Documente Academic
Documente Profesional
Documente Cultură
2015
23-July-2015
25-July-2015
10.33.105.0/24
116
AIG_10.33.105.0/24
Nessus 5.2.7
NetworkScan1_Servers_AIG
22-July-2014
11-Aug-2015
Varun Vasist HG
Dhanashekhar Devaraj
This report lists the vulnerabilities detected by Nessus Vulnerability Scanner after scanning the network.
Objective of the report:
This report is intended for Engineers (Infrastructure Security Administrators, Server Administrators,
Network Administrators, Workstation Support Engineers or Helpdesk Support Engineers) for closing the
identified vulnerabilities.
Please evaluate each identified vulnerabilities and
1. Uninstall the related softwares / applications if not required for the delivery function
2. Close them as per the recommendations provided by OEM of the respective software or
Can refer the remedy information for vulnerabilities provided in this report
Note:
Number of systems identified and scanned in this report may not be accurate. The Vulnerability scanner
reports the vulnerabilities on the systems which were active during scanning. It is recommended to
check for these vulnerabilities in all the systems which are actually installed in the subnet.
Host Information
Consolidated Vulnerability Count
Important Note:
Total number of Critical and High Vulnerabilities are represented under High Vulnerability
column.
High Vulnerabilities
Medium Vulnerabilities
10
Host Information
IP:
10.33.105.1
OS:
Results Summary
Critical
High
Medium
Low
Info
Total
Results Details
23/tcp
42263 - Unencrypted Telnet Server
Synopsis
The remote Telnet server transmits traffic in cleartext.
Description
The remote host is running a Telnet server over an unencrypted channel.
Using Telnet over an unencrypted channel is not recommended as logins, passwords, and commands are transferred
in cleartext. This allows a remote, man-in-the-middle attacker to eavesdrop on a Telnet session to obtain credentials
or other sensitive information and to modify traffic exchanged between a client and server.
SSH is preferred over Telnet since it protects credentials from eavesdropping and can tunnel additional data streams
such as an X11 session.
Solution
Disable the Telnet service and use SSH instead.
Risk Factor
Medium
Plugin Information:
Publication date: 2009/10/27, Modification date: 2015/03/19
Ports
tcp/23
Nessus collected the following banner from the remote Telnet server :
------------------------------ snip -----------------------------C
***************************************************************************
THIS IS AN OFFICIAL COMPUTER SYSTEM/PRIVATE NETWORK & IS THE PROPERTY OF
THE MPHASIS Ltd. AND IS FOR AUTHORIZED MPHASIS BUSINESS PURPOSE AND
FOR AUTHORIZED INDIVIDUALS ONLY.UNAUTHORIZED ACCESS OR ATTEMPTS
TO ACCESS IS PROHIBITED AND USER / VIOLATOR WILL
BE PROSECUTED AS PER LAW.
***************************************************************************
Users (authorized or unauthorized) have no explicit or implicit expectation
of privacy. Any or all users of this system may be subject to one or more
of the following a ctions: interception, monitoring, recording, auditing
inspection and disclosing, to security personnel and law enforcement
personnel, as well as authorized officials of other agencies,both domestic
and foreign.By using this system,the authorized user
consents to these actions.
SWTBAN18AIGL30701 line 1
C
***************************************************************************
THIS IS AN OFFICIAL COMPUTER SYSTEM/PRIVATE NETWORK & IS THE PROPERTY OF
THE MPHASIS Ltd. AND IS FOR AUTHORIZED MPHASIS BUSINESS PURPOSE AND
FOR AUTHORIZED INDIVIDUALS ONLY.UNAUTHORIZED ACCESS OR ATTEMPTS
TO ACCESS IS PROHIBITED AND USER / VIOLATOR WILL
BE PROSECUTED AS PER LAW.
********************************************** [...]
Host Information
IP:
10.33.105.36
OS:
Results Summary
Critical
High
Medium
Low
Info
Total
14
16
Results Details
389/tcp
26928 - SSL Weak Cipher Suites Supported
Synopsis
The remote service supports the use of weak SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer weak encryption.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
See Also
http://www.openssl.org/docs/apps/ciphers.html
Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.
