Groups and Contacts | |||
---|---|---|---|
Region | EMEA | Systems Architect | cuthbert@yourcompany.com |
Platform | Microsoft |
Scan Information | |
---|---|
Scan Type | Enterprise |
Started at | 13-Apr-15 11:54 |
Finished at | 13-Apr-15 12:54 |
Port | Protocol | Service | Details | ||
---|---|---|---|---|---|
1433 | tcp | ms-sql-s | No banner found | ||
3306 | tcp | mysql | Response Received | ||
1434 | udp | mssql | Response Received |
Vulnerability | 90027 | High Risk Ports Open | High Risk |
---|
Description | The following high risk ports are open: PORT SERVICE 1433/tcp ms-sql-s 1434/udp mssql 3306/tcp mysql Note: Even if the ports are immediately closed after being opened, this is still a security risk as packets are reaching the destination host. It is recommended to completely drop packets from untrusted sources instead. |
||||
---|---|---|---|---|---|
Solution | Ensure that the ports are filtered by your router or firewall or close the ports on the affected systems. | ||||
Category | Hosting or infrastructure flaw. | ||||
CVE Reference | CVE-MAP-NOMATCH | CVSS2 6.4 (Medium) (AV:N/AC:L/Au:N/C:P/I:P/A:N) | |||
First Found | 13 February 2015 | Port | general | Last 6 Assessments |
Vulnerability | 10481 | MySQL Database Accessible Without Password | High Risk |
---|
Description | This system is running a MySQL service that allows network connections with no password. A remote attacker could use this to manipulate the database in any way. The unpassworded accounts are: |
||||
---|---|---|---|---|---|
Solution | Add a password or restrict access to trusted addresses. | ||||
Category | Hosting or infrastructure flaw. | ||||
References | Bugtraq ID 11704 | ||||
CVE References | CVE-2002-1809 | CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
CVE-2004-1532 | CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P) | ||||
Deadline | 01 April 2015 | ||||
First Found | 13 March 2015 | Port | 3306/tcp | Last 6 Assessments |
Vulnerability | 11378 | MySQL < 3.23.56 Privilege Escalation | Medium Risk |
---|
Description | This system is running a vulnerable version of MySQL, according to its banner. There is insufficient permissions checking in code related to the "select into outfile" SQL command. A database user could use this to overwrite configuration files and escalate privileges. | ||||
---|---|---|---|---|---|
Solution | Upgrade to an unaffected version, or apply a patch. | ||||
Category | Hosting or infrastructure flaw. | ||||
References | Bugtraq ID 7052 | ||||
CVE Reference | CVE-2003-0150 | CVSS2 9.0 (High) (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
First Found | 13 February 2015 | Port | 3306/tcp | Last 6 Assessments |
Vulnerability | 11842 | MySQL < 3.23.58, 4.0.15 Password Overflow | Medium Risk |
---|
Description | This system is running a vulnerable version of MySQL, according to its banner. There is a buffer overrun vulnerability in code related to passwords. A database user could use this to crash the service and take control of the system, by changing their password to a carefully crafted value. | ||||
---|---|---|---|---|---|
Solution | Upgrade to an unaffected version, or apply a patch. | ||||
References | Bugtraq ID 8590 | ||||
CVE Reference | CVE-2003-0780 | CVSS2 9.0 (High) (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
First Found | 13 February 2015 | Port | 3306/tcp | Last 6 Assessments |