Documente Academic
Documente Profesional
Documente Cultură
Total
Requests
121476
Average
Speed
5.07 req/sec.
16
4
0
8
identified
confirmed
SCAN SETTINGS
ENABLED SQL Injection, SQL Injection (Boolean), SQL
ENGINES Injection (Blind), Cross-site Scripting,
Command Injection, Command Injection (Blind),
Local File Inclusion, Remote File Inclusion,
Remote Code Evaluation, HTTP Header Injection,
Open Redirection, Expression Language
Injection, Web App Fingerprint, RoR Code
Execution, WebDAV
Authentication
Scheduled
critical
informational
VULNERABILITIES
MEDIUM
6%
LOW
44
%
INFORMATION
50
%
1 / 23
VULNERABILITY SUMMARY
URL
Vulnerability
Confirmed
Version
Disclosure
(Apache)
No
TRACE/TRAC
K Method
Detected
No
OPTIONS
Method
Enabled
Yes
Out-of-date
Version
(Apache)
No
/'%22-%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Enetsparker(0x000005)%
3C/scRipt%3E
E-mail
Address
Disclosure
No
/~homepage/
Programmin
g Error
Message
No
/~homepage/_assets/js/hub.widget.js
[Possible]
Internal
Path
Disclosure
(*nix)
No
/~homepage/main/utils/
Directory
Listing
(Apache)
No
/admis/pdf/2009/
Forbidden
Resource
Yes
/cgi-bin/cgiwrap/
[Possible]
Internal IP
Address
Disclosure
No
/cgi-bin/form2.pl
Internal
Server Error
Yes
/hr/fasap/descriptions/WS_FTP.LOG
[Possible]
Internal
Path
Disclosure
(Windows)
No
/hr/fasap/questions.html
[Possible]
Cross-site
Request
Forgery
Detected
No
/news/podcasts/
[Possible]
Source Code
Disclosure
(ColdFusion)
No
/robots.txt
Robots.txt
Detected
Yes
/sitemap.xml
Sitemap
Detected
No
Parameter
Method
2 / 23
1 TOTAL
MEDIUM
Impact
Depending on the source code, database connection strings, username, and passwords, the internal workings and the business logic of the
application might be revealed. With such information, an attacker can mount the following types of attacks:
Access the database or other data resources. Depending on the privileges of the account obtained from the source code, it may be possible
to read, update or delete arbitrary data from the database.
Gain access to password protected administrative mechanisms such as dashboards, management consoles and admin panels, hence
gaining full control of the application.
Develop further attacks by investigating the source code for input validation errors and logic vulnerabilities.
Actions to Take
1. Confirm exactly what aspects of the source code are actually disclosed; due to the limitations of these types of vulnerability, it might not
be possible to confirm this in all instances. Confirm this is not an intended functionality.
2. If it is a file required by the application, change its permissions to prevent public users from accessing it. If it is not, then remove it from
the web server.
3. Ensure that the server has all the current security patches applied.
4. Remove all temporary and backup files from the web server.
External References
Secureyes - Source Code Disclosure over Http
Classification
OWASP 2010-A6 OWASP 2013-A5 PCI V1.2-6.5.6 CWE-540 CAPEC-118 WASC-13
1.1. /news/podcasts/
http://www.jhu.edu/news/podcasts/
Certainty
Request
GET /news/podcasts/ HTTP/1.1
Cache-Control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: www.jhu.edu
Accept-Encoding: gzip, deflate
3 / 23
Response
/EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<cfinclude template="#folderreader#">
<cfoutput>
<title>The Johns Hopkins University - Podcasts</title>
</cfoutput>
<!-- include meta tags (content, keywords and description) -->
<meta name="description"
</ul>
</div>
</div>
<!-- do not mess with above at all, except to add side nav -->
<div id="clearIt"></div>
</div>
<!-- *** contentWrapper div ends here*** -->
<cfset bottomnav="/hits_includes/utils/inc_bottom-navigation.cfm">
<!-- REV 1.16 3/26/10 Be sure to keep this in sync with version at /webapps/jhuniverse/hits_includes/utils/inc_bottom-navigation.cfm -->
<!-- this include file populates the entire footer r
4 / 23
1 TOTAL
LOW
CONFIRMED
Impact
The impact may vary depending on the condition. Generally this indicates poor coding practices, not enough error checking, sanitization and
whitelisting. However, there might be a bigger issue, such as SQL injection. If that's the case, Netsparker will check for other possible issues and
report them separately.
