11 12 12 12 0 3 | High risk vulnerabilities found. Medium risk vulnerabilities found. Low risk vulnerabilities found. New vulnerabilities found. Urgent vulnerabilities found. Overdue vulnerabilities found. | 5 1 0 6 0 0 2 | Systems (83%) had high risk vulnerabilities. Systems (17%) had medium risk vulnerabilities. Systems (0%) had low risk vulnerabilities. Systems (100%) had vulnerabilities. Systems (0%) had no vulnerabilities. Systems (0%) had urgent vulnerabilities. Systems (33%) had overdue vulnerabilities. |
Scan Type Start Date End Date Report Generated Systems Scanned New Systems | Enterprise 13-Apr-15 11:54 16-Apr-15 16:32 01-Jul-15 15:53 6 1 |
---|
Key | Increase | No change | Decrease | High Risk | Medium Risk | Low Risk |
---|
Summary of Vulnerabilities | Download Summary CSV... |
Vulnerability | 90064 | Authentication Bypass Through Cookie Manipulation | 1 System | High Risk |
---|
Description | The remote webserver contains a CGI script or web application which uses cookies for authentication in such a way that login bypass is possible by modifying the cookie value. Example cookie values which allow a login are:[For specific url or description click server link below.] | ||||
---|---|---|---|---|---|
Solution | Recode your web application source code to use stronger authentication. | ||||
Category | Application or content flaw. | ||||
CVE Reference | CVE-MAP-NOMATCH | CVSS2 6.8 (Medium) (AV:N/AC:M/Au:N/C:P/I:P/A:N) |
Systems | www.example.com (192.168.0.112) |
---|
Vulnerability | 90109 | Possible Compromise | 1 System | High Risk |
---|
Description | Suspicious content or behaviour from the remote host indicates that it may have been compromised by a virus or remote attacker.[For specific url or description click server link below.] | ||||
---|---|---|---|---|---|
Solution | Consider restoring the host from trusted media. | ||||
Category | N/A | ||||
CVE Reference | CVE-MAP-NOMATCH | CVSS2 10.0 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C) |
Systems | www.yourcompany.co.uk (192.168.0.100) |
---|
Vulnerability | 90139 | Script Allows Arbitrary Command Execution | 1 System | High Risk |
---|
Description | One or more scripts on this host appear to execute commands which can be manipulated by remote users. This flaw may allow arbitrary commands to be executed with the same privileges as the web server. A remote attacker could exploit this flaw to compromise the system. Under some circumstances it may be possible for attacker to elevate the privileges gained though the exploitation of local system flaws. An example that demonstrates this is: [For specific url or description click server link below.] | ||||
---|---|---|---|---|---|
Solution | Recode the web application to ensure that unsanitised user supplied input is never included in executable statements. | ||||
Category | Application or content flaw. | ||||
CVE Reference | CVE-MAP-NOMATCH | CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P) |
Systems | www.yourcompany.co.uk (192.168.0.100) |
---|
Vulnerability | 11139 | Script Appears Vulnerable to SQL Injection | 1 System | High Risk |
---|
Description | One or more scripts on this host appear vulnerable to an SQL injection attack. By requesting the page with parameters containing particular SQL commands, it is possible to force a database level error or otherwise demonstrate that the database is executing user supplied code. This implies that the parameter is being passed to the database without proper input validation. A maliciously crafted parameter could modify the contents of the database, damage it, extract hidden information, allow an attacker to login without a password or allow execution of arbitrary system commands, depending on the type of database. The issue can be demonstrated as follows: [For specific url or description click server link below.] This is simply an example that illustrates the problem, you should fix the underlying injection issue rather than attempting to prevent this exploit from working. Note: Users of Microsoft Internet Explorer may need to disable the 'Show Friendly HTTP Error Messages' option in the Advanced tab of the options dialog in order to see the example properly. | ||||
