Non-compliant with sections 1.1.5, 1.1.6, 1.1.7, 1.2, 1.3.2, 1.3.6, 2.2.2, 1.3.8
All ports open through the perimeter must be thoroughly documented and controlled.
82 undocumented outbound ports detected through the firewall.
The following undocumented open ports were detected:
UDP Ports
TCP Ports
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
21282
32964
Non-compliant with sections 1.1.5, 1.1.6, 1.1.7, 1.2, 1.3.2, 1.3.6, 2.2.2, 1.3.8
All ports open inbound must be thoroughly documented and controlled.
81 undocumented inbound ports detected through the firewall.
The following undocumented open ports were detected:
UDP Ports
TCP Ports
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
47796
9 EXP ciphers are supported: These ciphers use key lengths of less than 64 bits and may be used without export restrictions.
1 LOW ciphers are supported: These ciphers use key lengths of 56 or 64 bits but do not include export compatible ciphers.
1 HIGH ciphers are supported: These ciphers use key lengths greater than 128 bits.
Non-compliant with section 4.1
SSL must use at least 128 bit encryption
LOW ciphers are not in compliance with the standard.
EXP ciphers are not in compliance with the standard.
EXP1024-DHE-DSS-RC4-SHA is not supported.
EXP1024-RC4-SHA is supported.
EXP1024-DHE-DSS-DES-CBC-SHA is not supported.
EXP1024-DES-CBC-SHA is supported.
EXP1024-RC2-CBC-MD5 is supported.
EXP1024-RC4-MD5 is supported.
EXP-EDH-RSA-DES-CBC-SHA is not supported.
EXP-EDH-DSS-DES-CBC-SHA is not supported.
EXP-DES-CBC-SHA is supported.
EXP-RC2-CBC-MD5 is supported.
EXP-RC4-MD5 is supported.
EXP-ADH-DES-CBC-SHA is not supported.
EXP-ADH-RC4-MD5 is not supported.
EXP-RC2-CBC-MD5 is supported.
EXP-RC4-MD5 is supported.
EDH-RSA-DES-CBC-SHA is not supported.
EDH-DSS-DES-CBC-SHA is not supported.
DES-CBC-SHA is supported.
RC4-64-MD5 is not supported.
DES-CBC-MD5 is not supported.
NULL-SHA is not supported.
NULL-MD5 is not supported.
EDH-RSA-DES-CBC3-SHA is not supported.
EDH-DSS-DES-CBC3-SHA is not supported.
DES-CBC3-SHA is supported.
DES-CBC3-MD5 is not supported.
Non-compliant with section 11.2
All vulnerabilities classed Medium and higher must be remediated.
Medium: 19
High: 0
Serious: 0
Critical: 0
Host: 128.226.1.10
Service: www (80/tcp)
Type: NOTE
The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
"Cross-Site-Tracing", when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your legitimate web users to
give him their credentials.
Solution :
Add the following lines for each virtual host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE
Host: 128.226.1.10
Service: www (80/tcp)
Type: NOTE
The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
"Cross-Site-Tracing", when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your legitimate web users to
give him their credentials.
Solution :
Add the following lines for each virtual host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE
Host: 128.226.1.10
Service: https (443/tcp)
Type: NOTE
The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
"Cross-Site-Tracing", when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your legitimate web users to
give him their credentials.
Solution :
Add the following lines for each virtual host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE
Host: 128.226.1.10
Service: ssh (22/tcp)
Type: NOTE
Remote SSH version : SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3
Remote SSH supported authentication : publickey,password,keyboard-interactive
Host: 128.226.1.10
Service: www (80/tcp)
Type: NOTE
The remote web server type is :
Apache/1.3.26 (Unix) Debian GNU/Linux PHP/4.1.2
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
Host: 128.226.1.10
Service: https (443/tcp)
Type: NOTE
The remote web server type is :
Apache/1.3.26 Ben-SSL/1.48 (Unix) Debian GNU/Linux PHP/4.1.2
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
Host: 128.226.1.10
Service: www (80/tcp)
Type: NOTE
A web server is running on this port
Host: 128.226.1.10
Service: https (443/tcp)
Type: NOTE
A web server is running on this port through SSL
Host: 128.226.1.10
Service: https (443/tcp)
Type: NOTE
A SSLv2 server answered on this port
Host: 128.226.1.10
Service: ssh (22/tcp)
Type: NOTE
An ssh server is running on this port
Host: 128.226.1.10
Service: domain (53/udp)
Type: NOTE
BIND 'NAMED' is an open-source DNS server from ISC.org.