Risk Factor
Medium
References
XREF
CWE:326
XREF
CWE:327
XREF
CWE:720
XREF
CWE:753
XREF
CWE:803
XREF
CWE:928
XREF
CWE:934
Plugin Information:
Publication date: 2007/10/08, Modification date: 2014/12/30
Ports
tcp/389
5
Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
Kx=RSA(512)
Au=RSA
Enc=DES-CBC(40)
Mac=SHA1
Kx=RSA(512)
Au=RSA
Enc=RC2-CBC(40)
Mac=MD5
Kx=RSA(512)
Au=RSA
Enc=RC4(40)
Mac=MD5
Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.
See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70
Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.
Risk Factor
Medium
Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01
Ports
tcp/389
- SSLv3 is enabled and the server supports at least one cipher.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as
6
those with key lengths at least 56 bits and less than 112 bits.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
Solution
7
Risk Factor
Medium
Plugin Information:
Publication date: 2009/11/23, Modification date: 2012/04/02
Ports
tcp/389
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
TLSv1
DES-CBC-SHA
Kx=RSA
Au=RSA
Enc=DES-CBC(56)
Mac=SHA1
636/tcp
26928 - SSL Weak Cipher Suites Supported
Synopsis
The remote service supports the use of weak SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer weak encryption.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
See Also
http://www.openssl.org/docs/apps/ciphers.html
Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.
Risk Factor
Medium
References
XREF
CWE:326
XREF
CWE:327
XREF
CWE:720
XREF
CWE:753
XREF
CWE:803
XREF
CWE:928
XREF
CWE:934
Plugin Information:
8
Ports
tcp/636
Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
TLSv1
EXP-DES-CBC-SHA
export
EXP-RC2-CBC-MD5
export
EXP-RC4-MD5
export
Kx=RSA(512)
Au=RSA
Enc=DES-CBC(40)
Mac=SHA1
Kx=RSA(512)
Au=RSA
Enc=RC2-CBC(40)
Mac=MD5
Kx=RSA(512)
Au=RSA
Enc=RC4(40)
Mac=MD5
Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.
See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70
Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.
Risk Factor
Medium
Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01
Ports
tcp/636
- SSLv3 is enabled and the server supports at least one cipher.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as
those with key lengths at least 56 bits and less than 112 bits.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
Plugin Information:
Publication date: 2009/11/23, Modification date: 2012/04/02
Ports
tcp/636
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
TLSv1
DES-CBC-SHA
Kx=RSA
Au=RSA
Enc=DES-CBC(56)
Mac=SHA1
Description
The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after
the initial handshake.
An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext
into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service
assumes that the sessions before and after renegotiation are from the same 'client' and merges them at the
application layer.
See Also
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
http://www.g-sec.lu/practicaltls.pdf
http://tools.ietf.org/html/rfc5746
Solution
Contact the vendor for specific patch information.
Risk Factor
Medium
5.8 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)
References
BID
36935
CVE
CVE-2009-3555
XREF
OSVDB:59968
XREF
OSVDB:59969
XREF
OSVDB:59970
XREF
OSVDB:59971
XREF
OSVDB:59972
XREF
OSVDB:59973
XREF
OSVDB:59974
XREF
OSVDB:60366
XREF
OSVDB:60521
XREF
OSVDB:61234
XREF
OSVDB:61718
XREF
OSVDB:61784
XREF
OSVDB:61785
XREF
OSVDB:61929
XREF
OSVDB:62064
XREF
OSVDB:62135
XREF
OSVDB:62210
XREF
OSVDB:62273
XREF
OSVDB:62536
XREF
OSVDB:62877
XREF
OSVDB:64040
XREF
OSVDB:64499
XREF
OSVDB:64725
XREF
OSVDB:65202
XREF
OSVDB:66315
XREF
OSVDB:67029
XREF
OSVDB:69032
XREF
OSVDB:69561
10
11
OSVDB:70055
XREF
OSVDB:70620
XREF
OSVDB:71951
XREF
OSVDB:71961
XREF
OSVDB:74335
XREF
OSVDB:75622
XREF
OSVDB:77832
XREF
OSVDB:90597
XREF
OSVDB:99240
XREF
OSVDB:100172
XREF
OSVDB:104575
XREF
OSVDB:104796
XREF
CERT:120541
XREF
CWE:310
Plugin Information:
Publication date: 2009/11/24, Modification date: 2014/03/25
Ports
tcp/636
SSLv3 supports insecure renegotiation.
8080/tcp
34460 - Unsupported Web Server Detection
Synopsis
The remote web server is obsolete / unsupported.
Description
According to its version, the remote web server is obsolete and no longer maintained by its vendor or provider.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may
contain security vulnerabilities.