---|---|---|---|---|---|
Solution | Use bound parameters (also known as parameterised commands) and improve input validation in the web application source code. | ||||
Category | Application or content flaw. | ||||
References | SQL Injection: Modes of Attack, Defence, and Why It Matters OWASP Top Ten - Injection Flaws Security Considerations for SQL Server: SQL Injection Bobby Tables Guide To Preventing SQL Injection SQL Injection Prevention Cheat Sheet | ||||
CVE Reference | CVE-MAP-NOMATCH | CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P) |
Systems | www.yourcompany.co.uk (192.168.0.100) |
---|
Vulnerability | 90085 | Sensitive Information Leakage | 1 System | High Risk |
---|
Description | This host is leaking information that may be commercially sensitive or help an attacker craft an attack. An example of the information leaked can be found below: [For specific url or description click server link below.] | ||||
---|---|---|---|---|---|
Solution | Use a firewall to restrict access to this service. | ||||
Category | Application or content flaw. | ||||
CVE Reference | CVE-MAP-NOMATCH | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:P/I:N/A:N) |
Systems | www.example.com (192.168.0.112) |
---|
Vulnerability | 90027 | High Risk Ports Open | 2 Systems | High Risk |
---|
Description | The following high risk ports are open: [For specific url or description click server link below.] Note: Even if the ports are immediately closed after being opened, this is still a security risk as packets are reaching the destination host. It is recommended to completely drop packets from untrusted sources instead. | ||||
---|---|---|---|---|---|
Solution | Ensure that the ports are filtered by your router or firewall or close the ports on the affected systems. | ||||
Category | Hosting or infrastructure flaw. | ||||
CVE Reference | CVE-MAP-NOMATCH | CVSS2 6.4 (Medium) (AV:N/AC:L/Au:N/C:P/I:P/A:N) |
Systems | dns0.example.com (192.168.0.110) [Oct 2014] | www.yourcompany.com (192.168.0.101) |
---|---|---|
Vulnerability | 11030 | Apache < 1.3.26 Chunked Encoding Vulnerability | 1 System | High Risk |
---|
Description | This system is running a vulnerable version of Apache, according to its banner. There is a buffer overrun vulnerability in code related to chunked encoding. A remote attacker could use this to crash the service and may be able to take control of the system. | ||||
---|---|---|---|---|---|
Solution | Upgrade to an unaffected version, or apply a patch. | ||||
Category | Hosting or infrastructure flaw. | ||||
References | Apache Security Bulletin 20020620 CERT Advisory CA-2002-17 Bugtraq ID 5033 US-CERT VU#944335 Apache 1.3 Changelog | ||||
CVE Reference | CVE-2002-0392 | CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P) |
Systems | www.example.com (192.168.0.112) [Oct 2014] |
---|
Vulnerability | 10605 | BIND < 8.2.3 Buffer Overrun | 1 System | High Risk |
---|
Description | This system is running a vulnerable version of BIND, according to its banner. There is a buffer overrun vulnerability in code related to transaction signatures (TSIG). A remote attacker could use this to crash the service and take control of the system. | ||||
---|---|---|---|---|---|
Solution | Upgrade to an unaffected version, or apply a patch. | ||||
Category | Hosting or infrastructure flaw. | ||||
CVE References | CVE-2001-0010 | CVSS2 10.0 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
CVE-2001-0011 | CVSS2 10.0 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C) | ||||
CVE-2001-0012 | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:P/I:N/A:N) | ||||
CVE-2001-0013 | CVSS2 10.0 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C) | ||||
Deadline | 13 August 2014 |
Systems | dns0.example.com (192.168.0.110) [Mar 2015] |
---|
Vulnerability | 10264 | SNMP Default Community Names | 1 System | High Risk |
---|
