/i						no	1999-0368 1999-0878 1999-0879 1999-0880
/ProFTP pre 1.2.0pre2/i					no	1999-0368 1999-0878 1999-0879 1999-0880
/Sendmail is vulnerable to attack using DEBUG command/i	no	1999-0095
/Sendmail can write to user files using DECODE/i	no	1999-0096
/chargen could be used in DoS attack/i			no	1999-0103
/unauthorized access via web server \(campas\)/i	yes	1999-0146
/unauthorized access via web server \(handler\)/i	yes	1999-0147
/unauthorized access via web server \(aglimpse\)/i	yes	1999-0148
/CGI gives information about system \(wrap/i		yes	1999-0149
/Exports \S+ via portmapper/i				yes	1999-0168
/unauthorized access via web server \(view-source\)/i	yes	1999-0174
/unauthorized access via web server \(webgais\)/i	yes	1999-0176
/cgi-win\/uploader.exe\) is present/i			yes	1999-0177
/cgi-shl\/win-c-sample.exe\) is present/i		yes	1999-0178
/unauthorized access via web server \(websendmail\)/i	yes	1999-0196
/unauthorized access via web server \(jj\)/i		yes	1999-0260
/unauthorized access via web server \(faxsurvey\)/i	yes	1999-0262
/unauthorized access via web server \(htmlscript\)/i	yes	1999-0264
/unauthorized access via web server \(info2www\)/i	yes	1999-0266
/unauthorized access via web server \(pfdispaly/i	yes	1999-0270
/No X server access control/i				no	1999-0526
/Excessive finger information/i				no	1999-0612
/Information from rusersd could help hacker/i		no	1999-0626
/rexd is vulnerable to the world/i			no	1999-0627
/amd may be vulnerable to buffer overflow/i		no	1999-0704
/nfsd may be vulnerable/i				no	1999-0832
/^buffer overflow in BIND 8.2/i				yes	1999-0833
/SSH may be vulnerable/i				no	1999-0834
/denial-of-service in BIND 4/i				yes	1999-0010 1999-0011 1999-0835 1999-0849 1999-0851
/denial-of-service in BIND 8.([0-9.]+)/i && ($1 < "1.2")	yes	1999-0010 1999-0011 1999-0835 1999-0837 1999-0848 1999-0849 1999-0851
/denial-of-service in BIND 8.([0-9.]+)/i && ($1 >= "1.2") && ($1 < "2.1")	yes	1999-0835 1999-0837 1999-0848 1999-0849 1999-0851
/denial-of-service in BIND 8.2.1/i			yes	1999-0835 1999-0837 1999-0849 1999-0851
/denial-of-service in BIND 8.2.2/i			yes	1999-0849 1999-0851
/CGI gives information about system \(wwwboard/i	yes	1999-0953
/sadmind may be vulnerable to buffer overflow/i		yes	1999-0977
/unauthorized access via web server \(htaccess\)/i	yes	2000-0208
/SGI fam may be vulnerable/i				no	1999-0059
/Possible buffer overflow in Netscape/i			no	1999-0853
/Buffer overflow in Netscape/i				no	1999-0744 1999-0751 1999-0752 1999-0853
/Calendar Manager service may be vulnerable/i		yes	1999-0320 1999-0696
/AIX ftpd buffer overflow/i				no	1999-0789
/shop\/product.as[pt]\) is present/i			yes	2000-0161
/Compaq Insight Manager is vulnerable/i			no	1999-0771 1999-0772
/Compaq Insight Manager may be vulnerable/i		no	1999-0771 1999-0772
/unauthorized access via web server \(infosrch.cgi\)/i	yes	2000-0207
/Possible buffer overflow in UnixWare i2odialogd/i	no	2000-0026
/nisd may be vulnerable to buffer overflow/i		no	1999-0008
/Possible buffer overflow in IIS/i			no	1999-0874
/ODBC RDS Vulnerability/i				yes	1999-1011
/objectserver daemon may be vulnerable/i		no	2000-0245
/Possible vulnerability in Visual Interdev/i		no	2000-0260
/guestbook\.pl\) is present/i				yes	1999-0237
/guestbook\.cgi\) is present/i				yes	1999-0237
/excite\) is present/i					yes	1999-0279
/unauthorized access via web server \(imagemap.exe\)/i	yes	1999-0951
/Directory listing through wp tag/i			no	2000-0236
/Is your Kerberos secure/i				no	2000-0389 2000-0390 2000-0391
/emurl\/RECMAN.dll\) is present/i			yes	2000-0397
/unauthorized access via web server \(counterfiglet/i	yes	2000-0424
/unauthorized access via web server \(calendar_admin.pl/i	yes	2000-0432
/unauthorized access via web server \(calendar\/calendar_admin.pl/i	yes	2000-0432
/Gauntlet or WebShield cyberdaemon may be vulnerable/i	no	2000-0437
/w3-msql\/index.html\) is present/i			yes	2000-0012
/unauthorized access via web server \(query/i		yes	2000-0039
/unauthorized access via web server/i			yes
/CGI gives information about system/i			yes
/cgi-/i							yes
/Cold Fusion/i						yes
/Exports .* to unprivileged program/i			yes
/Exports .* to everyone/i				yes
/open share at/i					yes
/Guessed password to account/i				yes
/Account .* has no password/i				yes
/guessable read community/i				yes
/guessable write community/i				yes
/Sendmail version buffer overflow/i			yes
/vulnerable pop3 version/i				yes
