CVEs Selected for IPv6 IDS/IPS Testing

The following is a preliminary list of vulnerabilities to be used in generating the attack vectors to be used in IPv6 IDS/IPS testing. Please be aware that this is a list of vulnerabilities only; while perhaps theoretically exploitable, in practice no known exploits for many of them as yet exist. Only those with existing attack vectors will be used for testing.

1. Vulnerability selection criteria

Please note that the CPEs selected are merely intended to be representative of the types of hardware/software found in government networks. This is by no means an exhaustive list; presence on (or absence from) this list does not represent any sort of endorsement on the part of NIST.

2. Vulnerabilities selected, by CPE name

Please note that the numbers of vulnerabilities associated with each CPE does not necessarily indicate anything about the relative vulnerability of the associated product. In particular, some of the associations of CVEs with a particular CPE name seem somewhat arbitrary. 

Microsoft Corporation:
CVE-2007-6722
CVE-2007-6724
CVE-2008-3009
CVE-2008-3010
CVE-2008-3479
CVE-2008-4023
CVE-2008-4038
CVE-2008-4250
CVE-2008-4301
CVE-2008-4563
CVE-2008-4834
CVE-2008-4835
CVE-2009-0086
CVE-2009-0119
CVE-2009-0133
CVE-2009-0137
CVE-2009-0228
CVE-2009-0568
CVE-2009-0869
CVE-2009-1043
CVE-2009-1094
CVE-2009-1096
CVE-2009-1098
CVE-2009-1138
CVE-2009-1628
CVE-2009-1918
CVE-2009-1925
CVE-2009-1930
CVE-2009-1992
CVE-2009-2494
CVE-2009-2505
CVE-2009-2523
CVE-2009-2532
CVE-2009-3096
CVE-2009-3098
CVE-2009-3677
CVE-2009-3953
CVE-2009-3954
CVE-2009-3955
CVE-2010-0138
CVE-2010-0231
CVE-2010-0239
CVE-2010-0240
CVE-2010-0241
CVE-2010-0269
CVE-2010-0270
CVE-2010-0284
CVE-2010-0476
CVE-2010-0477
CVE-2010-0886
CVE-2010-1118
CVE-2010-1349
CVE-2010-1549
CVE-2010-1988
CVE-2010-2550
CVE-2010-2703

microsft:
CVE-2008-3466

oracle:
CVE-2008-4006
CVE-2008-4008
CVE-2008-5444
CVE-2008-5448
CVE-2008-5449
CVE-2008-5457
CVE-2009-1006
CVE-2009-1012
CVE-2009-1977
CVE-2009-1979
CVE-2009-1985
CVE-2009-1992
CVE-2009-3403
CVE-2010-0071
CVE-2010-0072
CVE-2010-0073
CVE-2010-0079
CVE-2010-0873
CVE-2010-0888
CVE-2010-0898
CVE-2010-0907
CVE-2010-3509

ca:
CVE-2008-4397
CVE-2009-0042
CVE-2009-2026
CVE-2010-1223

symantec:
CVE-2009-1429
CVE-2009-3027
CVE-2009-3032
CVE-2010-0108

hp:
CVE-2007-2280
CVE-2007-2281
CVE-2008-0067
CVE-2008-2438
CVE-2008-4559
CVE-2008-4562
CVE-2009-0720
CVE-2009-0898
CVE-2009-0921
CVE-2009-1420
CVE-2009-1422
CVE-2009-2685
CVE-2009-3096
CVE-2009-3098
CVE-2009-3842
CVE-2009-3843
CVE-2009-3845
CVE-2009-3846
CVE-2009-3848
CVE-2009-3849
CVE-2009-3999
CVE-2009-4176
CVE-2009-4177
CVE-2009-4178
CVE-2009-4179
CVE-2009-4180
CVE-2009-4181
CVE-2009-4188
CVE-2009-4189
CVE-2010-0444
CVE-2010-0445
CVE-2010-0447
CVE-2010-1039
CVE-2010-1549
CVE-2010-1550
CVE-2010-1551
CVE-2010-1552
CVE-2010-1553
CVE-2010-1554
CVE-2010-1555
CVE-2010-1960
CVE-2010-1961
CVE-2010-1962
CVE-2010-2703
CVE-2010-2704
CVE-2010-2710

