Detailed Scan Report

NETSPARKER SCAN REPORT SUMMARY
TARGET URL http://www.jhu.edu/

SCAN DATE 1/14/2015 9:15:28 AM
REPORT DATE 1/14/2015 4:40:58 PM
SCAN DURATION 06:38:56
Total
Requests
121476
Average
Speed
5.07 req/sec.
16
4
0
8
identified
confirmed
SCAN SETTINGS
ENABLED SQL Injection, SQL Injection (Boolean), SQL
ENGINES Injection (Blind), Cross-site Scripting,
Command Injection, Command Injection (Blind),
Local File Inclusion, Remote File Inclusion,
Remote Code Evaluation, HTTP Header Injection,
Open Redirection, Expression Language
Injection, Web App Fingerprint, RoR Code
Execution, WebDAV
Authentication
Scheduled
critical
informational
VULNERABILITIES
MEDIUM
6%
LOW
44
%
INFORMATION
50
%
1 / 23
VULNERABILITY SUMMARY
URL
Vulnerability
Confirmed
Version
Disclosure
(Apache)
No
TRACE/TRAC
K Method
Detected
No
OPTIONS
Method
Enabled
Yes
Out-of-date
Version
(Apache)
No
/'%22-%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Enetsparker(0x000005)%
3C/scRipt%3E
E-mail
Address
Disclosure
No
/~homepage/
Programmin
g Error
Message
No
/~homepage/_assets/js/hub.widget.js
[Possible]
Internal
Path
Disclosure
(*nix)
No
/~homepage/main/utils/
Directory
Listing
(Apache)
No
/admis/pdf/2009/
Forbidden
Resource
Yes
/cgi-bin/cgiwrap/
[Possible]
Internal IP
Address
Disclosure
No
/cgi-bin/form2.pl
Internal
Server Error
Yes
/hr/fasap/descriptions/WS_FTP.LOG
[Possible]
Internal
Path
Disclosure
(Windows)
No
/hr/fasap/questions.html
[Possible]
Cross-site
Request
Forgery
Detected
No
/news/podcasts/
[Possible]
Source Code
Disclosure
(ColdFusion)
No
/robots.txt
Robots.txt
Detected
Yes
/sitemap.xml
Sitemap
Detected
No
Parameter
Method
2 / 23
1. [Possible] Source Code Disclosure (ColdFusion)

Netsparker identified possible source code disclosure (ColdFusion).
An attacker can obtain server-side source code of the web application, which can contain sensitive data - such as
database connection strings, usernames and passwords - along with the technical and business logic of the application.
1 TOTAL
MEDIUM
Impact
Depending on the source code, database connection strings, username, and passwords, the internal workings and the business logic of the
application might be revealed. With such information, an attacker can mount the following types of attacks:
Access the database or other data resources. Depending on the privileges of the account obtained from the source code, it may be possible
to read, update or delete arbitrary data from the database.
Gain access to password protected administrative mechanisms such as dashboards, management consoles and admin panels, hence
gaining full control of the application.
Develop further attacks by investigating the source code for input validation errors and logic vulnerabilities.
Actions to Take
1. Confirm exactly what aspects of the source code are actually disclosed; due to the limitations of these types of vulnerability, it might not
be possible to confirm this in all instances. Confirm this is not an intended functionality.
2. If it is a file required by the application, change its permissions to prevent public users from accessing it. If it is not, then remove it from
the web server.
3. Ensure that the server has all the current security patches applied.
4. Remove all temporary and backup files from the web server.
Required Skills for Successful Exploitation

This is dependent on the information obtained from the source code. Uncovering these forms of vulnerabilities does not require high levels of
skills. However, a highly skilled attacker could leverage this form of vulnerability to obtain account information from databases or administrative
panels, ultimately leading to the control of the application or even the host the application resides on.
External References
Secureyes - Source Code Disclosure over Http
Classification
OWASP 2010-A6 OWASP 2013-A5 PCI V1.2-6.5.6 CWE-540 CAPEC-118 WASC-13
1.1. /news/podcasts/
http://www.jhu.edu/news/podcasts/
Certainty
Request
GET /news/podcasts/ HTTP/1.1
Cache-Control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: www.jhu.edu
Accept-Encoding: gzip, deflate
3 / 23
Response
/EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<cfinclude template="#folderreader#">
<cfoutput>
<title>The Johns Hopkins University - Podcasts</title>
</cfoutput>

