CVEs Selected for IPv6 IDS/IPS Testing

The following is a preliminary list of vulnerabilities to be used in generating the attack vectors to be used in IPv6 IDS/IPS testing. Please be aware that this is a list of vulnerabilities only; while perhaps theoretically exploitable, in practice no known exploits for many of them as yet exist. Only those with existing attack vectors will be used for testing.

1. Vulnerability selection criteria

Please note that the CPEs selected are merely intended to be representative of the types of hardware/software found in government networks. This is by no means an exhaustive list; presence on (or absence from) this list does not represent any sort of endorsement on the part of NIST.

2. Vulnerabilities selected, by CPE name

Please note that the numbers of vulnerabilities associated with each CPE does not necessarily indicate anything about the relative vulnerability of the associated product. In particular, some of the associations of CVEs with a particular CPE name seem somewhat arbitrary. 
microsft:
CVE-2008-3466

Microsoft Corporation: 
CVE-2007-6722
CVE-2007-6724
CVE-2008-0082
CVE-2008-2161
CVE-2008-3009
CVE-2008-3010
CVE-2008-3479
CVE-2008-4023
CVE-2008-4038
CVE-2008-4250
CVE-2008-4301
CVE-2008-4563
CVE-2008-4834
CVE-2008-4835
CVE-2009-0086
CVE-2009-0119
CVE-2009-0133
CVE-2009-0137
CVE-2009-0228
CVE-2009-0568
CVE-2009-0869
CVE-2009-1043
CVE-2009-1094
CVE-2009-1096
CVE-2009-1098
CVE-2009-1138
CVE-2009-1628
CVE-2009-1918
CVE-2009-1925
CVE-2009-1930
CVE-2009-1992
CVE-2009-2494
CVE-2009-2505
CVE-2009-2523
CVE-2009-2532
CVE-2009-3096
CVE-2009-3098
CVE-2009-3677
CVE-2009-3953
CVE-2009-3954
CVE-2009-3955
CVE-2010-0138
CVE-2010-0231
CVE-2010-0239
CVE-2010-0240
CVE-2010-0241
CVE-2010-1118

oracle:
CVE-2008-1818
CVE-2008-1822
CVE-2008-1824
CVE-2008-1825
CVE-2008-1827
CVE-2008-1831
CVE-2008-3257
CVE-2008-4006
CVE-2008-4008
CVE-2008-5444
CVE-2008-5448
CVE-2008-5449
CVE-2008-5457
CVE-2009-1006
CVE-2009-1012
CVE-2009-1977
CVE-2009-1979
CVE-2009-1985
CVE-2009-1992
CVE-2009-3403
CVE-2010-0071
CVE-2010-0072
CVE-2010-0079

ca:
CVE-2009-2026
CVE-2009-0042
CVE-2008-4397
CVE-2008-2541
CVE-2008-2241
CVE-2008-1329

hp:
CVE-2007-2280
CVE-2007-2281
CVE-2008-0067
CVE-2008-1661
CVE-2008-1662
CVE-2008-1697
CVE-2008-1842
CVE-2008-2438
CVE-2008-4559
CVE-2008-4562
CVE-2009-0720
CVE-2009-0898
CVE-2009-0921
CVE-2009-1420
CVE-2009-1422
CVE-2009-2685
CVE-2009-3096
CVE-2009-3098
CVE-2009-3842
CVE-2009-3843
CVE-2009-3845
CVE-2009-3846
CVE-2009-3848
CVE-2009-3849
CVE-2009-3999
CVE-2009-4176
CVE-2009-4177
CVE-2009-4178
CVE-2009-4179
CVE-2009-4180
CVE-2009-4181
CVE-2009-4188
CVE-2009-4189
CVE-2010-0444
CVE-2010-0445
CVE-2010-0447

IBM:
CVE-2008-0949
CVE-2008-2240
CVE-2008-3349
CVE-2008-4404
CVE-2008-4563
CVE-2008-4801
CVE-2008-4828
CVE-2008-6821
CVE-2009-0869
CVE-2009-0896
CVE-2009-1240
CVE-2009-1520
CVE-2009-2543
CVE-2009-2753
CVE-2009-2754
CVE-2009-3032
CVE-2009-3473
CVE-2009-3517
CVE-2009-3699
CVE-2009-3854
CVE-2010-0275
CVE-2010-0358

apache:
CVE-2009-2412

cisco:
CVE-2008-0532
CVE-2008-0960
CVE-2008-1154
CVE-2008-1155
CVE-2008-1157
CVE-2008-4296
CVE-2008-4390
CVE-2009-0616
CVE-2009-0617
CVE-2009-0620
CVE-2009-0621
CVE-2009-1161
CVE-2009-1167
CVE-2010-0138
CVE-2010-0140
CVE-2010-0145
CVE-2010-0570
CVE-2010-0580
CVE-2010-0581

juniper:
CVE-2008-0960
CVE-2009-4643

linux:
CVE-2008-1673
CVE-2008-5134

linux.thai:
CVE-2009-4012

sun:
CVE-2003-1573
CVE-2004-2764
CVE-2008-0960
CVE-2008-2403
CVE-2008-2404
CVE-2008-3107
CVE-2008-3108
CVE-2008-3111
CVE-2008-3112
CVE-2008-3113
CVE-2008-3553
CVE-2008-3869
CVE-2008-3870
CVE-2008-4541
CVE-2008-4556
CVE-2008-4910
CVE-2008-5010
CVE-2008-5355
CVE-2008-5685
CVE-2009-0171
CVE-2009-0344
CVE-2009-0345
CVE-2009-1006
CVE-2009-1094
CVE-2009-1096
CVE-2009-1098
CVE-2009-1896
CVE-2009-2296
CVE-2009-2476
CVE-2009-2675
CVE-2009-2689
CVE-2010-0079
CVE-2010-0361
CVE-2010-0444