Many proprietary DNS servers are based on BIND source code.
The BIND based NAMED servers (or DNS servers) allow remote users
to query for version and type information. The query of the CHAOS
TXT record 'version.bind', will typically prompt the server to send
the information back to the querying source.
The remote bind version is : 9.2.1
Solution :
Using the 'version' directive in the 'options' section will block
the 'version.bind' query, but it will not log such attempts.
Host: 128.226.1.10
Service: www (80/tcp)
Type: INFO
The remote host is running a version of PHP <= 4.2.2.
The mail() function does not properly sanitize user input.
This allows users to forge email to make it look like it is
coming from a different source other than the server.
Users can exploit this even if SAFE_MODE is enabled.
Solution : Contact your vendor for the latest PHP release.
Risk factor : Medium
CVE : CVE-2002-0985, CVE-2002-0986
BID : 5562
Host: 128.226.1.10
Service: www (80/tcp)
Type: INFO
The remote host is running a version of PHP <= 4.2.2.
The mail() function does not properly sanitize user input.
This allows users to forge email to make it look like it is
coming from a different source other than the server.
Users can exploit this even if SAFE_MODE is enabled.
Solution : Contact your vendor for the latest PHP release.
Risk factor : Medium
CVE : CVE-2002-0985, CVE-2002-0986
BID : 5562
Host: 128.226.1.10
Service: https (443/tcp)
Type: INFO
The remote host is running a version of PHP <= 4.2.2.
The mail() function does not properly sanitize user input.
This allows users to forge email to make it look like it is
coming from a different source other than the server.
Users can exploit this even if SAFE_MODE is enabled.
Solution : Contact your vendor for the latest PHP release.
Risk factor : Medium
CVE : CVE-2002-0985, CVE-2002-0986
BID : 5562
Host: 128.226.1.10
Service: https (443/tcp)
Type: INFO
The SSL certificate of the remote service expired Jun 29 17:02:51 2005 GMT!
Host: 128.226.1.10
Service: https (443/tcp)
Type: INFO
The remote host appears to be running Apache 1.3.33 or older.
There is a local buffer overflow in the 'htpasswd' command in these
versions that may allow a local user to gain elevated privileges if
'htpasswd' is run setuid or a remote user to run arbitrary commands
remotely if the script is accessible through a CGI.
*** Note that Nessus solely relied on the version number
*** of the remote server to issue this warning. This might
*** be a false positive
See also : http://archives.neohapsis.com/archives/bugtraq/2004-10/0345.html
Solution : Make sure htpasswd does not run setuid and is not accessible
through any CGI scripts.
Risk factor : Medium
BID : 13777, 13778
Host: 128.226.1.10
Service: https (443/tcp)
Type: INFO
The remote web server appears to be running a version of Apache that is older
than version 1.3.32.
This version is vulnerable to a heap based buffer overflow in proxy_util.c
for mod_proxy. This issue may lead remote attackers to cause a denial of
service and possibly execute arbitrary code on the server.
Solution: Don't use mod_proxy or upgrade to a newer version.
Risk factor: Medium
CVE : CVE-2004-0492
BID : 10508
Host: 128.226.1.10
Service: https (443/tcp)
Type: INFO
The target is running an Apache web server that may not properly handle
access controls. In effect, on big-endian 64-bit platforms, Apache
fails to match allow or deny rules containing an IP address but not a
netmask.