<meta name="description"
</ul>
</div>
</div>

<div id="clearIt"></div>
</div>

<cfset bottomnav="/hits_includes/utils/inc_bottom-navigation.cfm">


 <html xmlns="http://www.w3.org/1999/xhtml"> 
<head>
<script type="text/javascript">
_udn = ".jhu.edu";
</script>
[an error occurred while processing this directive]
<script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script>

<meta http-equiv="X-UA-Compatible" content="IE=Emulate
7 / 23
5. TRACE/TRACK Method Detected

Netsparker detected the TRACE/TRACK method is allowed.
1 TOTAL
LOW
Impact
It is possible to bypass the HttpOnly cookie limitation and read the cookies in a cross-site scripting attack by using the TRACE/TRACK method
within an XmlHttpRequest. This is not possible with modern browsers, so the vulnerability can only be used when targeting users with unpatched
and old browsers.
Remedy
Disable this method in all production systems. Even though the application is not vulnerable to cross-site scripting, a debugging feature such as
TRACE/TRACK should not be required in a production system and therefore should be disabled.
External References
Cross Site Tracing
US-CERT VU#867593
Classification
OWASP 2010-A6 OWASP 2013-A5 CWE-16 CAPEC-107 WASC-14
5.1. /
http://www.jhu.edu/
Certainty
Request
TRACE / HTTP/1.1
X-NS: NST717Check
Host: www.jhu.edu
Response
HTTP/1.1 200 OK
Date: Wed, 14 Jan 2015 02:15:48 GMT
Content-Encoding:
Content-Length: 449
Content-Type: message/http
TRACE / HTTP/1.1
Host: www.jhu.edu
X-NS: NST717Check
SM_TRANSACTIONID: 00000000000000000000000010c0b50a-3ef7-54b5d152-b7f2b700-7de439a38077
SM_CLIENT_IP: 202.62.17.105
SM_SDOMAIN: .jhu.edu
SM_AUTHTYPE: Not Protected
SM_USER:
SM_USERDN:
X-Forwarded-For: 202.62.17.105
X-Forwarded-Host: www.jhu.edu
X-Forwarded-Server: www.jhu.edu
8 / 23
6. OPTIONS Method Enabled
1 TOTAL
LOW
Netsparker detected that OPTIONS method is allowed. This issue is reported as extra information.
CONFIRMED
Impact
Information disclosed from this page can be used to gain additional information about the target system.
Remedy
Disable OPTIONS method in all production systems.
External References
Testing for HTTP Methods and XST (OWASP-CM-008)
HTTP/1.1: Method Definitions
Classification
OWASP 2010-A6 OWASP 2013-A5 CWE-16 CAPEC-107 WASC-14
6.1. /
CONFIRMED
http://www.jhu.edu/
Parameters
Parameter
Type
URI-BASED
Full URL
Value
Raw Post Body
Allowed methods
GET,HEAD,POST,OPTIONS,TRACE
Request
OPTIONS / HTTP/1.1
Host: www.jhu.edu
Response
HTTP/1.1 200 OK
Date: Wed, 14 Jan 2015 02:16:08 GMT
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Encoding:
Content-Length: 20
9 / 23
7. [Possible] Cross-site Request Forgery Detected