Description | This system is running an SNMP agent which uses an easily guessable community string. This enables an attacker to extract a large amount of useful information. If a writeable community string is guessable, an attacker could make configuration changes to the server. Here is a sample of the information that can be extracted: [For specific url or description click server link below.] | ||||
---|---|---|---|---|---|
Solution | Disable SNMP, or change the community string to something unguessable. | ||||
Category | Hosting or infrastructure flaw. | ||||
CVE References | CVE-1999-0186 | CVSS2 10.0 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
CVE-1999-0254 | CVSS2 10.0 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C) | ||||
CVE-1999-0516 | CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P) | ||||
CVE-1999-0517 | CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P) | ||||
CVE-2004-0311 | CVSS2 10.0 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C) | ||||
CVE-2004-1474 | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:N/I:P/A:N) | ||||
CVE-2010-1574 | CVSS2 10.0 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C) |
Systems | dns0.example.com (192.168.0.110) [Feb 2015] |
---|
Vulnerability | 10882 | SSH Protocol Version 1 Enabled | 1 System | High Risk |
---|
Description | This system is running an SSH service with SSH protocol version 1 enabled. This version of the protocols is not completely cryptographically secure. A passive eavesdropper could use these weaknesses to extract information such as the lengths of passwords and commands. | ||||
---|---|---|---|---|---|
Solution | Configure your SSH service to only use protocol version 2. For OpenSSH, set the 'Protocol' option to '2'. | ||||
Category | Hosting or infrastructure flaw. | ||||
References | US-CERT VU#596827 OSVDB ID 2116 | ||||
CVE References | CVE-2001-0361 | CVSS2 4.0 (Medium) (AV:N/AC:H/Au:N/C:P/I:P/A:N) | |||
CVE-2001-0572 | CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P) | ||||
CVE-2001-1473 | CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P) |
Systems | www.yourcompany.net (192.168.0.102) [Jan 2015] |
---|
Vulnerability | 90068 | SSL Certificate Problems | 1 System | Medium Risk |
---|
Description | This system has presented a certificate that does not meet the requirements for establishing a secure session. The problems detected were: [For specific url or description click server link below.] | ||||
---|---|---|---|---|---|
Solution | Ensure you have a valid certificate issued by a trusted certificate authority. | ||||
Category | Hosting or infrastructure flaw. | ||||
References | Wildcard Certificates Public Key Certificates X.509 Certificate Authorities | ||||
CVE Reference | CVE-MAP-NOMATCH | CVSS2 4.3 (Medium) (AV:N/AC:M/Au:N/C:P/I:N/A:N) |
Systems | www.example.com (192.168.0.112) |
---|
Vulnerability | 90072 | Script Allows Arbitrary Redirection | 1 System | Medium Risk |
---|
Description | It is possible to craft a URL which appears to be located on this site, but will redirect users to an arbitrary location. This site could then pose as the legitimate site and prompt users to provide sensitive information. It could also contain any other type of malicious content. The following is an example of a URL which will redirect you to another site:[For specific url or description click server link below.] | ||||
---|---|---|---|---|---|
Solution | Recode scripts to allow redirections only to specific locations, for example limit redirections to your own domain. | ||||
Category | Application or content flaw. | ||||
References | OWASP Guide: Phishing Phishing: Understanding and Preventing Phishing Attacks Anti-Phishing Technology | ||||
CVE Reference | CVE-MAP-NOMATCH | CVSS2 4.3 (Medium) (AV:N/AC:M/Au:N/C:N/I:P/A:N) |
Systems | www.yourcompany.co.uk (192.168.0.100) |
---|
Vulnerability | 90111 | Service Permits Unauthenticated Users to Send Arbitrary Emails | 1 System | Medium Risk |
---|
