|
|
Open Ports Found: 3 (High:0 Low:3)
| Port No | Protocol | Service | Details | ||
|---|---|---|---|---|---|
| 21 | tcp | ftp | 220 ProFTPD 1.2.1 Server (www.example.com) | ||
| 80 | tcp | http | Apache 1.3.20 Sun Cobalt (Unix) mod_ssl 2.8.4 OpenSSL 0.9.6b PHP 4.3.1 mod_auth_pam_external 0.1 FrontPage 4.0.4.3 mod_perl 1.25 | ||
| 443 | tcp | https | Valid certificate: www.example.com |
Ports Closed Since Last Month: 1 (High:0 Low:1)
| Port No | Protocol | Service | Details | ||
|---|---|---|---|---|---|
| 3 | icmp | timestamp reply | Timestamp is 10:46:03 |
Vulnerabilities Found: 8 (High:2 Medium:2 Low:4)
| Vulnerability | 11030 | Apache < 1.3.25 Chunked Encoding Vulnerability | High Risk |
|---|
| Description | The remote host is running a version of Apache that is older than 1.3.25 or 2.0.37. This version is vulnerable to a buffer overflow, which can crash the server. Remote users with no special permissions may be able to execute arbitrary code with the permissions of the web server. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version | ||||
| References | Apache Security Alert CERT Advisory CA-2002-17 CVE-2002-0392 | ||||
| First Found | 13 October 2002 | Port | 80/tcp | Last 6 Months |
|
| Vulnerability | 11039 | mod_ssl < 2.8.10 off by one Vulnerability | High Risk |
|---|
| Description | The remote host is using a version of mod_ssl which is older than 2.8.10. This version is vulnerable to an "off by one" buffer overflow. Remote users with no special privileges can use this to crash the server. Users who also have write access to .htaccess files may be able to execute abritrary code with the permissions of the web server. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to version 2.8.10 or newer | ||||
| References | CVE-2002-0653 Securiteam advisory | ||||
| First Found | 13 October 2002 | Port | 80/tcp | Last 6 Months |
|
| Vulnerability | 11137 | Apache < 1.3.27 multiple vulnerablities | Medium Risk |
|---|
| Description | According to its banner, the remote web server is running a version of Apache older than 1.3.27. This contains a cross site scripting flaw through the Host: header, if UseCanonicalName is Off. There is also a buffer overrun in the ApacheBench module - if this is enabled, it may allow arbitrary code execution. A further vulnerability exists in the shared memory scoreboard, but this is only exploitable by a local user. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to 1.3.27 or higher. Workaround : Set UseCanonicalName to On and disable ApacheBench |
||||
| References | CAN-2002-0839 CAN-2002-0843 CVE-2002-0840 | ||||
| First Found | 13 October 2002 | Port | No information available | Last 6 Months |
|
| Vulnerability | 12280 | Apache < 1.3.31, 2.0.49 Connection Blocking DoS | Medium Risk |
|---|
| Description | The remote host is running a version of Apache that is older than 1.3.31 or 2.0.49. This version is vulnerable to a denial of service attack where a remote attacker can block new connections to the server by connecting to a listening socket on a rarely accessed port. This version also vulnerable to an input validation error that may allow escape character sequences to be injected into apache log files. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to Apache 1.3.31 or 2.0.49 or newer | ||||
| References | Buqtraq_9921 Buqtraq_9930 CAN-2004-0174 CVE-2003-0020 | ||||
| First Found | 13 February 2003 | Port | 80/tcp | Last 6 Months |
|
| Vulnerability | 10092 | FTP Server type and version detected
|
Low Risk |
|---|
| Description | The remote FTP server reveals its type and version in the banner, or in response to SYST. This gives potential attackers additional information about the system, which may help them choose an effective strategy. Versions and types should be omitted where possible. | ||||
|---|---|---|---|---|---|
| Solution | Change the login banner to something generic. | ||||
| First Found | 13 April 2003 | Port | No information available | Last 6 Months |
|
| Vulnerability | 11213 | Webserver Supports TRACE or TRACK Methods | Low Risk |
