Criticality: 
System Reference: XG129
System Reference: XG129
| Groups and Contacts | |||
|---|---|---|---|
| Platform | Unix | Business | manager@yourcompany.com |
| Technical | joe.bloggs@technicians.com | ||
Scan Information
|
|
|---|---|
| Scan Type | Enterprise |
| Started at | 13-Apr-15 13:47 |
| Finished at | 13-Apr-15 14:47 |
Ports: 3 (High:0 Low:3)
| Port | Protocol | Service | Details | ||
|---|---|---|---|---|---|
| 80 | tcp | http | Apache/1.3.29 (Unix) mod_ssl/2.8.16 OpenSSL/0.9.7c PHP/4.3.4 | ||
| 443 | tcp | https | Certificate name 'apollo.example.com' does not match hostname | ||
| 10000 | tcp | snet-sensor-mgmt | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN""http://www.w3.org/TR/REC-html40/loose.dtd"><html><head> |
Ports Closed Since the Last Scan: 1 (High:0 Low:1)
| Port | Protocol | Service | Details | ||
|---|---|---|---|---|---|
| 10000 | tcp | https | No banner found |
Vulnerabilities: 3 (High:0 Medium:1 Low:2)
| Vulnerability | 12110 | OpenSSL < 0.9.6m, 0.9.7d SSL/TLS Handshake Denial of Service | Medium Risk |
|---|
| Description | This system is running a vulnerable version of OpenSSL, according to its banner. A null-pointer assignment in the do_change_cipher_spec() function and another flaw when using Kerberos ciphersuites could allow a remote attacker to crash the service using a specially crafted SSL/TLS handshakes. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version, or apply a patch. | ||||
| Category | Hosting or infrastructure flaw. | ||||
| References | OpenSSL Security Advisory [17 March 2004] US-CERT VU#465542 US-CERT VU#288574 | ||||
| CVE References | CVE-2004-0079 | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
| CVE-2004-0112 | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:N/I:N/A:P) | ||||
| First Found | 12 December 2014 | Port | 80/tcp, 443/tcp | Last 6 Assessments | 
|
| Vulnerability | 10766 | Apache mod_userdir Information Leak | Low Risk |
|---|
| Description | This system has the mod_userdir Apache module enabled. This leaks information about which user accounts exists. A request to a non-existant user will always return a 404 (file not found) code. However, if the user exists then the web server may return a 403 (permission denied) code, depending on the permissions on the user's home directory. | ||||
|---|---|---|---|---|---|
| Solution | If you do not need the functionality, disable mod_userdir. Alternatively, mod_rewrite can provide equivalent functionality without the information leak. | ||||
| References | SecuriTeam advisory | ||||
| CVE Reference | CVE-2001-1013 | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
| First Found | 13 December 2014 | Port | 80/tcp, 443/tcp | Last 6 Assessments | 
|
| Vulnerability | 11229 | Script Calling phpinfo() Detected
|
Low Risk |
|---|
| Description | This system has a PHP script that calls phpinfo(). This function displays a significant amount of system and configuration information. A remote attacker could use this for reconnaissance. An example of a URL you can use to exploit this is: https://192.168.0.81/phpinfo.php |
||||
|---|---|---|---|---|---|
| Solution | Remove this script, or protect it with some kind of authentication. | ||||
| Category | Application or content flaw. | ||||
| References | phpinfo documentation | ||||
| CVE Reference | CVE-MAP-NOMATCH | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
| Deadline | 13 January 2015 | ||||
| First Found | 12 December 2014 | Port | 80/tcp, 443/tcp | Last 6 Assessments |
|
Historical Information
