|
Open Ports Found: 2 (High:0 Low:2)
| Port No | Protocol | Service | Details | ||
|---|---|---|---|---|---|
| 80 | tcp | http | Lotus-Domino/0 | ||
| 1723 | tcp | pptp | Closed Immediately with TCP FIN |
Vulnerabilities Found: 3 (High:0 Medium:2 Low:1)
| Vulnerability | 10629 | Lotus Domino Anonymous Database Access | Medium Risk |
|---|
| Description | We were able to read the following Domino databases from the web server, without any authentication:
http://192.168.0.106/certlog.nsf
This usually represents a security risk as the information contained is accessible to anyone on the internet.
|
||||
|---|---|---|---|---|---|
| Solution | Reconfigure Domino to require authentication for these databases. | ||||
| References | CAN-2000-0021 CAN-2002-0664 | ||||
| First Found | 11 February 2003 | Port | 80/tcp | Last 6 Months |
|
| Vulnerability | 11718 | Lotus Domino Database Lock DoS | Medium Risk |
|---|
| Description | According to its banner, this host is running a vulnerable version of Lotus Domino. It is possible to lock out some databases by requesting them through the web interface with a carefully crafted URL. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version, or apply a patch. | ||||
| References | CVE-2001-0954 | ||||
| First Found | 11 January 0003 | Port | 80/tcp | Last 6 Months |
|
| Vulnerability | 10622 | PPTP Information Leakage | Low Risk |
|---|
| Description | The host appears to be running a PPTP (VPN) service. In it's default configuration, the PPTP service leaks information such as hostname and PPTP version number. An attacker can use this information to focus their attack strategy. | ||||
|---|---|---|---|---|---|
| Solution | Replace the version strings with "unknown" | ||||
| First Found | 11 February 2003 | Port | 1723/tcp | Last 6 Months |
|
Historical Information