Solution
Remove the service if it is no longer needed. Otherwise, upgrade to a newer version if possible or switch to another
server.
Risk Factor
High
Plugin Information:
Publication date: 2008/10/21, Modification date: 2014/09/09
Ports
tcp/8080
Product
Installed version
Supported versions
11
: Tomcat
: 5.0.28
: 7.0.x / 6.0.x
12
Description
Example JSPs and Servlets are installed in the remote Apache Tomcat servlet/JSP container. These files should be
removed as they may help an attacker uncover information about the remote Tomcat install or host itself. Or they may
themselves contain vulnerabilities such as cross-site scripting issues.
Solution
Review the files and delete those that are not needed.
Risk Factor
Medium
References
XREF
CWE:20
XREF
CWE:74
XREF
CWE:79
XREF
CWE:442
XREF
CWE:629
XREF
CWE:711
XREF
CWE:712
XREF
CWE:722
XREF
CWE:725
XREF
CWE:750
XREF
CWE:751
XREF
CWE:800
XREF
CWE:801
XREF
CWE:809
XREF
CWE:811
XREF
CWE:864
XREF
CWE:900
XREF
CWE:928
XREF
CWE:931
XREF
CWE:990
Plugin Information:
12
Ports
13
tcp/8080
8443/tcp
34460 - Unsupported Web Server Detection
Synopsis
The remote web server is obsolete / unsupported.
Description
According to its version, the remote web server is obsolete and no longer maintained by its vendor or provider.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may
contain security vulnerabilities.
Solution
Remove the service if it is no longer needed. Otherwise, upgrade to a newer version if possible or switch to another
server.
Risk Factor
High
Plugin Information:
Publication date: 2008/10/21, Modification date: 2014/09/09
Ports
tcp/8443
Product
Installed version
Supported versions
Additional information
:
:
:
:
Tomcat
5.0.28
7.0.x / 6.0.x
http://wiki.apache.org/tomcat/TomcatVersions
Description
Example JSPs and Servlets are installed in the remote Apache Tomcat servlet/JSP container. These files should be
removed as they may help an attacker uncover information about the remote Tomcat install or host itself. Or they may
themselves contain vulnerabilities such as cross-site scripting issues.
Solution
Review the files and delete those that are not needed.
Risk Factor
Medium
References
XREF
CWE:20
XREF
CWE:74
XREF
CWE:79
XREF
CWE:442
XREF
CWE:629
13
14
CWE:711
XREF
CWE:712
XREF
CWE:722
XREF
CWE:725
XREF
CWE:750
XREF
CWE:751
XREF
CWE:800
XREF
CWE:801
XREF
CWE:809
XREF
CWE:811
XREF
CWE:864
XREF
CWE:900
XREF
CWE:928
XREF
CWE:931
XREF
CWE:990
Plugin Information:
Publication date: 2004/03/02, Modification date: 2015/02/13
Ports
tcp/8443
The following default files were found :
/tomcat-docs/index.html
Description
This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and reports
whether any have already expired.
Solution
Purchase or generate a new SSL certificate to replace the existing one.
Risk Factor
Medium
Plugin Information:
Publication date: 2004/12/03, Modification date: 2015/06/17
Ports
tcp/8443
14
15
Subject
:
Issuer
:
Not valid before :
Not valid after :
Description
The remote host supports the use of SSL ciphers that offer weak encryption.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
See Also
http://www.openssl.org/docs/apps/ciphers.html
Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.
Risk Factor
Medium
References
XREF
CWE:326
XREF
CWE:327
XREF
CWE:720
XREF
CWE:753
XREF
CWE:803
XREF
CWE:928
XREF
CWE:934
Plugin Information:
Publication date: 2007/10/08, Modification date: 2014/12/30
Ports
tcp/8443
Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
TLSv1
EXP-EDH-RSA-DES-CBC-SHA
export
EXP-DES-CBC-SHA
export
EXP-RC4-MD5
export
Kx=DH(512)
Au=RSA
Enc=DES-CBC(40)
Mac=SHA1
Kx=RSA(512)
Au=RSA
Enc=DES-CBC(40)
Mac=SHA1
Kx=RSA(512)
Au=RSA
Enc=RC4(40)
Mac=MD5
15
Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.
See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70
Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.