Netsparker identified a possible Cross-Site Request Forgery.
CSRF is a very common vulnerability. It's an attack which forces a user to execute unwanted actions on a web application
in which the user is currently authenticated.
1 TOTAL
LOW
Impact
Depending on the application, an attacker can mount any of the actions that can be done by the user such as adding a user, modifying content,
deleting data. All the functionality thats available to the victim can be used by the attacker. Only exception to this rule is a page that requires
extra information that only the legitimate user can know (such as users password).
Remedy
Send additional information in each HTTP request that can be used to determine whether the request came from an authorized source.
This "validation token" should be hard to guess for attacker who does not already have access to the user's account. If a request is missing
a validation token or the token does not match the expected value, the server should reject the request.
If you are posting form in ajax request, custom HTTP headers can be used to prevent CSRF because the browser prevents sites from
sending custom HTTP headers to another site but allows sites to send custom HTTP headers to themselves using XMLHttpRequest.
For native XMLHttpRequest (XHR) object in JavaScript;
xhr = new XMLHttpRequest();
xhr.setRequestHeader('custom-header', 'value');
For JQuery, if you want to add a custom header (or set of headers) to
a. individual request
$.ajax({
url: 'foo/bar',
headers: { 'x-my-custom-header': 'some value' }
});
b. every request
$.ajaxSetup({
headers: { 'x-my-custom-header': 'some value' }
});
OR
$.ajaxSetup({
beforeSend: function(xhr) {
xhr.setRequestHeader('x-my-custom-header', 'some value');
}
});
External References
OWASP Cross-Site Request Forgery (CSRF)
Remedy References
OWASP Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
Classification
OWASP 2010-A5 OWASP 2013-A8 PCI V1.2-6.5.5 PCI V2.0-6.5.9 PCI V3.0-6.5.9 CWE-352 CAPEC-62 WASC-09
7.1. /hr/fasap/questions.html
http://www.jhu.edu/hr/fasap/questions.html
Certainty
10 / 23
Request
GET /hr/fasap/questions.html HTTP/1.1
Referer: http://www.jhu.edu/sitemap.xml
Host: www.jhu.edu
Response
HTTP/1.1 200 OK
Date: Wed, 14 Jan 2015 02:30:33 GMT
ETag: "7e037c-fc3-49064d3d62a00"
Content-Encoding:
Last-Modified: Thu, 16 Sep 2010 18:43:52 GMT
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="GENERATOR" content="Mozilla/4.73 [en] (Win95; U) [Netscape]">
<title>Questions for a FASAP Clinician form</title>
</head>
<body text="#000000" bgcolor="#FFFFFF" link="#333399" vlink="#006666" alink="#6666CC">

<center><table BORDER=0 >
<tr>
<td ALIGN=CENTER><img SRC="inst_logo.GIF" ALT="Johns Hopkins Institutions Logo" BORDER=0 height=42 width=247 align=CENTER></td>
</tr>
<tr>
<td ALIGN=CENTER VALIGN=BOTTOM HEIGHT="55"><img SRC="fasap.GIF" ></td>
</tr>
</table></center>
<center>
<p><font face="Times New Roman"><font color="#333399"><font size=+1>QUESTIONS
FOR A FASAP CLINICIAN FORM</font></font></font></center>
<hr size = 1>
<p><blink><b><font color="#FF6666"><font size=+2>PLEASE NOTE:</font></font></b></blink>
<p><b><i>This website</i> and <i>the forms submitted</i> via the internet
are <font color="#FF6666">NOT SECURED.</font> Thus, we strongly suggest
that <i><font color="#FF6666">you should not submit any confidential information</font><font size=+1>
</font></i>using these forms or email.</b>
<p><b>Keeping this in mind however, <i>if you would like a personal reply</i>
to your feedback form, <i>you must provide</i> your name and either a phone
number, an email address, or an office address, as <i>these forms do not
identify from whom or where the form is sent</i>.</b>
<p><b>Furthermore, because <i><font color="#FF6666">we cannot guarantee
a timely response</font></i> to your inquiry, all emergencies and time-sensitive
issues should be processed throu
11 / 23
8. [Possible] Internal IP Address Disclosure

Netsparker identified a possible internal IP address disclosure in the page.
1 TOTAL
LOW
It was not determined if the IP address was that of the system itself or that of an internal network.
Impact
There is no direct impact; however, this information can help an attacker identify other vulnerabilities or help during the exploitation of other
identified vulnerabilities.
Remedy
First, ensure this is not a false positive. Due to the nature of the issue, Netsparker could not confirm that this IP address was actually the real
internal IP address of the target web server or internal network. If it is, consider removing it.
Classification
PCI V1.2-6.5.6 CWE-200
8.1. /cgi-bin/cgiwrap/
http://www.jhu.edu/cgi-bin/cgiwrap/
Extracted IP Address(es)
10.181.192.16
Certainty
Request
GET /cgi-bin/cgiwrap/ HTTP/1.1
Host: www.jhu.edu
Response
HTTP/1.1 200 OK
Date: Wed, 14 Jan 2015 02:22:21 GMT
Content-Encoding:
Content-Length: 444
<HTML>
<HEAD>
<TITLE>CGIWrap Error: User not found</TITLE>
<CENTER><H2>CGIWrap Error: User not found</H2></CENTER>
<HR><p></HEAD><BODY>
CGIWrap was unable to find the user '' in the
password file on this server.
<P>
Check the URL and try again.
<P>
<DL>
<DT><B>Server Data:</B>
<P>
<DD><B>Server Administrator/Contact</B>: webhosting@jhu.edu
<DD><B>Server Name</B>: www.jhu.edu
<DD><B>Server Port</B>: 80
<DD><B>Server Protocol</B>: HTTP/1.1
<DD><B>Virtual Host</B>: www.jhu.edu
</DL>
<P>
<DL>
<DT><B>Request Data:</B>
<P>
<DD><B>User Agent/Browser</B>: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
<DD><B>Request Method</B>: GET
<DD><B>Remote Address</B>: 10.181.192.16
<DD><B>Remote Port</B>: 40934
<DD><B>Extra Path Info</B>: /
</DL>
</BODY></HTML>
12 / 23
9. Forbidden Resource
1 TOTAL
INFORMATION
Netsparker identified a forbidden resource.

Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for
informational purposes.
CONFIRMED
Impact
This issue is reported as additional information only. There is no direct impact arising from this issue.
9.1. /admis/pdf/2009/
CONFIRMED
http://www.jhu.edu/admis/pdf/2009/
Request
GET /admis/pdf/2009/ HTTP/1.1
Host: www.jhu.edu
Response
HTTP/1.1 403 Forbidden
Date: Wed, 14 Jan 2015 02:19:23 GMT
Content-Encoding:
Content-Length: 245
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /admis/pdf/2009/
on this server.</p>
<hr>
<address>Apache/2.2.15 (Red Hat) Server at www.jhu.edu Port 80</address>
</body></html>
13 / 23
10. Directory Listing (Apache)

Netsparker identified a directory listing (Apache).
1 TOTAL
INFORMATION
The web server responded with a list of files located in the target directory.
Impact
An attacker can see the files located in the directory and could potentially access files which disclose sensitive information.
Actions to Take
1. Change your httpd.conf file. A secure configuration for the requested directory should be similar to the following:
<Directory /{YOUR DIRECTORY}>
Options FollowSymLinks
</Directory>
Remove the Indexes option from configuration. Do not forget to remove MultiViews, as well.
2. Configure the web server to disallow directory listing requests.
3. Ensure that the latest security patches have been applied to the web server and the current stable version of the software is in use.
External References
WASC - Directory Indexing
Apache Directory Listing Vulnerability
Classification
OWASP 2010-A6 OWASP 2013-A5 PCI V1.2-6.5.6 CWE-548 CAPEC-127 WASC-16
10.1. /~homepage/main/utils/
http://www.jhu.edu/~homepage/main/utils/
Certainty
Request
GET /~homepage/main/utils/ HTTP/1.1
Host: www.jhu.edu
Response
Red Hat)
Content-Encoding:
Content-Type: text/html;charset=UTF-8
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /~homepage/main/utils</title>
</head>
<body>
<h1>Index of /~homepage/main/utils</h1>
<table><tr><th><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a>
</th><th><a href="?C=D;O=A"
14 / 23
11. E-mail Address Disclosure
1 TOTAL
INFORMATION
Netsparker identified an e-mail address disclosure.
Impact
E-mail addresses discovered within the application can be used by both spam email engines and also brute-force tools. Furthermore, valid email
addresses may lead to social engineering attacks.
Remedy
Use generic email addresses such as contact@ or info@ for general communications and remove user/people-specific e-mail addresses from the
website; should this be required, use submission forms for this purpose.
External References
Wikipedia - E-Mail Spam
Classification
PCI V1.2-6.5.6 CWE-200 CAPEC-118 WASC-13
11.1. /'%22-%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Enetsparker(0x000005)%3C/scR
ipt%3E
http://www.jhu.edu/'%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Enetsparker(0x000005)%3C/scRipt%3E
Parameters
Parameter
Type
Value
URI-BASED
Full URL
'"--></style></scRipt>
<scRipt>netsparker(0x000005)</scRipt>
Found E-mails
feedback@jhu.edu
Certainty
Request
GET /'%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Enetsparker(0x000005)%3C/scRipt%3E HTTP/1.1
Host: www.jhu.edu
Response
schools.jhu.edu">try this section</A>.</li>