IBM:
CVE-2008-4404
CVE-2008-4563
CVE-2008-4801
CVE-2008-4828
CVE-2008-6821
CVE-2009-0869
CVE-2009-0896
CVE-2009-1240
CVE-2009-1520
CVE-2009-2543
CVE-2009-2753
CVE-2009-2754
CVE-2009-3032
CVE-2009-3473
CVE-2009-3517
CVE-2009-3699
CVE-2009-3854
CVE-2010-0275
CVE-2010-0358
CVE-2010-1039
CVE-2010-2771
CVE-2010-3187
CVE-2010-3193
CVE-2010-3731
CVE-2010-3754
CVE-2010-3757
CVE-2010-3758
CVE-2010-3759
CVE-2010-3761
CVE-2010-4070

apache:
CVE-2009-2412
CVE-2010-0219

cisco:
CVE-2008-4296
CVE-2008-4390
CVE-2009-0616
CVE-2009-0617
CVE-2009-0620
CVE-2009-0621
CVE-2009-1161
CVE-2009-1167
CVE-2009-4912
CVE-2009-4919
CVE-2010-0138
CVE-2010-0140
CVE-2010-0145
CVE-2010-0570
CVE-2010-0580
CVE-2010-0581
CVE-2010-0595
CVE-2010-0600
CVE-2010-1574
CVE-2010-2976
CVE-2010-2977
CVE-2010-2978
CVE-2010-2984
CVE-2010-3036

juniper:
CVE-2009-4643

fedoraproject:
CVE-2009-1896

linux:
CVE-2008-5134
CVE-2010-2495
CVE-2010-2521
CVE-2010-3416

linux.thai:
CVE-2009-4012

sun:
CVE-2003-1573
CVE-2004-2764
CVE-2008-3869
CVE-2008-3870
CVE-2008-4541
CVE-2008-4556
CVE-2008-4910
CVE-2008-5010
CVE-2008-5355
CVE-2008-5685
CVE-2009-0171
CVE-2009-0344
CVE-2009-0345
CVE-2009-1006
CVE-2009-1094
CVE-2009-1096
CVE-2009-1098
CVE-2009-1896
CVE-2009-2296
CVE-2009-2476
CVE-2009-2675
CVE-2009-2689
CVE-2010-0079
CVE-2010-0361
CVE-2010-0444
CVE-2010-0886
CVE-2010-0887
CVE-2010-3552
CVE-2010-3553
CVE-2010-3554
CVE-2010-3556
CVE-2010-3558
CVE-2010-3559
CVE-2010-3562
CVE-2010-3563
CVE-2010-3565
CVE-2010-3566
CVE-2010-3567
CVE-2010-3568
CVE-2010-3569
CVE-2010-3571
CVE-2010-3572

Adobe Systems Incorporated:
CVE-2008-4401
CVE-2009-0928
CVE-2009-3952
CVE-2009-3953
CVE-2009-3954
CVE-2009-3955
CVE-2010-2863