Description | A service on the remote host appears to allow unauthenticated users to send emails containing arbitrary content. This service might be exploited by a remote attacker to conceal their identity whilst performing activities such as spamming, phishing and fraud. The issue can be demonstrated as follows: [For specific url or description click server link below.] Note: This vulnerability may be a false positive as we do not attempt to send arbitrary messages in order to avoid the possibility of crashing the service. | ||||
---|---|---|---|---|---|
Solution | Restrict the service to authenticated users, restrict the allowed recipient email addresses or prevent users from controlling the email's content. Implementing a captcha mechanism could help prevent the attacker from automating their activities. | ||||
Category | Application or content flaw. | ||||
CVE Reference | CVE-MAP-NOMATCH | CVSS2 0.0 (Low) (AV:N/AC:L/Au:N/C:N/I:N/A:N) |
Systems | www.yourcompany.co.uk (192.168.0.100) |
---|
Vulnerability | 90091 | XPath Injection | 1 System | Medium Risk |
---|
Description | One or more scripts on this host appear vulnerable to XPath injection attacks. By requesting a page with parameters containing particular XPath elements, it is possible to force an XPath error or otherwise demonstrate that the user supplied code is being interpreted as XPath statements. This implies that a parameter is being passed to an XPath interpreter without proper input validation. A maliciously crafted parameter might be able to extract hidden information, bypass login requirements or even perform code execution depending on the XPath parser used. The issue can be demonstrated as follows: [For specific url or description click server link below.] This is simply an example that illustrates the problem, you should fix the underlying injection issue rather than attempting to prevent this exploit from working. | ||||
---|---|---|---|---|---|
Solution | Perform input validation within the web application and utilise query parameterisation where supported by the XPath parser. | ||||
Category | Application or content flaw. | ||||
References | XPath Injection - Threat Classification | ||||
CVE Reference | CVE-MAP-NOMATCH | CVSS2 6.8 (Medium) (AV:N/AC:M/Au:N/C:P/I:P/A:P) |
Systems | www.example.com (192.168.0.112) |
---|
Vulnerability | 11137 | Apache < 1.3.27 Multiple Vulnerabilities | 2 Systems | Medium Risk |
---|
Description | This system is running a vulnerable version of Apache, according to its banner. There is a cross-site scripting vulnerability through the Host: header, if UseCanonicalName is Off. Exploitation is only possible where wildcard DNS is used. There is also a buffer overrun in the ApacheBench module - if this is enabled, it may allow arbitrary code execution. A further vulnerability exists in the shared memory scoreboard, but this is only exploitable by a local user. | ||||
---|---|---|---|---|---|
Solution | Upgrade to an unaffected version, or apply a patch. Workaround : Set UseCanonicalName to On and disable ApacheBench | ||||
Category | Hosting or infrastructure flaw. | ||||
References | Apache 1.3 Changelog | ||||
CVE References | CVE-2002-0839 | CVSS2 7.2 (High) (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
CVE-2002-0840 | CVSS2 6.8 (Medium) (AV:N/AC:M/Au:N/C:P/I:P/A:P) | ||||
CVE-2002-0843 | CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P) |
Systems | www.example.com (192.168.0.112) [Oct 2014] | www.yourcompany.co.uk (192.168.0.100) [Nov 2014] |
---|---|---|
Vulnerability | 12280 | Apache < 1.3.31, 2.0.49 Multiple Vulnerabilities | 1 System | Medium Risk |
---|
Description | This system is running a vulnerable version of Apache HTTP Server, according to its banner or fingerprint. It is possible for remote attackers to inject escape characters in the log files. A remote attacker can also cause a denial of service by making a long-lasting connection to a rarely used port. For Apache 1.x on 64-bit platforms, there is a mod_access weakness related to IP address rules without a netmask. | ||||
---|---|---|---|---|---|
Solution | Upgrade to an unaffected version, or apply a patch. | ||||
Category | Hosting or infrastructure flaw. | ||||