<li>
The JHU undergraduate admissions site <a href="http://apply.jhu.edu">is here</A>.</li>
<li>
Still stuck? We're happy to help. Please <A href="mailto:feedback@jhu.edu">e-mail us</A> and we'll do our best to get you pointed in the right direction.</li>
</ul>

<P><EM><FONT COLOR="808080">The mission of
15 / 23
12. Sitemap Detected

Netsparker detected a sitemap file on the target website.
1 TOTAL
INFORMATION
Impact
This issue is reported as additional information only. There is no direct impact arising from this issue.
12.1. /sitemap.xml
http://www.jhu.edu/sitemap.xml
Certainty
Request
GET /sitemap.xml HTTP/1.1
Host: www.jhu.edu
Response
es
Content-Encoding:
Content-Type: text/xml
Last-Modified: Wed, 03 Feb 2010 15:57:26 GMT
<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">

<url>
<loc>http://www.jhu.edu</loc>
<priority>0.5</priority>
</url>
<url>
<loc>http://www.jhu.edu/seniorvp/<
16 / 23
13. Robots.txt Detected

Netsparker detected a Robots.txt file with potentially sensitive content.
Impact
Depending on the content of the file, an attacker might discover hidden directories. Ensure you have nothing sensitive
exposed within this folder, such as the path of the administration panel.
1 TOTAL
INFORMATION
CONFIRMED
Remedy
If disallowed paths are sensitive, do not write them in the robots.txt, and ensure they are correctly protected by means of authentication.
13.1. /robots.txt
CONFIRMED
http://www.jhu.edu/robots.txt
Interesting Robots.txt Entries

Disallow:
Disallow:
Disallow:
Disallow:
Disallow:
/hopkinsone/Secure_Private
/wwwdev
/webdav
/~wwwdev
/studacct/images
Request
GET /robots.txt HTTP/1.1
Host: www.jhu.edu
Response
HTTP/1.1 200 OK
Date: Wed, 14 Jan 2015 02:15:58 GMT
ETag: "3f9-b8-4f4f924aa3c8e"
Content-Encoding:
Content-Length: 123
Content-Type: text/plain; charset=UTF-8
Last-Modified: Wed, 19 Mar 2014 17:40:06 GMT
#User-agent: Googlebot
User-agent: *
Disallow: /hopkinsone/Secure_Private
Disallow: /wwwdev
Disallow: /webdav
Disallow: /~wwwdev
Disallow: /studacct/images
Disaloow: /~studacct/images
17 / 23
14. Out-of-date Version (Apache)

Netsparker identified you are using an out-of-date version of Apache.
1 TOTAL
INFORMATION
Impact
Since this is an old version of the software, it may be vulnerable to attacks.
Remedy
Please upgrade your installation of Apache to the latest stable version.
Remedy References
Downloading the Apache HTTP Server
Known Vulnerabilities in this Version

Apache mod_cache and mod_dav Request Handling Denial of Service Vulnerability
The mod_cache and mod_dav modules in the Apache HTTP Server allow remote attackers to cause a denial of service (process crash) via a
request that lacks a path.
External References
CVE-2010-1452
Apache APR-util apr_brigade_split_line() Denial of Service Vulnerability

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util), as used
in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory
consumption) via unspecified vectors related to the destruction of an APR bucket.
External References
CVE-2010-1623
Apache APR apr_fnmatch() Denial of Service Vulnerability

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and
the Apache HTTP Server before 2.2.18, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *?
sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
External References
CVE-2011-0419
Exploit
http://www.securityfocus.com/data/vulnerabilities/exploits/47820.txt
Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability

The byterange filter in the Apache HTTP Server allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range
header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
External References
CVE-2011-3192
Exploit
http://www.securityfocus.com//data/vulnerabilities/exploits/49303.c
http://www.securityfocus.com/data/vulnerabilities/exploits/49303-2.c
18 / 23
Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability

The mod_proxy module in the Apache HTTP Server does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern
matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing
an initial @ (at sign) character.
External References
CVE-2011-3368
Exploit
http://www.securityfocus.com//data/vulnerabilities/exploits/49957.py
Apache HTTP Server Scoreboard Local Security Bypass Vulnerability

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown)
or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call
to the free function.
External References
CVE-2012-0031
Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision
1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a
reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a
: (colon) character in invalid positions.
External References
CVE-2011-4317
Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability

The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows
remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
External References
CVE-2011-3348
mod_proxy_ajp DoS Vulnerability