Adobe Systems Incorporated:
CVE-2008-2641
CVE-2008-4401
CVE-2009-3952
CVE-2009-3953
CVE-2009-3954
CVE-2009-3955

3. All CVEs selected, by CVE number (total of 183):

CVE-2003-1573		CVE-2008-4559		CVE-2009-2476
CVE-2004-2764		CVE-2008-4562		CVE-2009-2494
CVE-2007-2280		CVE-2008-4563		CVE-2009-2505
CVE-2007-2281		CVE-2008-4801		CVE-2009-2523
CVE-2007-6722		CVE-2008-4828		CVE-2009-2532
CVE-2007-6724		CVE-2008-4834		CVE-2009-2543
CVE-2008-0067		CVE-2008-4835		CVE-2009-2675
CVE-2008-0082		CVE-2008-4910		CVE-2009-2685
CVE-2008-0532		CVE-2008-5010		CVE-2009-2689
CVE-2008-0949		CVE-2008-5134		CVE-2009-2753
CVE-2008-0960		CVE-2008-5355		CVE-2009-2754
CVE-2008-1154		CVE-2008-5444		CVE-2009-3032
CVE-2008-1155		CVE-2008-5448		CVE-2009-3096
CVE-2008-1157		CVE-2008-5449		CVE-2009-3098
CVE-2008-1329		CVE-2008-5457		CVE-2009-3403
CVE-2008-1661		CVE-2008-5685		CVE-2009-3473
CVE-2008-1662		CVE-2008-6821		CVE-2009-3517
CVE-2008-1673		CVE-2009-0042		CVE-2009-3677
CVE-2008-1697		CVE-2009-0086		CVE-2009-3699
CVE-2008-1818		CVE-2009-0119		CVE-2009-3842
CVE-2008-1822		CVE-2009-0133		CVE-2009-3843
CVE-2008-1824		CVE-2009-0137		CVE-2009-3845
CVE-2008-1825		CVE-2009-0171		CVE-2009-3846
CVE-2008-1827		CVE-2009-0228		CVE-2009-3848
CVE-2008-1831		CVE-2009-0344		CVE-2009-3849
CVE-2008-1842		CVE-2009-0345		CVE-2009-3854
CVE-2008-2161		CVE-2009-0568		CVE-2009-3952
CVE-2008-2240		CVE-2009-0616		CVE-2009-3953
CVE-2008-2241		CVE-2009-0617		CVE-2009-3954
CVE-2008-2403		CVE-2009-0620		CVE-2009-3955
CVE-2008-2404		CVE-2009-0621		CVE-2009-3999
CVE-2008-2438		CVE-2009-0720		CVE-2009-4012
CVE-2008-2541		CVE-2009-0869		CVE-2009-4176
CVE-2008-2641		CVE-2009-0896		CVE-2009-4177
CVE-2008-3009		CVE-2009-0898		CVE-2009-4178
CVE-2008-3010		CVE-2009-0921		CVE-2009-4179
CVE-2008-3107		CVE-2009-1006		CVE-2009-4180
CVE-2008-3108		CVE-2009-1012		CVE-2009-4181
CVE-2008-3111		CVE-2009-1043		CVE-2009-4188
CVE-2008-3112		CVE-2009-1094		CVE-2009-4189
CVE-2008-3113		CVE-2009-1096		CVE-2009-4643
CVE-2008-3257		CVE-2009-1098		CVE-2010-0071
CVE-2008-3349		CVE-2009-1138		CVE-2010-0072
CVE-2008-3466		CVE-2009-1161		CVE-2010-0079
CVE-2008-3479		CVE-2009-1167		CVE-2010-0138
CVE-2008-3553		CVE-2009-1240		CVE-2010-0140
CVE-2008-3869		CVE-2009-1420		CVE-2010-0145
CVE-2008-3870		CVE-2009-1422		CVE-2010-0231
CVE-2008-4006		CVE-2009-1520		CVE-2010-0239
CVE-2008-4008		CVE-2009-1628		CVE-2010-0240
CVE-2008-4023		CVE-2009-1896		CVE-2010-0241
CVE-2008-4038		CVE-2009-1918		CVE-2010-0275
CVE-2008-4250		CVE-2009-1925		CVE-2010-0358
CVE-2008-4296		CVE-2009-1930		CVE-2010-0361
CVE-2008-4301		CVE-2009-1977		CVE-2010-0444
CVE-2008-4390		CVE-2009-1979		CVE-2010-0445
CVE-2008-4397		CVE-2009-1985		CVE-2010-0447
CVE-2008-4401		CVE-2009-1992		CVE-2010-0570
CVE-2008-4404		CVE-2009-2026		CVE-2010-0580
CVE-2008-4541		CVE-2009-2296		CVE-2010-0581
CVE-2008-4556		CVE-2009-2412		CVE-2010-1118


To return to the NPD issues page: npdfaq.html
To return to the IPv6 software distribution main page:
https://www-x.antd.nist.gov/ipv6

Point Of Contact:
webmaster@antd.nist.gov

Last update: Tue Apr 13 2010.