Your Company Vulnerability Descriptions - April 2015

Company Reference:
YC 201135
Sub-Report:
US
All [Selected]NewFixed Stoplist

Vulnerability Statistics

 2
 2
 3
 2
 0
 0		High risk vulnerabilities found.
Medium risk vulnerabilities found.
Low risk vulnerabilities found.
New vulnerabilities found.
Urgent vulnerabilities found.
Overdue vulnerabilities found. 		 2
 0
 0
 2
 1
 0
 0		Systems (67%) had high risk vulnerabilities.
Systems (0%) had medium risk vulnerabilities.
Systems (0%) had low risk vulnerabilities.
Systems (67%) had vulnerabilities.
Systems (33%) had no vulnerabilities.
Systems (0%) had urgent vulnerabilities.
Systems (0%) had overdue vulnerabilities.		 Scan Type
Start Date
End Date
Report Generated
Systems Scanned
New Systems 		Enterprise
13-Apr-15 11:54
16-Apr-15 16:32
01-Jul-15 15:50
3
1

Key Increase No change DecreaseHigh RiskMedium RiskLow Risk

 

Summary of Vulnerabilities

Download Summary CSV...

Show Category: 
Hosting VulnerabilitiesDesign Vulnerabilities
Filter by CVE or Vulnerability Id:      

Expand / collapse allCollapse Details   Collapse Graphs   Collapse Systems

Collapse   Vulnerability Collapse   90027High Risk Ports OpenCollapse  1 SystemHigh Risk
DescriptionThe following high risk ports are open: 
[For specific url or description click server link below.]
It is generally not recommended to expose these ports to the Internet as they may be used as attack vectors. If access to these services from remote sites is required, tunnelling or a VPN would be recommended instead of exposing these ports.
Note: Even if the ports are immediately closed after being opened, this is still a security risk as packets are reaching the destination host. It is recommended to completely drop packets from untrusted sources instead. 
SolutionEnsure that the ports are filtered by your router or firewall or close the ports on the affected systems. 
CategoryHosting or infrastructure flaw.
CVE ReferenceCVE-MAP-NOMATCHCVSS2 6.4 (Medium) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Systemswww.yourcompany.com (192.168.0.101)   NEW  

Collapse   Vulnerability Collapse   10882SSH Protocol Version 1 EnabledCollapse  1 SystemHigh Risk
DescriptionThis system is running an SSH service with SSH protocol version 1 enabled. This version of the protocols is not completely cryptographically secure. A passive eavesdropper could use these weaknesses to extract information such as the lengths of passwords and commands. 
SolutionConfigure your SSH service to only use protocol version 2. For OpenSSH, set the 'Protocol' option to '2'. 
CategoryHosting or infrastructure flaw.
ReferencesUS-CERT VU#596827    OSVDB ID 2116   
CVE References CVE-2001-0361CVSS2 4.0 (Medium) (AV:N/AC:H/Au:N/C:P/I:P/A:N)
  CVE-2001-0572CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
  CVE-2001-1473CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Systemswww.yourcompany.net (192.168.0.102)   [Jan 2015]  

Collapse   Vulnerability Collapse   10815Cross-Site ScriptingCollapse  1 SystemMedium Risk
DescriptionThis system is running a web server or web application which is vulnerable to Cross-Site Scripting (XSS) attacks. Certain pages include user-supplied input in the response and HTML special characters are not escaped. An attacker could use this to inject malicious JavaScript or HTML code, which will run at the same trust level as the server. This may enable them to steal session cookies, form details, etc. An example that demonstrates this is: 
[For specific url or description click server link below.]
This is simply an example that illustrates the problem, you should fix the underlying issue rather than attempting to prevent this exploit from working.

Note: This vulnerability must be addressed server-side. Adding JavaScript (client-side) validation on form fields does not offer any protection against Cross-Site Scripting or other attacks. 

