Auto-Update: 2024-12-15T03:00:19.262894+00:00

CVE-1999/CVE-1999-05xx/CVE-1999-0531.json

@@ -5,14 +5,14 @@
   "lastModified": "2023-11-07T01:54:58.853",
   "vulnStatus": "Rejected",
   "cveTags": [],
-  "evaluatorSolution": "This functionality should be disabled, because these commands can be used for attack reconnaissance.",
-  "evaluatorImpact": "This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn\u2019t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration.",
   "descriptions": [
     {
       "lang": "en",
       "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: None.  Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE).  Notes: the former description is: \"An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO."
     }
   ],
   "metrics": {},
-  "references": []
+  "references": [],
+  "evaluatorSolution": "This functionality should be disabled, because these commands can be used for attack reconnaissance.",
+  "evaluatorImpact": "This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn\u2019t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration."
 }

CVE-1999/CVE-1999-06xx/CVE-1999-0614.json

@@ -5,14 +5,14 @@
   "lastModified": "2023-11-07T01:54:59.310",
   "vulnStatus": "Rejected",
   "cveTags": [],
-  "evaluatorSolution": "The FTP Service is an unsecured protocol for Internet facing systems and should only be used on a limited basis to provide a specific functional requirement, otherwise disabled.  Secure alternatives that encrypt communications are available.  The software should be patched and configured properly.",
-  "evaluatorImpact": "This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn\u2019t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration.",
   "descriptions": [
     {
       "lang": "en",
       "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: None.  Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE).  Notes: the former description is: \"The FTP service is running."
     }
   ],
   "metrics": {},
-  "references": []
+  "references": [],
+  "evaluatorSolution": "The FTP Service is an unsecured protocol for Internet facing systems and should only be used on a limited basis to provide a specific functional requirement, otherwise disabled.  Secure alternatives that encrypt communications are available.  The software should be patched and configured properly.",
+  "evaluatorImpact": "This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn\u2019t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration."
 }

CVE-1999/CVE-1999-06xx/CVE-1999-0615.json

@@ -5,14 +5,14 @@
   "lastModified": "2023-11-07T01:54:59.343",
   "vulnStatus": "Rejected",
   "cveTags": [],
-  "evaluatorSolution": "SNMPv3 is a secure protocol for management of networked systems, provided the cryptographic security mechanisms are used.  SNMPv1 and SNMPv2 are unsecured protocols for Internet facing systems and should  only be used on a trusted network segment.  For all versions, the software should be patched and configured properly.",
-  "evaluatorImpact": "This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn\u2019t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration.",
   "descriptions": [
     {
       "lang": "en",
       "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: None.  Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE).  Notes: the former description is: \"The SNMP service is running."
     }
   ],
   "metrics": {},
-  "references": []
+  "references": [],
+  "evaluatorSolution": "SNMPv3 is a secure protocol for management of networked systems, provided the cryptographic security mechanisms are used.  SNMPv1 and SNMPv2 are unsecured protocols for Internet facing systems and should  only be used on a trusted network segment.  For all versions, the software should be patched and configured properly.",
+  "evaluatorImpact": "This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn\u2019t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration."
 }

CVE-1999/CVE-1999-06xx/CVE-1999-0616.json

@@ -5,14 +5,14 @@
   "lastModified": "2023-11-07T01:54:59.373",
   "vulnStatus": "Rejected",
   "cveTags": [],
-  "evaluatorSolution": "The TFTP Service is an unsecured protocol and it should used only on a limited basis on rare occasion to provide a specific functional requirement, otherwise disabled.  Secure alternatives are available.",
-  "evaluatorImpact": "This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn\u2019t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration.",
   "descriptions": [
     {
       "lang": "en",
       "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: None.  Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE).  Notes: the former description is: \"The TFTP service is running."
     }
   ],
   "metrics": {},
-  "references": []
+  "references": [],
+  "evaluatorSolution": "The TFTP Service is an unsecured protocol and it should used only on a limited basis on rare occasion to provide a specific functional requirement, otherwise disabled.  Secure alternatives are available.",
+  "evaluatorImpact": "This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn\u2019t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration."
 }