Risk Factor
Medium
Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01
Ports
tcp/8443
- SSLv3 is enabled and the server supports at least one cipher.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as
those with key lengths at least 56 bits and less than 112 bits.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
Plugin Information:
Publication date: 2009/11/23, Modification date: 2012/04/02
Ports
tcp/8443
Here is the list of medium strength SSL ciphers supported by the remote server :
16
17
TLSv1
EDH-RSA-DES-CBC-SHA
DES-CBC-SHA
Au=RSA
Au=RSA
Enc=DES-CBC(56)
Enc=DES-CBC(56)
Mac=SHA1
Mac=SHA1
Description
The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after
the initial handshake.
An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext
into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service
assumes that the sessions before and after renegotiation are from the same 'client' and merges them at the
application layer.
See Also
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
http://www.g-sec.lu/practicaltls.pdf
http://tools.ietf.org/html/rfc5746
Solution
Contact the vendor for specific patch information.
Risk Factor
Medium
References
BID
36935
CVE
CVE-2009-3555
XREF
OSVDB:59968
XREF
OSVDB:59969
XREF
OSVDB:59970
XREF
OSVDB:59971
XREF
OSVDB:59972
XREF
OSVDB:59973
XREF
OSVDB:59974
XREF
OSVDB:60366
XREF
OSVDB:60521
17
18
OSVDB:61234
XREF
OSVDB:61718
XREF
OSVDB:61784
XREF
OSVDB:61785
XREF
OSVDB:61929
XREF
OSVDB:62064
XREF
OSVDB:62135
XREF
OSVDB:62210
XREF
OSVDB:62273
XREF
OSVDB:62536
XREF
OSVDB:62877
XREF
OSVDB:64040
XREF
OSVDB:64499
XREF
OSVDB:64725
XREF
OSVDB:65202
XREF
OSVDB:66315
XREF
OSVDB:67029
XREF
OSVDB:69032
XREF
OSVDB:69561
XREF
OSVDB:70055
XREF
OSVDB:70620
XREF
OSVDB:71951
XREF
OSVDB:71961
XREF
OSVDB:74335
XREF
OSVDB:75622
XREF
OSVDB:77832
XREF
OSVDB:90597
XREF
OSVDB:99240
XREF
OSVDB:100172
XREF
OSVDB:104575
XREF
OSVDB:104796
18
19
CERT:120541
XREF
CWE:310
Plugin Information:
Publication date: 2009/11/24, Modification date: 2014/03/25
Ports
tcp/8443
TLSv1 supports insecure renegotiation.
SSLv3 supports insecure renegotiation.
19
20
Host Information
DNS Name:
srvban18dvsql01.fs.mphasis.com
Netbios Name:
SRVBAN18DVSQL01
IP:
10.33.105.37
MAC Address:
00:1a:a0:b5:b4:85
OS:
Results Summary
Critical
High
Medium
Low
Info
Total
Results Details
1433/tcp
26928 - SSL Weak Cipher Suites Supported
Synopsis
The remote service supports the use of weak SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer weak encryption.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
See Also
http://www.openssl.org/docs/apps/ciphers.html
Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.
Risk Factor
Medium
References
XREF
CWE:326
XREF
CWE:327
XREF
CWE:720
XREF
CWE:753
XREF
CWE:803
XREF
CWE:928
XREF
CWE:934
20
Plugin Information:
Publication date: 2007/10/08, Modification date: 2014/12/30
21
Ports
tcp/1433
Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
TLSv1
EXP-RC2-CBC-MD5
export
EXP-RC4-MD5
export
Kx=RSA(512)
Au=RSA
Enc=RC2-CBC(40)
Mac=MD5
Kx=RSA(512)
Au=RSA
Enc=RC4(40)
Mac=MD5
Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.
See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70
Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.
Risk Factor
Medium
Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01
Ports
tcp/1433
- SSLv3 is enabled and the server supports at least one cipher.
21
The remote service supports the use of medium strength SSL ciphers.
Description
22
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
Plugin Information:
Publication date: 2009/11/23, Modification date: 2012/04/02
Ports
tcp/1433
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
TLSv1
EXP1024-DES-CBC-SHA
export
EXP1024-RC4-SHA
export
DES-CBC-SHA
Kx=RSA(1024)
Au=RSA
Enc=DES-CBC(56)
Mac=SHA1
Kx=RSA(1024)
Au=RSA
Enc=RC4(56)
Mac=SHA1
Kx=RSA
Au=RSA
Enc=DES-CBC(56)
Mac=SHA1
22
23
Host Information
DNS Name:
srvban18qasql02.fs.mphasis.com
Netbios Name:
SRVBAN18QASQL02
IP:
10.33.105.38
MAC Address:
00:1a:a0:bf:65:c4
OS:
Results Summary
Critical
High
Medium
Low
Info
Total
Results Details
1433/tcp
26928 - SSL Weak Cipher Suites Supported
Synopsis
The remote service supports the use of weak SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer weak encryption.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
See Also
http://www.openssl.org/docs/apps/ciphers.html
Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.