References | Buqtraq ID 9930 Buqtraq_9921 Buqtraq ID 9829 US-CERT VU#132110 Apache 2.0 Changelog Apache 1.3 Changelog | ||||
CVE References | CVE-2003-0020 | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
CVE-2003-0993 | CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P) | ||||
CVE-2004-0174 | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:N/I:N/A:P) |
Systems | www.example.com (192.168.0.112) [Feb 2015] |
---|
Vulnerability | 11039 | Apache mod_ssl < 2.8.10 off by one Vulnerability | 1 System | Medium Risk |
---|
Description | This system is running a vulnerable version of the mod_ssl Apache module. There is an "off by one" buffer overrun in code related to parsing configuration. A local user with control over .htaccess files could use this to crash the service or take control of the system. | ||||
---|---|---|---|---|---|
Solution | Upgrade to an unaffected version, or apply a patch. | ||||
Category | Hosting or infrastructure flaw. | ||||
References | Securiteam advisory Bugtraq ID 5084 | ||||
CVE Reference | CVE-2002-0653 | CVSS2 4.6 (Medium) (AV:L/AC:L/Au:N/C:P/I:P/A:P) |
Systems | www.example.com (192.168.0.112) [Oct 2014] |
---|
Vulnerability | 10815 | Cross-Site Scripting | 1 System | Medium Risk |
---|
Description | This system is running a web server or web application which is vulnerable to Cross-Site Scripting (XSS) attacks. Certain pages include user-supplied input in the response and HTML special characters are not escaped. An attacker could use this to inject malicious JavaScript or HTML code, which will run at the same trust level as the server. This may enable them to steal session cookies, form details, etc. An example that demonstrates this is: [For specific url or description click server link below.] Note: This vulnerability must be addressed server-side. Adding JavaScript (client-side) validation on form fields does not offer any protection against Cross-Site Scripting or other attacks. | ||||
---|---|---|---|---|---|
Solution | Recode your web application to ensure all user supplied input is escaped when displayed, or contact your web application vendor for a patch. Any JavaScript-based fix will not be effective. | ||||
Category | Application or content flaw. | ||||
References | CERT Advisory CA-2000-02 XSS Anatomy PHP htmlspecialchars Quoting Function How To: Prevent Cross-Site Scripting in ASP.NET OWASP XSS Prevention Cheat Sheet | ||||
CVE Reference | CVE-MAP-NOMATCH | CVSS2 4.3 (Medium) (AV:N/AC:M/Au:N/C:N/I:P/A:N) |
Systems | www.yourcompany.net (192.168.0.102) [Dec 2014] |
---|
Vulnerability | 10595 | DNS Zone Transfer | 1 System | Medium Risk |
---|
Description | This system is running a name server that allows DNS zone transfers to be performed. This information could be useful to an attacker trying to map your network. The configuration may be intentional, but it's usual practice to restrict zone transfers. Here is a sample of the data that can be extracted: [For specific url or description click server link below.] | ||||
---|---|---|---|---|---|
Solution | Restrict zone transfers to trusted addresses, usually just your slave name servers | ||||
Category | Hosting or infrastructure flaw. | ||||
CVE Reference | CVE-1999-0532 | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
Deadline | 13 February 2015 |
Systems | dns0.example.com (192.168.0.110) [Mar 2015] |
---|
Vulnerability | 10539 | Globally Useable Name Server | 1 System | Medium Risk |
---|
Description | This system is running a name server that allows any system on the Internet to perform recursive queries and resolve third-party domain names. An attacker could use this to extract information about your name lookup patterns, and may be able to perform DNS cache poisoning attacks. | ||||
---|---|---|---|---|---|
Solution | Restrict recursive queries to trusted addresses. For servers running BIND, use the allow-recursion or allow-query directives. | ||||
Category | Hosting or infrastructure flaw. | ||||
References | Securing Windows Server 2003 Domain Controllers Disabling recursion in BIND | ||||