3. All CVEs selected, by CVE number (total of 224):

CVE-2003-1573		CVE-2009-1043		CVE-2009-4912
CVE-2004-2764		CVE-2009-1094		CVE-2009-4919
CVE-2007-2280		CVE-2009-1096		CVE-2010-0071
CVE-2007-2281		CVE-2009-1098		CVE-2010-0072
CVE-2007-6722		CVE-2009-1138		CVE-2010-0073
CVE-2007-6724		CVE-2009-1161		CVE-2010-0079
CVE-2008-0067		CVE-2009-1167		CVE-2010-0108
CVE-2008-2438		CVE-2009-1240		CVE-2010-0138
CVE-2008-3009		CVE-2009-1420		CVE-2010-0140
CVE-2008-3010		CVE-2009-1422		CVE-2010-0145
CVE-2008-3466		CVE-2009-1429		CVE-2010-0219
CVE-2008-3479		CVE-2009-1520		CVE-2010-0231
CVE-2008-3869		CVE-2009-1628		CVE-2010-0239
CVE-2008-3870		CVE-2009-1896		CVE-2010-0240
CVE-2008-4006		CVE-2009-1918		CVE-2010-0241
CVE-2008-4008		CVE-2009-1925		CVE-2010-0269
CVE-2008-4023		CVE-2009-1930		CVE-2010-0270
CVE-2008-4038		CVE-2009-1977		CVE-2010-0275
CVE-2008-4250		CVE-2009-1979		CVE-2010-0284
CVE-2008-4296		CVE-2009-1985		CVE-2010-0358
CVE-2008-4301		CVE-2009-1992		CVE-2010-0361
CVE-2008-4390		CVE-2009-2026		CVE-2010-0444
CVE-2008-4397		CVE-2009-2296		CVE-2010-0445
CVE-2008-4401		CVE-2009-2412		CVE-2010-0447
CVE-2008-4404		CVE-2009-2476		CVE-2010-0476
CVE-2008-4541		CVE-2009-2494		CVE-2010-0477
CVE-2008-4556		CVE-2009-2505		CVE-2010-0570
CVE-2008-4559		CVE-2009-2523		CVE-2010-0580
CVE-2008-4562		CVE-2009-2532		CVE-2010-0581
CVE-2008-4563		CVE-2009-2543		CVE-2010-0595
CVE-2008-4801		CVE-2009-2675		CVE-2010-0600
CVE-2008-4828		CVE-2009-2685		CVE-2010-0873
CVE-2008-4834		CVE-2009-2689		CVE-2010-0886
CVE-2008-4835		CVE-2009-2753		CVE-2010-0887
CVE-2008-4910		CVE-2009-2754		CVE-2010-0888
CVE-2008-5010		CVE-2009-3027		CVE-2010-0898
CVE-2008-5134		CVE-2009-3032		CVE-2010-0907
CVE-2008-5355		CVE-2009-3096		CVE-2010-1039
CVE-2008-5444		CVE-2009-3098		CVE-2010-1118
CVE-2008-5448		CVE-2009-3403		CVE-2010-1223
CVE-2008-5449		CVE-2009-3473		CVE-2010-1349
CVE-2008-5457		CVE-2009-3517		CVE-2010-1549
CVE-2008-5685		CVE-2009-3677		CVE-2010-1550
CVE-2008-6821		CVE-2009-3699		CVE-2010-1551
CVE-2009-0042		CVE-2009-3842		CVE-2010-1552
CVE-2009-0086		CVE-2009-3843		CVE-2010-1553
CVE-2009-0119		CVE-2009-3845		CVE-2010-1554
CVE-2009-0133		CVE-2009-3846		CVE-2010-1555
CVE-2009-0137		CVE-2009-3848		CVE-2010-1574
CVE-2009-0171		CVE-2009-3849		CVE-2010-1960
CVE-2009-0228		CVE-2009-3854		CVE-2010-1961
CVE-2009-0344		CVE-2009-3952		CVE-2010-1962
CVE-2009-0345		CVE-2009-3953		CVE-2010-1988
CVE-2009-0568		CVE-2009-3954		CVE-2010-2495
CVE-2009-0616		CVE-2009-3955		CVE-2010-2521
CVE-2009-0617		CVE-2009-3999		CVE-2010-2550
CVE-2009-0620		CVE-2009-4012		CVE-2010-2703
CVE-2009-0621		CVE-2009-4176		CVE-2010-2704
CVE-2009-0720		CVE-2009-4177		CVE-2010-2710
CVE-2009-0869		CVE-2009-4178		CVE-2010-2771
CVE-2009-0896		CVE-2009-4179		CVE-2010-2863
CVE-2009-0898		CVE-2009-4180		CVE-2010-2976
CVE-2009-0921		CVE-2009-4181		CVE-2010-2977
CVE-2009-0928		CVE-2009-4188		CVE-2010-2978
CVE-2009-1006		CVE-2009-4189		CVE-2010-2984
CVE-2009-1012		CVE-2009-4643		CVE-2010-3036
CVE-2010-3187		CVE-2010-3559		CVE-2010-3572
CVE-2010-3193		CVE-2010-3562		CVE-2010-3731
CVE-2010-3416		CVE-2010-3563		CVE-2010-3754
CVE-2010-3509		CVE-2010-3565		CVE-2010-3757
CVE-2010-3552		CVE-2010-3566		CVE-2010-3758
CVE-2010-3553		CVE-2010-3567		CVE-2010-3759
CVE-2010-3554		CVE-2010-3568		CVE-2010-3761
CVE-2010-3556		CVE-2010-3569		CVE-2010-4070
CVE-2010-3558		CVE-2010-3571


To return to the NPD issues page: npdfaq.html
To return to the IPv6 software distribution main page:
https://www-x.antd.nist.gov/ipv6

Point Of Contact:
webmaster@antd.nist.gov

Last update: Mon Dec 13 2010.