Remedy
Analyze this issue and review the application code in order to handle unexpected errors; this should be a generic practice, which does not
disclose further information upon an error. All errors should be handled server-side only.
2.1. /cgi-bin/form2.pl
CONFIRMED
http://www.jhu.edu/cgi-bin/form2.pl
Request
GET /cgi-bin/form2.pl HTTP/1.1
Cache-Control: no-cache
Referer: http://www.jhu.edu/hr/images2/ben_inquire.html
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: www.jhu.edu
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 500 Internal Server Error
Connection: close
Date: Wed, 14 Jan 2015 02:53:57 GMT
Server: Apache/2.2.15 (Red Hat)
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 396
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator,
webhosting@jhu.edu and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
<p>More information about this error may be available
in the server error log.</p>
<hr>
<address>Apache/2.2.15 (Red Hat) Server at www.jhu.edu Port 80</address>
</body></html>
5 / 23
1 TOTAL
LOW
This information might help an attacker gain a greater understanding of the systems in use and potentially develop
further attacks targeted at the specific version of Apache.
Impact
An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.
Remedy
Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
Remedy References
Apache ServerTokens Directive
Classification
CWE-205 CAPEC-170 WASC-45
3.1. /
http://www.jhu.edu/
Extracted Version
2.2.15
Certainty
Request
GET / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: www.jhu.edu
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Connection: Keep-Alive
Date: Wed, 14 Jan 2015 02:15:33 GMT
Server: Apache/2.2.15 (Red Hat)
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Content-Encoding:
Content-Length: 12868
Content-Type: text/html; charset=UTF-8
<!--This is the live home
6 / 23
1 TOTAL
LOW
Impact
The error message may disclose sensitive information and this information can be used by an attacker to mount new attacks or to enlarge the
attack surface. Source code, stack trace, etc. data may be disclosed. Most of these issues will be identified and reported separately by
Netsparker.
Remedy
Do not provide error messages on production environments. Save error messages with a reference number to a backend storage such as a log,
text file or database, then show this number and a static user-friendly error message to the user.
Classification
OWASP 2010-A6 OWASP 2013-A5 PCI V1.2-6.5.6 PCI V2.0-6.5.5 PCI V3.0-6.5.5 CWE-210 CAPEC-118 WASC-13
4.1. /~homepage/
http://www.jhu.edu/~homepage/
Certainty
Request
GET /~homepage/ HTTP/1.1
Cache-Control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: www.jhu.edu
Accept-Encoding: gzip, deflate
Response
tp://www.w3.org/1999/xhtml"> <![endif]-->
<!--[if gte IE 10]><!--> <html xmlns="http://www.w3.org/1999/xhtml"> <!--<![endif]-->
<head>
<script type="text/javascript">
_udn = ".jhu.edu";
</script>
[an error occurred while processing this directive]
<script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script>
<!-- mimic Internet Explorer 7 for president's micro-site -->
<meta http-equiv="X-UA-Compatible" content="IE=Emulate
7 / 23
1 TOTAL
LOW
Impact
It is possible to bypass the HttpOnly cookie limitation and read the cookies in a cross-site scripting attack by using the TRACE/TRACK method
within an XmlHttpRequest. This is not possible with modern browsers, so the vulnerability can only be used when targeting users with unpatched
and old browsers.
Remedy
Disable this method in all production systems. Even though the application is not vulnerable to cross-site scripting, a debugging feature such as
TRACE/TRACK should not be required in a production system and therefore should be disabled.
External References
Cross Site Tracing
US-CERT VU#867593
Classification
OWASP 2010-A6 OWASP 2013-A5 CWE-16 CAPEC-107 WASC-14
5.1. /
http://www.jhu.edu/
Certainty
Request
TRACE / HTTP/1.1
Cache-Control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
X-NS: NST717Check
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: www.jhu.edu
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Date: Wed, 14 Jan 2015 02:15:48 GMT
Server: Apache/2.2.15 (Red Hat)
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 449
Content-Type: message/http
TRACE / HTTP/1.1
Host: www.jhu.edu
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
X-NS: NST717Check
Cache-Control: no-cache
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
SM_TRANSACTIONID: 00000000000000000000000010c0b50a-3ef7-54b5d152-b7f2b700-7de439a38077
SM_CLIENT_IP: 202.62.17.105
SM_SDOMAIN: .jhu.edu
SM_AUTHTYPE: Not Protected
SM_USER:
SM_USERDN:
X-Forwarded-For: 202.62.17.105
X-Forwarded-Host: www.jhu.edu
X-Forwarded-Server: www.jhu.edu
Connection: Keep-Alive
8 / 23
1 TOTAL
LOW
Netsparker detected that OPTIONS method is allowed. This issue is reported as extra information.