CVE Reference | CVE-1999-0024 | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:N/I:P/A:N) |
Systems | www.yourcompany.net (192.168.0.102) [May 2014] |
---|
Vulnerability | 12110 | OpenSSL < 0.9.6m, 0.9.7d SSL/TLS Handshake Denial of Service | 1 System | Medium Risk |
---|
Description | This system is running a vulnerable version of OpenSSL, according to its banner. A null-pointer assignment in the do_change_cipher_spec() function and another flaw when using Kerberos ciphersuites could allow a remote attacker to crash the service using a specially crafted SSL/TLS handshakes. | ||||
---|---|---|---|---|---|
Solution | Upgrade to an unaffected version, or apply a patch. | ||||
Category | Hosting or infrastructure flaw. | ||||
References | OpenSSL Security Advisory [17 March 2004] US-CERT VU#288574 US-CERT VU#465542 | ||||
CVE References | CVE-2004-0079 | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
CVE-2004-0112 | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:N/I:N/A:P) |
Systems | apollo.example.com (192.168.0.81) [Nov 2014] |
---|
Vulnerability | 10884 | NTP Information Leakage | 1 System | Low Risk |
---|
Description | This system is running an NTP server that responds to information requests. An attacker could use this to extract information about the system, e.g. operating system, upstream NTP server and detailed clock information. | ||||
---|---|---|---|---|---|
Solution | Configure ntpd to ignore information requests. Alternatively, use a firewall to restrict NTP to trusted addresses. | ||||
Category | Hosting or infrastructure flaw. | ||||
CVE Reference | CVE-MAP-NOMATCH | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:P/I:N/A:N) |
Systems | www.yourcompany.com (192.168.0.101) |
---|
Vulnerability | 11213 | TRACE and/or TRACK Methods Enabled | 3 Systems | Low Risk |
---|
Description | This system supports the HTTP TRACE and/or TRACK methods. These increase the exploitability of any cross-site scripting vulnerabilities that may exist in your site. As they are primarily intended for debugging, they can be turned off without reduction of service. | ||||
---|---|---|---|---|---|
Solution | Disable these methods on production servers. Microsoft IIS 6 and IIS 7: Use the URLScan Security tool Microsoft IIS 5: Use the IIS Lockdown tool Apache httpd: Use mod_rewrite to redirect unallowed verbs to the forbidden target, or with newer versions use the configuration option 'TraceEnable off'. | ||||
Category | Hosting or infrastructure flaw. | ||||
References | US-CERT VU#867593 UrlScan Security Tool IIS Lockdown Tool Apache TraceEnable Directive | ||||
CVE References | CVE-2003-1567 | CVSS2 2.6 (Low) (AV:N/AC:H/Au:N/C:P/I:N/A:N) | |||
CVE-2004-2320 | CVSS2 2.6 (Low) (AV:N/AC:H/Au:N/C:P/I:N/A:N) | ||||
CVE-2010-0386 | CVSS2 2.6 (Low) (AV:N/AC:H/Au:N/C:P/I:N/A:N) |
Systems | www.example.com (192.168.0.112) [Mar 2015] | www.yourcompany.co.uk (192.168.0.100) [May 2014] |
---|---|---|
www.yourcompany.net (192.168.0.102) [Dec 2014] |
Vulnerability | 11915 | Apache < 1.3.29 Multiple Local Flaws | 2 Systems | Low Risk |
---|
Description | This system is running a vulnerable version of Apache, according to its banner. This version contains buffer overruns in mod_alias and mod_rewrite. A local user could exploit these to escalate their privileges. | ||||
---|---|---|---|---|---|
Solution | Upgrade to an unaffected version, or apply a patch. | ||||
References | Bugtraq Apache 1.3 Changelog | ||||
CVE Reference | CVE-2003-0542 | CVSS2 7.2 (High) (AV:L/AC:L/Au:N/C:C/I:C/A:C) |
Systems | www.example.com (192.168.0.112) [Jan 2015] | www.yourcompany.co.uk (192.168.0.100) [Nov 2014] |
---|---|---|
Vulnerability | 90001 | Holes Detected in Firewall Configuration | 2 Systems | Low Risk |
---|
Description | This system is protected by a firewall which blocks access to TCP ports in inconsistent ways. Incoming TCP connections to most ports are simply dropped, however some ports were discovered where the connection is actively refused, for example with a TCP RST. This often indicates a firewall configuration error, and commonly occurs when the configuration has not been altered in line with changing system configuration behind the firewall. For example when a service such as a mail server is removed, but the corresponding firewall rule is not. The TCP ports which actively refuse connections are: [For specific url or description click server link below.] | ||||