The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long
request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
External References
CVE-2012-4557
Apache Multiple XSS Vulnerability

Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the
mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary
web script or HTML via a crafted string.
External References
CVE-2012-4558
19 / 23
Apache Code Execution Vulnerability

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable
characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a
terminal emulator.
External References
CVE-2013-1862
Apache Denial of Service Vulnerabillity

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote
attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn
module, but a certain href attribute in XML data refers to a non-DAV URI.
External References
CVE-2013-1896
Classification
OWASP 2010-A6 OWASP 2013-A9 PCI V1.2-6.1 PCI V2.0-6.1 PCI V3.0-6.1 CAPEC-310
14.1. /
http://www.jhu.edu/
Identified Version
2.2.15
Latest Version
2.4.7
Vulnerability Database
Result is based on 1/21/2014 vulnerability database content.
Certainty
Request
GET / HTTP/1.1
Host: www.jhu.edu
Response
HTTP/1.1 200 OK
Date: Wed, 14 Jan 2015 02:15:33 GMT
Keep-Alive: timeout=15, max=100
Content-Encoding:
 jhuniverse.hcf.jhu.edu /data/people/.hr1/public_html/fasap/descriptions alcohol.html
Documents\Public_html\fasap\descriptions\emotional.html --> jhuniverse.hcf.jhu.edu /data/people/.hr1/public_html/fasap/descriptions emotional.html
Documents\Public_html\fasap\descriptions\physical.html --> jhuniverse.hcf.jhu.edu /data/people/.hr1/public_html/fasap/descriptions physical.html
Documents\Public_html\fasap\descriptions\self.html --> jhuniverse.hcf.jhu.edu /data/people/.hr1/public_html/fasap/descriptions self.html
Documents\Public_html\fasap\descriptions\violence.html --> jhuniverse.hcf.jhu.edu /data/people/.hr1/public_html/fasap/descriptions violence.html
Documents\Public_html\fasap\descriptions\WS_FTP.LOG --> jhuniverse.hcf.jhu.edu /data/people/.hr1/public_html/fasap/descriptions WS_FTP.LOG
Documents\Public_html\fasap\descriptions\WS_FTP.LOG --> jhuniverse.hcf.jhu.edu /data/people/.hr1/public_html/fasap/descriptions WS_FTP.LOG
23 / 23

Detailed Scan Report

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Detailed Scan Report

Încărcat de

Drepturi de autor:

Formate disponibile

NETSPARKER SCAN REPORT SUMMARY

TARGET URL http://www.jhu.edu/

1. [Possible] Source Code Disclosure (ColdFusion)

Required Skills for Successful Exploitation

2. Internal Server Error

3. Version Disclosure (Apache)

4. Programming Error Message

Identified Error Message

5. TRACE/TRACK Method Detected

6. OPTIONS Method Enabled

Raw Post Body

7. [Possible] Cross-site Request Forgery Detected

8. [Possible] Internal IP Address Disclosure

Netsparker identified a forbidden resource.

10. Directory Listing (Apache)

11. E-mail Address Disclosure

Netsparker identified an e-mail address disclosure.

schools.jhu.edu">try this section</A>.</li>

12. Sitemap Detected

13. Robots.txt Detected

Interesting Robots.txt Entries

14. Out-of-date Version (Apache)

Known Vulnerabilities in this Version

Apache APR-util apr_brigade_split_line() Denial of Service Vulnerability

Apache APR apr_fnmatch() Denial of Service Vulnerability

Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability

Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability

Apache HTTP Server Scoreboard Local Security Bypass Vulnerability

Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability

Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability

mod_proxy_ajp DoS Vulnerability

Apache Multiple XSS Vulnerability

Apache Code Execution Vulnerability

Apache Denial of Service Vulnerabillity

15. [Possible] Internal Path Disclosure (*nix)

Identified Internal Path(s)

e[s][1][t];return a(r?r:t)},h,h.exports,t,e,r,i)}return r[s].exports}for(var n="function"==typeof require&&require,s=0;s<i.length;s++)a(i[s]);return a}({1:[function(t){var

16. [Possible] Internal Path Disclosure (Windows)

Identified Internal Path(s)

Documents\public_html\fasap\descriptions\alcohol.html <-- HR website /data/people/.hr1/public_html/fasap/descriptions alcohol.html

S-ar putea să vă placă și