CONFIRMED
Impact
Information disclosed from this page can be used to gain additional information about the target system.
Remedy
Disable OPTIONS method in all production systems.
External References
Testing for HTTP Methods and XST (OWASP-CM-008)
HTTP/1.1: Method Definitions
Classification
OWASP 2010-A6 OWASP 2013-A5 CWE-16 CAPEC-107 WASC-14
6.1. /
CONFIRMED
http://www.jhu.edu/
Parameters
Parameter
Type
URI-BASED
Full URL
Value
Allowed methods
GET,HEAD,POST,OPTIONS,TRACE
Request
OPTIONS / HTTP/1.1
Cache-Control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: www.jhu.edu
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Date: Wed, 14 Jan 2015 02:16:08 GMT
Server: Apache/2.2.15 (Red Hat)
Vary: Accept-Encoding,User-Agent
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Encoding:
Content-Length: 20
Content-Type: text/html; charset=UTF-8
9 / 23
1 TOTAL
LOW
Impact
Depending on the application, an attacker can mount any of the actions that can be done by the user such as adding a user, modifying content,
deleting data. All the functionality thats available to the victim can be used by the attacker. Only exception to this rule is a page that requires
extra information that only the legitimate user can know (such as users password).
Remedy
Send additional information in each HTTP request that can be used to determine whether the request came from an authorized source.
This "validation token" should be hard to guess for attacker who does not already have access to the user's account. If a request is missing
a validation token or the token does not match the expected value, the server should reject the request.
If you are posting form in ajax request, custom HTTP headers can be used to prevent CSRF because the browser prevents sites from
sending custom HTTP headers to another site but allows sites to send custom HTTP headers to themselves using XMLHttpRequest.
For native XMLHttpRequest (XHR) object in JavaScript;
xhr = new XMLHttpRequest();
xhr.setRequestHeader('custom-header', 'value');
For JQuery, if you want to add a custom header (or set of headers) to
a. individual request
$.ajax({
url: 'foo/bar',
headers: { 'x-my-custom-header': 'some value' }
});
b. every request
$.ajaxSetup({
headers: { 'x-my-custom-header': 'some value' }
});
OR
$.ajaxSetup({
beforeSend: function(xhr) {
xhr.setRequestHeader('x-my-custom-header', 'some value');
}
});
External References
OWASP Cross-Site Request Forgery (CSRF)
Remedy References
OWASP Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
Classification
OWASP 2010-A5 OWASP 2013-A8 PCI V1.2-6.5.5 PCI V2.0-6.5.9 PCI V3.0-6.5.9 CWE-352 CAPEC-62 WASC-09
7.1. /hr/fasap/questions.html
http://www.jhu.edu/hr/fasap/questions.html
Certainty
10 / 23
Request
GET /hr/fasap/questions.html HTTP/1.1
Cache-Control: no-cache
Referer: http://www.jhu.edu/sitemap.xml
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: www.jhu.edu
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Date: Wed, 14 Jan 2015 02:30:33 GMT
Server: Apache/2.2.15 (Red Hat)
ETag: "7e037c-fc3-49064d3d62a00"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 1833
Content-Type: text/html; charset=UTF-8
Last-Modified: Thu, 16 Sep 2010 18:43:52 GMT
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="GENERATOR" content="Mozilla/4.73 [en] (Win95; U) [Netscape]">
<title>Questions for a FASAP Clinician form</title>
</head>
<body text="#000000" bgcolor="#FFFFFF" link="#333399" vlink="#006666" alink="#6666CC">
<center><table BORDER=0 >
<tr>
<td ALIGN=CENTER><img SRC="inst_logo.GIF" ALT="Johns Hopkins Institutions Logo" BORDER=0 height=42 width=247 align=CENTER></td>
</tr>
<tr>
<td ALIGN=CENTER VALIGN=BOTTOM HEIGHT="55"><img SRC="fasap.GIF" ></td>
</tr>
</table></center>
<center>
<p><font face="Times New Roman"><font color="#333399"><font size=+1>QUESTIONS
FOR A FASAP CLINICIAN FORM</font></font></font></center>
<hr size = 1>
<p><blink><b><font color="#FF6666"><font size=+2>PLEASE NOTE:</font></font></b></blink>
<p><b><i>This website</i> and <i>the forms submitted</i> via the internet
are <font color="#FF6666">NOT SECURED.</font> Thus, we strongly suggest
that <i><font color="#FF6666">you should not submit any confidential information</font><font size=+1>
</font></i>using these forms or email.</b>
<p><b>Keeping this in mind however, <i>if you would like a personal reply</i>
to your feedback form, <i>you must provide</i> your name and either a phone
number, an email address, or an office address, as <i>these forms do not
identify from whom or where the form is sent</i>.</b>
<p><b>Furthermore, because <i><font color="#FF6666">we cannot guarantee
a timely response</font></i> to your inquiry, all emergencies and time-sensitive
issues should be processed throu
11 / 23
1 TOTAL
LOW
It was not determined if the IP address was that of the system itself or that of an internal network.