---|---|---|---|---|---|
Solution | Reconfigure your firewall to completely drop all connections on ports that you are not running services on. | ||||
Category | Hosting or infrastructure flaw. | ||||
References | Firewalls FAQ | ||||
CVE Reference | CVE-MAP-NOMATCH | CVSS2 2.6 (Low) (AV:N/AC:H/Au:N/C:P/I:N/A:N) |
Systems | dns0.example.com (192.168.0.110) | www.example.com (192.168.0.112) [Nov 2014] |
---|---|---|
Vulnerability | 10766 | Apache mod_userdir Information Leak | 1 System | Low Risk |
---|
Description | This system has the mod_userdir Apache module enabled. This leaks information about which user accounts exists. A request to a non-existant user will always return a 404 (file not found) code. However, if the user exists then the web server may return a 403 (permission denied) code, depending on the permissions on the user's home directory. | ||||
---|---|---|---|---|---|
Solution | If you do not need the functionality, disable mod_userdir. Alternatively, mod_rewrite can provide equivalent functionality without the information leak. | ||||
References | SecuriTeam advisory | ||||
CVE Reference | CVE-2001-1013 | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:P/I:N/A:N) |
Systems | apollo.example.com (192.168.0.81) [Dec 2014] |
---|
Vulnerability | 12217 | DNS Cache Snooping | 1 System | Low Risk |
---|
Description | This system is running a DNS server that accepts queries from any address (although recursive queries may be disabled). The name server responds differently for domains that have recently been looked-up. An attacker could use this to determine if certain sites have been visited by users of this nameserver. | ||||
---|---|---|---|---|---|
Solution | Restrict access to DNS caches to local users. For Bind, use the "AllowQuery" directive. | ||||
Category | Hosting or infrastructure flaw. | ||||
References | DNS Cache Snooping What is DNS Cache Snooping? | ||||
CVE Reference | CVE-MAP-NOMATCH | CVSS2 0.0 (Low) (AV:N/AC:M/Au:N/C:N/I:N/A:N) |
Systems | www.yourcompany.net (192.168.0.102) [Mar 2015] |
---|
Vulnerability | 10759 | Private IP Address Leakage | 1 System | Low Risk |
---|
Description | This system exposes its RFC 1918 private IP address. This is the internal IP address of the system, that would usually be masked by a proxy or NAT firewall. This information may be useful to an attacker trying to remotely map your network or prepare an attack. The private IP address is:[For specific url or description click server link below.] | ||||
---|---|---|---|---|---|
Solution | Update your web server configuration. For IIS, issue "adsutil set w3svc/UseHostName True" and restart. On Apache, ensure that ServerName in httpd.conf is set to a hostname. | ||||
Category | Hosting or infrastructure flaw. | ||||
References | Bugtraq ID 1499 Microsoft Knowledge Base Q218180 RFC 1918 | ||||
CVE Reference | CVE-2000-0649 | CVSS2 2.6 (Low) (AV:N/AC:H/Au:N/C:P/I:N/A:N) |
Systems | www.yourcompany.co.uk (192.168.0.100) [Mar 2015] |
---|
Vulnerability | 11229 | Script Calling phpinfo() Detected | 1 System | Low Risk |
---|
Description | This system has a PHP script that calls phpinfo() . This function displays a significant amount of system and configuration information. A remote attacker could use this for reconnaissance. An example of a URL you can use to exploit this is: [For specific url or description click server link below.] | ||||
---|---|---|---|---|---|
Solution | Remove this script, or protect it with some kind of authentication. | ||||
Category | Application or content flaw. | ||||
References | phpinfo documentation | ||||
CVE Reference | CVE-MAP-NOMATCH | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
Deadline | 13 January 2015 |
Systems | apollo.example.com (192.168.0.81) [Nov 2014] |
---|