CVE-1999/CVE-1999-06xx/CVE-1999-0617.json

@@ -5,14 +5,14 @@
   "lastModified": "2023-11-07T01:54:59.410",
   "vulnStatus": "Rejected",
   "cveTags": [],
-  "evaluatorSolution": "The SMTP Service is an unsecured protocol for Internet facing systems (e.g., user authentication not required, communications not encrypted) and should only be used on a limited basis to provide a specific functional requirement, otherwise disabled.  The software should be patched and configured properly.",
-  "evaluatorImpact": "This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn\u2019t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration.",
   "descriptions": [
     {
       "lang": "en",
       "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: None.  Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE).  Notes: the former description is: \"The SMTP service is running."
     }
   ],
   "metrics": {},
-  "references": []
+  "references": [],
+  "evaluatorSolution": "The SMTP Service is an unsecured protocol for Internet facing systems (e.g., user authentication not required, communications not encrypted) and should only be used on a limited basis to provide a specific functional requirement, otherwise disabled.  The software should be patched and configured properly.",
+  "evaluatorImpact": "This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn\u2019t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration."
 }

CVE-1999/CVE-1999-06xx/CVE-1999-0619.json

@@ -5,14 +5,14 @@
   "lastModified": "2023-11-07T01:54:59.450",
   "vulnStatus": "Rejected",
   "cveTags": [],
-  "evaluatorSolution": "The Telnet Service is an unsecured and obsolete protocol and it should be disabled.  Secure alternatives such as SSH are available.",
-  "evaluatorImpact": "This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn\u2019t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration.",
   "descriptions": [
     {
       "lang": "en",
       "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: None.  Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE).  Notes: the former description is: \"The Telnet service is running."
     }
   ],
   "metrics": {},
-  "references": []
+  "references": [],
+  "evaluatorSolution": "The Telnet Service is an unsecured and obsolete protocol and it should be disabled.  Secure alternatives such as SSH are available.",
+  "evaluatorImpact": "This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn\u2019t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration."
 }

CVE-1999/CVE-1999-06xx/CVE-1999-0620.json

@@ -5,14 +5,14 @@
   "lastModified": "2023-11-07T01:54:59.480",
   "vulnStatus": "Rejected",
   "cveTags": [],
-  "evaluatorSolution": "These protocols, such as RPC ypbind, yppasswd, ypserv, ypupdated, and ypxfrd, are unsecured protocols for Internet facing systems and should only be used on a trusted network segment, otherwise disabled.  The software should be patched and configured properly.",
-  "evaluatorImpact": "This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn\u2019t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration.",
   "descriptions": [
     {
       "lang": "en",
       "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: None.  Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE).  Notes: the former description is: \"A component service related to NIS is running."
     }
   ],
   "metrics": {},
-  "references": []
+  "references": [],
+  "evaluatorSolution": "These protocols, such as RPC ypbind, yppasswd, ypserv, ypupdated, and ypxfrd, are unsecured protocols for Internet facing systems and should only be used on a trusted network segment, otherwise disabled.  The software should be patched and configured properly.",
+  "evaluatorImpact": "This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn\u2019t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration."
 }

CVE-1999/CVE-1999-06xx/CVE-1999-0621.json

@@ -5,14 +5,14 @@
   "lastModified": "2023-11-07T01:54:59.540",
   "vulnStatus": "Rejected",
   "cveTags": [],
-  "evaluatorSolution": "This component service should not be allowed to communicate over untrusted networks, such as the Internet, because it is an unsecured protocol (e.g., communications not encrypted).   The software should be patched and configured properly.",
-  "evaluatorImpact": "This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn\u2019t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration.",
   "descriptions": [
     {
       "lang": "en",
       "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: None.  Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE).  Notes: the former description is: \"A component service related to NETBIOS is running."
     }
   ],
   "metrics": {},
-  "references": []
+  "references": [],
+  "evaluatorSolution": "This component service should not be allowed to communicate over untrusted networks, such as the Internet, because it is an unsecured protocol (e.g., communications not encrypted).   The software should be patched and configured properly.",
+  "evaluatorImpact": "This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn\u2019t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration."
 }

CVE-1999/CVE-1999-06xx/CVE-1999-0622.json

@@ -5,14 +5,14 @@
   "lastModified": "2023-11-07T01:54:59.607",
   "vulnStatus": "Rejected",
   "cveTags": [],
-  "evaluatorSolution": "DNS is a critical network service.  It should be fully patched and properly configured for Internet facing servers to avoid common attacks such as DNS spoofing, poisoning, and unauthorized zone transfers.",
-  "evaluatorImpact": "This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn\u2019t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration.",
   "descriptions": [
     {
       "lang": "en",
       "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: None.  Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE).  Notes: the former description is: \"A component service related to DNS service is running."
     }
   ],
   "metrics": {},
-  "references": []
+  "references": [],
+  "evaluatorSolution": "DNS is a critical network service.  It should be fully patched and properly configured for Internet facing servers to avoid common attacks such as DNS spoofing, poisoning, and unauthorized zone transfers.",
+  "evaluatorImpact": "This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn\u2019t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration."
 }