***** Nessus has determined the vulnerability exists only by looking at
***** the Server header returned by the web server running on the target.
***** If the target is not a big-endian 64-bit platform, consider this a
***** false positive.
Additional information on the vulnerability can be found at :
- http://www.apacheweek.com/features/security-13
- http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722
- http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850
Solution : Upgrade to Apache version 1.3.31 or newer.
Risk factor : Medium
CVE : CVE-2003-0993
BID : 9829
Other references : GLSA:GLSA 200405-22, MDKSA:MDKSA-2004:046, OpenPKG-SA:OpenPKG-SA-2004.021-apache, SSA:SSA:2004-133-01, TSLSA:TSLSA-2004-0027
Host: 128.226.1.10
Service: https (443/tcp)
Type: INFO
The remote web server appears to be running a version of
Apache that is less that 2.0.49 or 1.3.31.
These versions are vulnerable to a denial of service attack where a remote
attacker can block new connections to the server by connecting to a listening
socket on a rarely accessed port.
Solution: Upgrade to Apache 2.0.49 or 1.3.31.
CVE : CVE-2004-0174
BID : 9921
Non-compliant with section 11.2
All vulnerabilities classed Medium and higher must be remediated.
Medium: 19
High: 0
Serious: 0
Critical: 0
Host: 128.226.1.10
Service: www (80/tcp)
Type: NOTE
The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
"Cross-Site-Tracing", when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your legitimate web users to
give him their credentials.
Solution :
Add the following lines for each virtual host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE
Host: 128.226.1.10
Service: www (80/tcp)
Type: NOTE
The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
"Cross-Site-Tracing", when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your legitimate web users to
give him their credentials.
Solution :
Add the following lines for each virtual host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE
Host: 128.226.1.10
Service: https (443/tcp)
Type: NOTE
The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
"Cross-Site-Tracing", when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your legitimate web users to
give him their credentials.
Solution :
Add the following lines for each virtual host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE
Host: 128.226.1.10
Service: ssh (22/tcp)
Type: NOTE
Remote SSH version : SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3
Remote SSH supported authentication : publickey,password,keyboard-interactive
Host: 128.226.1.10
Service: www (80/tcp)
Type: NOTE
The remote web server type is :
Apache/1.3.26 (Unix) Debian GNU/Linux PHP/4.1.2
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
Host: 128.226.1.10
Service: https (443/tcp)
Type: NOTE
The remote web server type is :
Apache/1.3.26 Ben-SSL/1.48 (Unix) Debian GNU/Linux PHP/4.1.2
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
Host: 128.226.1.10
Service: www (80/tcp)
Type: NOTE
A web server is running on this port
Host: 128.226.1.10
Service: https (443/tcp)
Type: NOTE
A web server is running on this port through SSL
Host: 128.226.1.10
Service: https (443/tcp)
Type: NOTE
A SSLv2 server answered on this port
Host: 128.226.1.10
Service: ssh (22/tcp)
Type: NOTE
An ssh server is running on this port
Host: 128.226.1.10
Service: domain (53/udp)
Type: NOTE
BIND 'NAMED' is an open-source DNS server from ISC.org.
Many proprietary DNS servers are based on BIND source code.
The BIND based NAMED servers (or DNS servers) allow remote users
to query for version and type information. The query of the CHAOS
TXT record 'version.bind', will typically prompt the server to send
the information back to the querying source.
The remote bind version is : 9.2.1
Solution :
Using the 'version' directive in the 'options' section will block
the 'version.bind' query, but it will not log such attempts.
Host: 128.226.1.10
Service: www (80/tcp)
Type: INFO
The remote host is running a version of PHP <= 4.2.2.
The mail() function does not properly sanitize user input.
This allows users to forge email to make it look like it is
coming from a different source other than the server.
Users can exploit this even if SAFE_MODE is enabled.
Solution : Contact your vendor for the latest PHP release.
Risk factor : Medium
CVE : CVE-2002-0985, CVE-2002-0986
BID : 5562
Host: 128.226.1.10
Service: www (80/tcp)
Type: INFO
The remote host is running a version of PHP <= 4.2.2.
The mail() function does not properly sanitize user input.
