|
|
Open Ports Found: 2 (High:0 Low:2)
| Port No | Protocol | Service | Details | ||
|---|---|---|---|---|---|
| 100 | tcp | unknown | Apache | ||
| 200 | tcp | unknown | SSH-2.0-OpenSSH_2.9p2 |
Ports Closed Since Last Month: 3 (High:3 Low:0)
| Port No | Protocol | Service | Details | ||
|---|---|---|---|---|---|
| 135 | tcp | msrpc | No banner found | ||
| 137 | tcp | netbios-ns | 8 names found | ||
| 139 | tcp | netbios-ssn | Close Immediately with TCP RST |
Vulnerabilities Found: 5 (High:0 Medium:2 Low:3)
| Vulnerability | 10539 | Useable Remote Name Server | Medium Risk |
|---|
| Description | The remote name server allows recursive queries to be performed by one of our test machines. This allows anyone to use it to resolve third parties names. Remote users can also extract information about your name lookup patterns, and may be able to perform DNS cache poisoning attacks. | ||||
|---|---|---|---|---|---|
| Solution | Restrict recursive queries to trusted addresses. For servers running BIND, use the allow-recursion or allow-query directives. | ||||
| References | CVE-1999-0024 | ||||
| First Found | 13 May 2002 | Port | 53/udp | Last 6 Months |
|
| Vulnerability | 10815 | Web Server Cross Site Scripting | Medium Risk |
|---|
| Description | The remote web server appears to be vulnerable to Cross Site Scripting (XSS) attacks. Certain error or redirect pages include the requested URL, and special characters are not escaped. The vulnerability allows an attacker to insert their own JavaScript/HTML code, which will run at the same trust level as the server. This may enable them to steal session cookies, form details, etc. The cause of this may either be bugs in your webserver software, or errors in your dynamic pages and configuration e.g custom error pages. An example of a URL which causes such an attack is:
https://192.168.0.102/x/<script>alert("vulnerable!")</script>
|
||||
|---|---|---|---|---|---|
| Solution | Either fix your dynamic pages and configuration, or upgrade your web server to an unaffected version. Patches : Allaire/Macromedia Jrun, Allaire/Macromedia, Microsoft IIS, Apache, ColdFusion |
||||
| References | CERT Advisory CA-2000-02 General Info CVE-2002-1060 XSS Anatomy | ||||
| First Found | 13 December 2002 | Port | 80/tcp | Last 6 Months |
|
| Vulnerability | 10882 | SSH Protocol Version 1 Enabled | Low Risk |
|---|
| Description | The remote SSH daemon allows connections using version 1.33 or 1.5 of the SSH protocol. These protocols are not completely cryptographically safe so they should not be used. They allow a passive eavesdropper to extract information, including the lengths of passwords and commands, and the ciphers being used. | ||||
|---|---|---|---|---|---|
| Solution | OpenSSH : Set the 'Protocol' option to '2' SSH.com : Set the 'Ssh1Compatibility' option to 'no' |
||||
| References | CAN-2001-0572 | ||||
| First Found | 13 January 2003 | Port | 22/tcp | Last 6 Months |
|
| Vulnerability | 11213 | Webserver Supports TRACE or TRACK Methods | Low Risk |
|---|
| Description | Your webserver supports the TRACE and/or TRACK methods. These increase the exploitability of any cross-site scripting vulnerabilities that may exist in your site. As they are primarily intended for debugging, they can be turned off without reduction of service. | ||||
|---|---|---|---|---|---|
| Solution | Disable these methods on production servers IIS : Use the IIS Lockdown Wizard Apache : Use mod_rewrite to redirect unallowed verbs to the forbidden target |
||||
| References | CERT VU#867593 WhiteHat Advisory | ||||
| First Found | 13 December 2002 | Port | 100/tcp | Last 6 Months |
|
| Vulnerability | 12217 | DNS Cache Snooping | Low Risk |
|---|
| Description | It is possible for remote attackers to see what domains have been queried through this nameserver, by issuing queries with the "no recursion" bit set. The server responds differently for hosts that have been recently resolved and are cached. | ||||
|---|---|---|---|---|---|
| Solution | Restrict access to DNS caches to local users. | ||||
| References | SideStep | ||||
| First Found | 13 March 2003 | Port | 53/udp | Last 6 Months |
|
Vulnerabilities Fixed Since Last Month: 3 (High:0 Medium:2 Low:1)
| Vulnerability | 10736 | DCE Services Enumeration | Medium Risk |
|---|
| Description | It is possible for any remote user to connect to port 135 on this host and enumerate the available DCE services. The information leaked is relatively low risk, although an attacker could use it to focus their strategy. However, the vulnerability is more worrying because it shows that Windows file sharing (NetBIOS) is accessible over the internet, which is considered unwise. | ||||
|---|---|---|---|---|---|
| Solution | Use a firewall to restrict access to Windows file sharing ports to trusted addresses. | ||||
| First Found | 13 March 2003 | Port | 135/tcp | Last 6 Months |
|
| Vulnerability | 11793 | Apache < 1.3.28 Multiple flaws | Medium Risk |
|---|
| Description | According to its banner, this web server is running a version of Apache older than 1.3.28. This version contains fixes for multiple minor denial of service flaws. Although these are not exploitable in all configurations, it is recommended that you upgrade to the latest version. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to 1.3.28 or higher. | ||||
| References | Apache Announcement CAN-2003-0460 CVE-2002-0061 | ||||
| First Found | 13 March 2003 | Port | No information available | Last 6 Months |
|
| Vulnerability | 10267 | SSH Server type and version | Low Risk |
|---|
| Description | The remote SSH server reveals its type and version. This information may help an attacker focus their attack strategy. Versions and types should be omitted where possible. | ||||
|---|---|---|---|---|---|
| Solution | Change the banner to something generic | ||||
| First Found | 13 March 2003 | Port | No information available | Last 6 Months |
|
Historical Information