SolutionRecode your web application to ensure all user supplied input is escaped when displayed, or contact your web application vendor for a patch. Any JavaScript-based fix will not be effective. 
CategoryApplication or content flaw.
ReferencesCERT Advisory CA-2000-02    XSS Anatomy    PHP htmlspecialchars Quoting Function    How To: Prevent Cross-Site Scripting in ASP.NET    OWASP XSS Prevention Cheat Sheet   
CVE ReferenceCVE-MAP-NOMATCHCVSS2 4.3 (Medium) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Systemswww.yourcompany.net (192.168.0.102)   [Dec 2014]  

Collapse   Vulnerability Collapse   10539Globally Useable Name ServerCollapse  1 SystemMedium Risk
DescriptionThis system is running a name server that allows any system on the Internet to perform recursive queries and resolve third-party domain names. An attacker could use this to extract information about your name lookup patterns, and may be able to perform DNS cache poisoning attacks. 
SolutionRestrict recursive queries to trusted addresses. For servers running BIND, use the allow-recursion or allow-query directives. 
CategoryHosting or infrastructure flaw.
ReferencesSecuring Windows Server 2003 Domain Controllers    Disabling recursion in BIND   
CVE Reference CVE-1999-0024CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Systemswww.yourcompany.net (192.168.0.102)   [May 2014]  

Collapse   Vulnerability Collapse   10884NTP Information Leakage   NEWCollapse  1 SystemLow Risk
DescriptionThis system is running an NTP server that responds to information requests. An attacker could use this to extract information about the system, e.g. operating system, upstream NTP server and detailed clock information. 
SolutionConfigure ntpd to ignore information requests. Alternatively, use a firewall to restrict NTP to trusted addresses. 
CategoryHosting or infrastructure flaw.
CVE ReferenceCVE-MAP-NOMATCHCVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Systemswww.yourcompany.com (192.168.0.101)   NEW  

Collapse   Vulnerability Collapse   12217DNS Cache SnoopingCollapse  1 SystemLow Risk
DescriptionThis system is running a DNS server that accepts queries from any address (although recursive queries may be disabled). The name server responds differently for domains that have recently been looked-up. An attacker could use this to determine if certain sites have been visited by users of this nameserver. 
SolutionRestrict access to DNS caches to local users. For Bind, use the "AllowQuery" directive. 
CategoryHosting or infrastructure flaw.
ReferencesDNS Cache Snooping    What is DNS Cache Snooping?   
CVE ReferenceCVE-MAP-NOMATCHCVSS2 0.0 (Low) (AV:N/AC:M/Au:N/C:N/I:N/A:N)
Systemswww.yourcompany.net (192.168.0.102)   [Mar 2015]  

Collapse   Vulnerability Collapse   11213TRACE and/or TRACK Methods EnabledCollapse  1 SystemLow Risk
DescriptionThis system supports the HTTP TRACE and/or TRACK methods. These increase the exploitability of any cross-site scripting vulnerabilities that may exist in your site. As they are primarily intended for debugging, they can be turned off without reduction of service. 
SolutionDisable these methods on production servers.
Microsoft IIS 6 and IIS 7: Use the URLScan Security tool
Microsoft IIS 5: Use the IIS Lockdown tool
Apache httpd: Use mod_rewrite to redirect unallowed verbs to the forbidden target, or with newer versions use the configuration option 'TraceEnable off'. 
CategoryHosting or infrastructure flaw.
ReferencesUS-CERT VU#867593    UrlScan Security Tool    IIS Lockdown Tool    Apache TraceEnable Directive   
CVE References CVE-2003-1567CVSS2 2.6 (Low) (AV:N/AC:H/Au:N/C:P/I:N/A:N)
  CVE-2004-2320CVSS2 2.6 (Low) (AV:N/AC:H/Au:N/C:P/I:N/A:N)
  CVE-2010-0386CVSS2 2.6 (Low) (AV:N/AC:H/Au:N/C:P/I:N/A:N)
Systemswww.yourcompany.net (192.168.0.102)   [Dec 2014]  

Scans by RatwareUK