|---|
| Description | Your webserver supports the TRACE and/or TRACK methods. These increase the exploitability of any cross-site scripting vulnerabilities that may exist in your site. As they are primarily intended for debugging, they can be turned off without reduction of service. | ||||
|---|---|---|---|---|---|
| Solution | Disable these methods on production servers IIS : Use the IIS Lockdown Wizard Apache : Use mod_rewrite to redirect unallowed verbs to the forbidden target |
||||
| References | CERT VU#867593 WhiteHat Advisory | ||||
| First Found | 13 March 2003 | Port | 80/tcp | Last 6 Months |
|
| Vulnerability | 11915 | Apache < 1.3.29 Multiple Local Flaws | Low Risk |
|---|
| Description | According to its banner (or an analysis of its behaviour), this web server is running a version of Apache earlier than 1.3.29. These contain buffer overruns in mod_alias and mod_rewrite, which can be exploited by a local user to escalate their privileges. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version, or apply a patch. | ||||
| References | Bugtraq CAN-2003-0542 | ||||
| First Found | 13 January 2003 | Port | 80/tcp | Last 6 Months |
|
| Vulnerability | 90001 | Holes Detected in Firewall Configuration | Low Risk |
|---|
| Description | This host is protected by a firewall. Incoming TCP connections to most ports are blocked, however some ports were discovered where the firewall allows connections, but no service is running. This often indicates a firewall configuration error. The affected ports are: 25 |
||||
|---|---|---|---|---|---|
| Solution | Reconfigure your firewall to block all ports that you are not running services on. | ||||
| References | Firewalls FAQ | ||||
| First Found | 13 November 2002 | Port | general/tcp | Last 6 Months |
|
Vulnerabilities Fixed Since Last Month: 1 (High:0 Medium:0 Low:1)
| Vulnerability | 10114 | Host Responded to ICMP Timestamp Request | Low Risk |
|---|
| Description | The target host responded to an ICMP timestamp request. This allows an attacker to determine the exact time and date set on your server. This information could be used in attacks against time-based authentication protocols. | ||||
|---|---|---|---|---|---|
| Solution | Either disable timestamp replies, or filter them at your firewall. | ||||
| References | CAN-1999-0524 | ||||
| First Found | 13 March 2003 | Port | No information available | Last 6 Months |
|
Historical Information
Stoplisted Vulnerabilities for this Host: 2
| Vulnerability | 12085 | Apache Tomcat servlet/JSP container default files | Low Risk |
|---|
| Description | The Apache Tomcat servlet/JSP container has default files installed such as documentation, default Servlets and JSPs.
These files should be removed as they may help an attacker to guess the exact version of the Apache Tomcat which is running on this host and may provide other useful information. |
||||
|---|---|---|---|---|---|
| Solution | Remove default files, example JSPs and Servlets from the Tomcat Servlet/JSP container. | ||||
| First Found | 13 March 2003 | Port | 443/tcp | Last 6 Months |
|
| Stopped | By: joe.bloggs@technicians.com From: 12 March 2003 To: 12 March 2006 | ||||
| Reason | None specified | ||||
| Vulnerability | 11046 | Apache Tomcat TroubleShooter servlet detected | Low Risk |
|---|
| Description | The remote Apache Tomcat server has the TroubleShooter servlet accessible. This displays information about your system configuration, which may be useful to attackers. It can also be used to perform cross-site scripting attacks. You can access the servlet through this URL:
https://192.168.0.112/examples/servlet/TroubleShooter
|
||||
|---|---|---|---|---|---|
| Solution | Remove the example files from production servers. If you do require this functionality, protect it using password or IP address authentication. | ||||
| First Found | 13 March 2003 | Port | 443/tcp | Last 6 Months |
|
| Stopped | By: joe.bloggs@technicians.com From: 12 March 2003 To: 12 March 2006 | ||||
| Reason | None specified | ||||