This allows users to forge email to make it look like it is
coming from a different source other than the server.
Users can exploit this even if SAFE_MODE is enabled.
Solution : Contact your vendor for the latest PHP release.
Risk factor : Medium
CVE : CVE-2002-0985, CVE-2002-0986
BID : 5562
Host: 128.226.1.10
Service: https (443/tcp)
Type: INFO
The remote host is running a version of PHP <= 4.2.2.
The mail() function does not properly sanitize user input.
This allows users to forge email to make it look like it is
coming from a different source other than the server.
Users can exploit this even if SAFE_MODE is enabled.
Solution : Contact your vendor for the latest PHP release.
Risk factor : Medium
CVE : CVE-2002-0985, CVE-2002-0986
BID : 5562
Host: 128.226.1.10
Service: https (443/tcp)
Type: INFO
The SSL certificate of the remote service expired Jun 29 17:02:51 2005 GMT!
Host: 128.226.1.10
Service: https (443/tcp)
Type: INFO
The remote host appears to be running Apache 1.3.33 or older.
There is a local buffer overflow in the 'htpasswd' command in these
versions that may allow a local user to gain elevated privileges if
'htpasswd' is run setuid or a remote user to run arbitrary commands
remotely if the script is accessible through a CGI.
*** Note that Nessus solely relied on the version number
*** of the remote server to issue this warning. This might
*** be a false positive
See also : http://archives.neohapsis.com/archives/bugtraq/2004-10/0345.html
Solution : Make sure htpasswd does not run setuid and is not accessible
through any CGI scripts.
Risk factor : Medium
BID : 13777, 13778
Host: 128.226.1.10
Service: https (443/tcp)
Type: INFO
The remote web server appears to be running a version of Apache that is older
than version 1.3.32.
This version is vulnerable to a heap based buffer overflow in proxy_util.c
for mod_proxy. This issue may lead remote attackers to cause a denial of
service and possibly execute arbitrary code on the server.
Solution: Don't use mod_proxy or upgrade to a newer version.
Risk factor: Medium
CVE : CVE-2004-0492
BID : 10508
Host: 128.226.1.10
Service: https (443/tcp)
Type: INFO
The target is running an Apache web server that may not properly handle
access controls. In effect, on big-endian 64-bit platforms, Apache
fails to match allow or deny rules containing an IP address but not a
netmask.
***** Nessus has determined the vulnerability exists only by looking at
***** the Server header returned by the web server running on the target.
***** If the target is not a big-endian 64-bit platform, consider this a
***** false positive.
Additional information on the vulnerability can be found at :
- http://www.apacheweek.com/features/security-13
- http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722
- http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850
Solution : Upgrade to Apache version 1.3.31 or newer.
Risk factor : Medium
CVE : CVE-2003-0993
BID : 9829
Other references : GLSA:GLSA 200405-22, MDKSA:MDKSA-2004:046, OpenPKG-SA:OpenPKG-SA-2004.021-apache, SSA:SSA:2004-133-01, TSLSA:TSLSA-2004-0027
Host: 128.226.1.10
Service: https (443/tcp)
Type: INFO
The remote web server appears to be running a version of
Apache that is less that 2.0.49 or 1.3.31.
These versions are vulnerable to a denial of service attack where a remote
attacker can block new connections to the server by connecting to a listening
socket on a rarely accessed port.
Solution: Upgrade to Apache 2.0.49 or 1.3.31.
CVE : CVE-2004-0174
BID : 9921
Non-compliant with sections 1.1.5, 1.1.6, 1.1.7, 1.2, 1.3.2, 1.3.8
All ports open on a firewall must be thoroughly documented and controlled.
2 undocumented ports detected on the internal firewall interface.
The following undocumented open ports were detected:
22
111
Non-compliant with sections 1.1.5, 1.1.6, 1.1.7, 1.2, 1.3.2, 1.3.8
All ports open on a firewall must be thoroughly documented and controlled.
2 undocumented ports detected on the internal firewall interface.
The following undocumented open ports were detected:
22
111