Your Company Fixed Vulnerability Descriptions - April 2015

Company Reference:
YC 201135
AllNewFixed [Selected] Stoplist

Show Category: 
Filter by CVE or Vulnerability Id:      

Expand / collapse allCollapse Details   Collapse Systems

Collapse   Vulnerability 90027High Risk Ports OpenCollapse  1 SystemHigh Risk
DescriptionThe following high risk ports are open:
[For specific url or description click server link below.]
It is generally not recommended to expose these ports to the Internet as they may be used as attack vectors. If access to these services from remote sites is required, tunnelling or a VPN would be recommended instead of exposing these ports.
Note: Even if the ports are immediately closed after being opened, this is still a security risk as packets are reaching the destination host. It is recommended to completely drop packets from untrusted sources instead. 
SolutionEnsure that the ports are filtered by your router or firewall or close the ports on the affected systems. 
CategoryHosting or infrastructure flaw.
CVE ReferenceCVE-MAP-NOMATCHCVSS2 6.4 (Medium) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Systemswww.yourcompany.net (192.168.0.102)    

Collapse   Vulnerability 11793Apache < 1.3.28 Multiple flawsCollapse  1 SystemMedium Risk
DescriptionAccording to its banner, this web server is running a version of Apache older than 1.3.28. This version contains fixes for multiple minor denial of service flaws. Although these are not exploitable in all configurations, it is recommended that you upgrade to the latest version. 
SolutionUpgrade to an unaffected version. 
CategoryHosting or infrastructure flaw.
ReferencesApache 1.3 Changelog   
CVE References CVE-2002-0061CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
  CVE-2003-0460CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Systemswww.yourcompany.net (192.168.0.102)    

Collapse   Vulnerability 10736DCE Services EnumerationCollapse  1 SystemMedium Risk
DescriptionIt is possible for any remote user to connect to port 135 on this host and enumerate the available DCE services. The information leaked is relatively low risk, although an attacker could use it to focus their strategy. However, the vulnerability is more worrying because it shows that Windows file sharing (NetBIOS) is accessible over the internet, which is considered unwise.
[For specific url or description click server link below.]
 
SolutionUse a firewall to restrict access to Windows file sharing ports to trusted addresses. 
CategoryHosting or infrastructure flaw.
CVE ReferenceCVE-MAP-NOMATCHCVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Systemswww.yourcompany.net (192.168.0.102)    

Collapse   Vulnerability 10965SSH 3 AllowedAuthenticationCollapse  1 SystemMedium Risk
DescriptionAccording to its banner, the remote server is running a version of SSH which is between 3.0.0 and 3.1.2. There is a vulnerability in this release that may, under some circumstances, allow users to authenticate using a password whereas it is not explicitely listed as a valid authentication mecanism. An attacker may use this flaw to attempt to brute force a password using a dictionnary attack (if the passwords used are weak).  
SolutionUpgrade to version 3.1.2 of SSH which solves this problem. 
ReferencesBugtraq ID 4810   
CVE References CVE-2002-1646CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
  CVE-2005-0962CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Systemsmail.example.com (192.168.0.111)    

Collapse   Vulnerability 10114ICMP Timestamp RequestCollapse  1 SystemLow Risk
DescriptionThis system responds to ICMP timestamp requests. A remote attacker could use such requests to determine the exact date and time on the system. This information could be used in attacks against time-based authentication protocols. 
SolutionEither disable timestamp replies, or filter them at your firewall. 
CVE Reference CVE-1999-0524CVSS2 0.0 (Low) (AV:L/AC:L/Au:N/C:N/I:N/A:N)
Systemswww.example.com (192.168.0.112)    

Collapse   Vulnerability 10021Identd enabledCollapse  1 SystemLow Risk
DescriptionThe ident service appears to be running on the remote host. This service provides sensitive information to an attacker, allowing them to enumerate which accounts are running which services. 
SolutionDisable this service or restrict it to trusted IP addresses 
CVE Reference CVE-1999-0629CVSS2 0.0 (Low) (AV:N/AC:L/Au:N/C:N/I:N/A:N)
Systemswww.your_company.fr (192.168.0.105)    

Collapse   Vulnerability 10640Kerberos PingPong DOSCollapse  1 SystemLow Risk
DescriptionThe remote kerberos server seems to be vulnerable to a pingpong attack. When contacted on the UDP port, this service always responds, even to bogus data. An attacker can cause a denial of service attack, by spoofing a packet between two machines running this service. This will cause them to spew data at each other, saturating the network.  
SolutionDisable this service in /etc/inetd.conf.  
CVE Reference CVE-1999-0103CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Systemswww.your_company.fr (192.168.0.105)    

Collapse   Vulnerability 10759Private IP Address LeakageCollapse  1 SystemLow Risk
DescriptionThis system exposes its RFC 1918 private IP address. This is the internal IP address of the system, that would usually be masked by a proxy or NAT firewall. This information may be useful to an attacker trying to remotely map your network or prepare an attack. The private IP address is:
[For specific url or description click server link below.]
 
SolutionUpdate your web server configuration. For IIS, issue "adsutil set w3svc/UseHostName True" and restart. On Apache, ensure that ServerName in httpd.conf is set to a hostname. 
CategoryHosting or infrastructure flaw.
ReferencesBugtraq ID 1499    Microsoft Knowledge Base Q218180    RFC 1918   
CVE Reference CVE-2000-0649CVSS2 2.6 (Low) (AV:N/AC:H/Au:N/C:P/I:N/A:N)
Systemswww.your_company.nl (192.168.0.103)    

Collapse   Vulnerability 12279QPopper <= 4.0.5 User Names Information LeakageCollapse  1 SystemLow Risk
DescriptionAccording to its banner, this host is running a vulnerable version of QPopper. These versions return a different error message on failed login, depending on whether the user name exists. An attacker can use this to enumerate users - the starting point for a password guessing attack. 
SolutionNo patch is currently available. You must either accept this risk or choose another POP3 server. 
ReferencesBugtraq ID 7110   
CVE Reference CVE-2001-1068CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Systemswww.yourcompany.co.uk (192.168.0.100)    

Scans by RatwareUK