|
|
Open Ports Found: 5 (High:0 Low:5)
| Port No | Protocol | Service | Details | ||
|---|---|---|---|---|---|
| 25 | tcp | smtp | ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready | ||
| 80 | tcp | http | Apache/1.3.26 (Unix) Debian GNU/Linux | ||
| 110 | tcp | pop3 | +OK Qpopper (version 4.0.6) starting. | ||
| 443 | tcp | https | Microsoft-IIS 5.0 | ||
| 0 | icmp | echo reply | Response Received |
Vulnerabilities Found: 4 (High:0 Medium:1 Low:3)
| Vulnerability | 11137 | Apache < 1.3.27 multiple vulnerablities | Medium Risk |
|---|
| Description | According to its banner, the remote web server is running a version of Apache older than 1.3.27. This contains a cross site scripting flaw through the Host: header, if UseCanonicalName is Off. There is also a buffer overrun in the ApacheBench module - if this is enabled, it may allow arbitrary code execution. A further vulnerability exists in the shared memory scoreboard, but this is only exploitable by a local user. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to 1.3.27 or higher. Workaround : Set UseCanonicalName to On and disable ApacheBench |
||||
| References | CAN-2002-0839 CAN-2002-0843 CVE-2002-0840 | ||||
| First Found | 13 November 2002 | Port | 80/tcp | Last 6 Months |
|
| Vulnerability | 10759 | Private IP Address Leakage | Low Risk |
|---|
| Description | The remote web server returned headers containing an RFC 1918 private IP address. This exposes an internal IP address that would usually be masked by a proxy or NAT firewall. The information may be useful to an attacker trying to remotely map your network. The private IP address is: 10.0.0.100 |
||||
|---|---|---|---|---|---|
| Solution | For IIS issue "adsutil set w3svc/UseHostName True" and restart | ||||
| References | Bugtraq ID 1499 CAN-2000-0649 Microsoft Knowledge Base Q218180 | ||||
| First Found | 13 March 2003 | Port | 80/tcp, 443/tcp | Last 6 Months |
|
| Vulnerability | 11213 | Webserver Supports TRACE or TRACK Methods | Low Risk |
|---|
| Description | Your webserver supports the TRACE and/or TRACK methods. These increase the exploitability of any cross-site scripting vulnerabilities that may exist in your site. As they are primarily intended for debugging, they can be turned off without reduction of service. | ||||
|---|---|---|---|---|---|
| Solution | Disable these methods on production servers IIS : Use the IIS Lockdown Wizard Apache : Use mod_rewrite to redirect unallowed verbs to the forbidden target |
||||
| References | CERT VU#867593 WhiteHat Advisory | ||||
| First Found | 13 May 2002 | Port | 80/tcp | Last 6 Months |
|
| Vulnerability | 11915 | Apache < 1.3.29 Multiple Local Flaws | Low Risk |
|---|
| Description | According to its banner (or an analysis of its behaviour), this web server is running a version of Apache earlier than 1.3.29. These contain buffer overruns in mod_alias and mod_rewrite, which can be exploited by a local user to escalate their privileges. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version, or apply a patch. | ||||
| References | Bugtraq CAN-2003-0542 | ||||
| First Found | 13 November 2002 | Port | 80/tcp | Last 6 Months |
|
Vulnerabilities Fixed Since Last Month: 1 (High:0 Medium:0 Low:1)
| Vulnerability | 12279 | QPopper <= 4.0.5 User Names Information Leakage | Low Risk |
|---|
| Description | According to its banner, this host is running a vulnerable version of QPopper. These versions return a different error message on failed login, depending on whether the user name exists. An attacker can use this to enumate the existence of all users - the starting point for a password guessing attack. | ||||
|---|---|---|---|---|---|
| Solution | No patch is currently available. You must either accept this risk of choose another POP3 server. | ||||
| References | Bugtraq_7110 CAN-2001-1068 | ||||
| First Found | 13 March 2003 | Port | 110/tcp | Last 6 Months |
|
Historical Information