Impact
There is no direct impact; however, this information can help an attacker identify other vulnerabilities or help during the exploitation of other
identified vulnerabilities.
Remedy
First, ensure this is not a false positive. Due to the nature of the issue, Netsparker could not confirm that this IP address was actually the real
internal IP address of the target web server or internal network. If it is, consider removing it.
Classification
PCI V1.2-6.5.6 CWE-200
8.1. /cgi-bin/cgiwrap/
http://www.jhu.edu/cgi-bin/cgiwrap/
Extracted IP Address(es)
10.181.192.16
Certainty
Request
GET /cgi-bin/cgiwrap/ HTTP/1.1
Cache-Control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: www.jhu.edu
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Date: Wed, 14 Jan 2015 02:22:21 GMT
Server: Apache/2.2.15 (Red Hat)
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 444
Content-Type: text/html; charset=iso-8859-1
<HTML>
<HEAD>
<TITLE>CGIWrap Error: User not found</TITLE>
<CENTER><H2>CGIWrap Error: User not found</H2></CENTER>
<HR><p></HEAD><BODY>
CGIWrap was unable to find the user '' in the
password file on this server.
<P>
Check the URL and try again.
<P>
<DL>
<DT><B>Server Data:</B>
<P>
<DD><B>Server Administrator/Contact</B>: webhosting@jhu.edu
<DD><B>Server Name</B>: www.jhu.edu
<DD><B>Server Port</B>: 80
<DD><B>Server Protocol</B>: HTTP/1.1
<DD><B>Virtual Host</B>: www.jhu.edu
</DL>
<P>
<DL>
<DT><B>Request Data:</B>
<P>
<DD><B>User Agent/Browser</B>: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
<DD><B>Request Method</B>: GET
<DD><B>Remote Address</B>: 10.181.192.16
<DD><B>Remote Port</B>: 40934
<DD><B>Extra Path Info</B>: /
</DL>
</BODY></HTML>
12 / 23
9. Forbidden Resource
1 TOTAL
INFORMATION
CONFIRMED
Impact
This issue is reported as additional information only. There is no direct impact arising from this issue.
9.1. /admis/pdf/2009/
CONFIRMED
http://www.jhu.edu/admis/pdf/2009/
Request
GET /admis/pdf/2009/ HTTP/1.1
Cache-Control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: www.jhu.edu
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 403 Forbidden
Date: Wed, 14 Jan 2015 02:19:23 GMT
Server: Apache/2.2.15 (Red Hat)
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 245
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /admis/pdf/2009/
on this server.</p>
<hr>
<address>Apache/2.2.15 (Red Hat) Server at www.jhu.edu Port 80</address>
</body></html>
13 / 23
1 TOTAL
INFORMATION
The web server responded with a list of files located in the target directory.
Impact
An attacker can see the files located in the directory and could potentially access files which disclose sensitive information.
Actions to Take
1. Change your httpd.conf file. A secure configuration for the requested directory should be similar to the following:
<Directory /{YOUR DIRECTORY}>
Options FollowSymLinks
</Directory>
Remove the Indexes option from configuration. Do not forget to remove MultiViews, as well.
2. Configure the web server to disallow directory listing requests.
3. Ensure that the latest security patches have been applied to the web server and the current stable version of the software is in use.
