Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SMTP service is running.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The TFTP service is running.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SNMP service is running.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The FTP service is running.

The rpc.sprayd service is running.

A version of finger is running that exposes valid user information to any entity on the network.

A system-critical Windows NT registry key has an inappropriate value.

An incorrect configuration of the Webcart CGI program could disclose private information.

An incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information.

An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information.

quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control, which allows remote attackers to obtain the cleartext administrator password and gain privileges.

An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information.

An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information.

An incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information.

In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc.

A network intrusion detection system (IDS) does not properly reassemble fragmented packets.

A network intrusion detection system (IDS) does not properly handle data within TCP handshake packets.

A network intrusion detection system (IDS) does not verify the checksum on a packet.

A network intrusion detection system (IDS) does not properly handle packets with improper sequence numbers.

A network intrusion detection system (IDS) does not properly handle packets that are sent out of order, allowing an attacker to escape detection.