External References
WASC - Directory Indexing
Apache Directory Listing Vulnerability
Classification
OWASP 2010-A6 OWASP 2013-A5 PCI V1.2-6.5.6 CWE-548 CAPEC-127 WASC-16
10.1. /~homepage/main/utils/
http://www.jhu.edu/~homepage/main/utils/
Certainty
Request
GET /~homepage/main/utils/ HTTP/1.1
Cache-Control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: www.jhu.edu
Accept-Encoding: gzip, deflate
Response
Red Hat)
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 1057
Content-Type: text/html;charset=UTF-8
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /~homepage/main/utils</title>
</head>
<body>
<h1>Index of /~homepage/main/utils</h1>
<table><tr><th><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a>
</th><th><a href="?C=D;O=A"
14 / 23
1 TOTAL
INFORMATION
Impact
E-mail addresses discovered within the application can be used by both spam email engines and also brute-force tools. Furthermore, valid email
addresses may lead to social engineering attacks.
Remedy
Use generic email addresses such as contact@ or info@ for general communications and remove user/people-specific e-mail addresses from the
website; should this be required, use submission forms for this purpose.
External References
Wikipedia - E-Mail Spam
Classification
PCI V1.2-6.5.6 CWE-200 CAPEC-118 WASC-13
11.1. /'%22-%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Enetsparker(0x000005)%3C/scR
ipt%3E
http://www.jhu.edu/'%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Enetsparker(0x000005)%3C/scRipt%3E
Parameters
Parameter
Type
Value
URI-BASED
Full URL
'"--></style></scRipt>
<scRipt>netsparker(0x000005)</scRipt>
Found E-mails
feedback@jhu.edu
Certainty
Request
GET /'%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Enetsparker(0x000005)%3C/scRipt%3E HTTP/1.1
Cache-Control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: www.jhu.edu
Accept-Encoding: gzip, deflate
Response
15 / 23
1 TOTAL
INFORMATION
Impact
This issue is reported as additional information only. There is no direct impact arising from this issue.
12.1. /sitemap.xml
http://www.jhu.edu/sitemap.xml
Certainty
Request
GET /sitemap.xml HTTP/1.1
Cache-Control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: www.jhu.edu
Accept-Encoding: gzip, deflate
Response
es
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 31347
Content-Type: text/xml
Last-Modified: Wed, 03 Feb 2010 15:57:26 GMT
<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<!--XML Sitemap created by RAGE Sitemap Automator 2.2.3 http://www.ragesw.com-->
<url>
<loc>http://www.jhu.edu</loc>
<priority>0.5</priority>
</url>
<url>
<loc>http://www.jhu.edu/seniorvp/<
16 / 23
Impact
Depending on the content of the file, an attacker might discover hidden directories. Ensure you have nothing sensitive
exposed within this folder, such as the path of the administration panel.
1 TOTAL
INFORMATION
CONFIRMED
Remedy
If disallowed paths are sensitive, do not write them in the robots.txt, and ensure they are correctly protected by means of authentication.
13.1. /robots.txt
CONFIRMED
http://www.jhu.edu/robots.txt
/hopkinsone/Secure_Private
/wwwdev
/webdav
/~wwwdev
/studacct/images
Request
GET /robots.txt HTTP/1.1
Cache-Control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: www.jhu.edu
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Date: Wed, 14 Jan 2015 02:15:58 GMT
Server: Apache/2.2.15 (Red Hat)
ETag: "3f9-b8-4f4f924aa3c8e"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 123
Content-Type: text/plain; charset=UTF-8
Last-Modified: Wed, 19 Mar 2014 17:40:06 GMT
#User-agent: Googlebot
User-agent: *
Disallow: /hopkinsone/Secure_Private
Disallow: /wwwdev
Disallow: /webdav
Disallow: /~wwwdev
Disallow: /studacct/images
Disaloow: /~studacct/images
17 / 23
1 TOTAL
INFORMATION
Impact
Since this is an old version of the software, it may be vulnerable to attacks.
Remedy
Please upgrade your installation of Apache to the latest stable version.
Remedy References
Downloading the Apache HTTP Server
External References
CVE-2010-1452
External References
CVE-2010-1623
External References
CVE-2011-0419
Exploit
http://www.securityfocus.com/data/vulnerabilities/exploits/47820.txt
External References
CVE-2011-3192
Exploit
http://www.securityfocus.com//data/vulnerabilities/exploits/49303.c
http://www.securityfocus.com/data/vulnerabilities/exploits/49303-2.c
18 / 23
External References
CVE-2011-3368
Exploit
http://www.securityfocus.com//data/vulnerabilities/exploits/49957.py
External References
CVE-2012-0031
External References
CVE-2011-4317
External References
CVE-2011-3348
External References
CVE-2012-4557
External References
CVE-2012-4558
19 / 23
External References
CVE-2013-1862
External References
CVE-2013-1896
Classification
OWASP 2010-A6 OWASP 2013-A9 PCI V1.2-6.1 PCI V2.0-6.1 PCI V3.0-6.1 CAPEC-310
14.1. /
http://www.jhu.edu/
Identified Version
2.2.15
Latest Version
2.4.7
Vulnerability Database
Result is based on 1/21/2014 vulnerability database content.
Certainty
Request
GET / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: www.jhu.edu
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Connection: Keep-Alive
Date: Wed, 14 Jan 2015 02:15:33 GMT
Server: Apache/2.2.15 (Red Hat)
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Content-Encoding:
Content-Length: 12868
Content-Type: text/html; charset=UTF-8
<!--This is the live home
20 / 23
1 TOTAL
INFORMATION
Impact
There is no direct impact; however, this information can help an attacker identify other vulnerabilities or help during the exploitation of other
identified vulnerabilities.
Remedy
First, ensure this is not a false positive. Due to the nature of the issue, Netsparker could not confirm that this file path was actually the real file
path of the target web server.
Error messages should be disabled.
Remove this kind of sensitive data from the output.
External References
OWASP - Full Path Disclosure
Classification
PCI V1.2-6.5.6 CWE-200 CAPEC-118 WASC-13
15.1. /~homepage/_assets/js/hub.widget.js
http://www.jhu.edu/~homepage/_assets/js/hub.widget.js
Certainty
Request
GET /~homepage/_assets/js/hub.widget.js HTTP/1.1
Cache-Control: no-cache
Referer: http://www.jhu.edu/~homepage/_assets/js/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Host: www.jhu.edu
Response
21 / 23
Impact
1 TOTAL
INFORMATION
There is no direct impact, however this information can help an attacker identify other vulnerabilities or help during the
exploitation of other identified vulnerabilities.
Remedy
Ensure this is not a false positive. Due to the nature of the issue, Netsparker could not confirm that this file path was actually the real file path of
the target web server.
Error messages should be disabled.
Remove this kind of sensitive data from the output.
External References
OWASP - Full Path Disclosure
Classification
PCI V1.2-6.5.6 CWE-200 CAPEC-118 WASC-13
16.1. /hr/fasap/descriptions/WS_FTP.LOG
http://www.jhu.edu/hr/fasap/descriptions/WS_FTP.LOG
Certainty
Request
GET /hr/fasap/descriptions/WS_FTP.LOG HTTP/1.1
Cache-Control: no-cache
Referer: http://www.jhu.edu/hr/fasap/descriptions/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: www.jhu.edu
Accept-Encoding: gzip, deflate
22 / 23
Response
pt-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 330
Content-Type: text/plain; charset=UTF-8
Last-Modified: Thu, 05 Feb 2009 14:03:37 GMT
100.09.28
100.09.28
100.09.28
100.09.28
100.09.28
101.04.23
101.04.23
101.04.23
101.04.23
101.04.23
101.04.23
101.04.23
101.04.23
101.04.23
101.04.23
101.04.23
101.04.23
101.04.23
101.04.23
101.04.23
101.04.23
101.04.23
101.04.23
101.04.23
101.04.23
101.04.23
101.04.23
11:28
11:28
11:28
11:28
11:28
09:32
09:32
09:32
09:32
09:32
10:08
10:08
10:08
10:08
10:08
10:08
10:08
10:08
10:08
10:08
10:08
10:08
10:08
10:08
10:08
10:08
10:08
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
C:\My
C:\My
C:\My
C:\My
C:\My
c:\My
c:\My
c:\My
c:\My
c:\My
c:\My
c:\My
c:\My
c:\My
c:\My
c:\My
c:\My
c:\My
c:\My
c:\My
c:\My
c:\My
c:\My
c:\My
c:\My
c:\My
c:\My
23 / 23