Risk Factor
Medium
References
XREF
CWE:326
XREF
CWE:327
XREF
CWE:720
XREF
CWE:753
XREF
CWE:803
XREF
CWE:928
XREF
CWE:934
23
Plugin Information:
Publication date: 2007/10/08, Modification date: 2014/12/30
24
Ports
tcp/1433
Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
TLSv1
EXP-RC2-CBC-MD5
export
EXP-RC4-MD5
export
Kx=RSA(512)
Au=RSA
Enc=RC2-CBC(40)
Mac=MD5
Kx=RSA(512)
Au=RSA
Enc=RC4(40)
Mac=MD5
Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.
See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70
Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.
Risk Factor
Medium
Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01
Ports
tcp/1433
- SSLv3 is enabled and the server supports at least one cipher.
24
The remote service supports the use of medium strength SSL ciphers.
Description
25
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
Plugin Information:
Publication date: 2009/11/23, Modification date: 2012/04/02
Ports
tcp/1433
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
TLSv1
EXP1024-DES-CBC-SHA
export
EXP1024-RC4-SHA
export
DES-CBC-SHA
Kx=RSA(1024)
Au=RSA
Enc=DES-CBC(56)
Mac=SHA1
Kx=RSA(1024)
Au=RSA
Enc=RC4(56)
Mac=SHA1
Kx=RSA
Au=RSA
Enc=DES-CBC(56)
Mac=SHA1
25
26
Host Information
DNS Name:
srvban18bkp02.fs.mphasis.com
Netbios Name:
SRVBAN18BKP02
IP:
10.33.105.43
MAC Address:
00:17:a4:10:48:a3
OS:
Results Summary
Critical
High
Medium
Low
Info
Total
Results Details
9000/tcp
10297 - Web Server Directory Traversal Arbitrary File Access
Synopsis
The remote web server is affected by a directory traversal vulnerability.
Description
It appears possible to read arbitrary files on the remote host outside the web server's document directory using a
specially crafted URL. An unauthenticated attacker may be able to exploit this issue to access sensitive information to
aide in subsequent attacks.
Note that this plugin is not limited to testing for known vulnerabilities in a specific set of web servers. Instead, it
attempts a variety of generic directory traversal attacks and considers a product to be vulnerable simply if it finds
evidence of the contents of '/etc/passwd' or a Windows 'win.ini' file in the response. It may, in fact, uncover 'new'
issues, that have yet to be reported to the product's vendor.
Solution
Contact the vendor for an update, use a different product, or disable the service altogether.
Risk Factor
Medium
References
BID
7308
BID
7362
BID
7378
BID
7544
BID
7715
BID
26583
26
27
32412
BID
40053
BID
40133
BID
40680
BID
43230
BID
43258
BID
43356
BID
43358
BID
43830
BID
44393
BID
44564
BID
44586
BID
45599
BID
45603
BID
47760
BID
47842
BID
47987
BID
48114
BID
48926
BID
51286
BID
51311
BID
51399
BID
52327
BID
52384
BID
52541
BID
56871
BID
57143
BID
57313
BID
58794
BID
67389
BID
70760
27
28
CVE-2000-0920
CVE
CVE-2007-6483
CVE
CVE-2008-5315
CVE
CVE-2010-1571
CVE
CVE-2010-3459
CVE
CVE-2010-3487
CVE
CVE-2010-3488
CVE
CVE-2010-3743
CVE
CVE-2010-4181
CVE
CVE-2011-1900
CVE
CVE-2011-2524
CVE
CVE-2011-4788
CVE
CVE-2012-0697
CVE
CVE-2012-1464
CVE
CVE-2012-5100
CVE
CVE-2012-5335
CVE
CVE-2012-5344
CVE
CVE-2012-5641
CVE
CVE-2013-2619
CVE
CVE-2013-3304
CVE
CVE-2014-3744
XREF
OSVDB:3681
XREF
OSVDB:42402
XREF
OSVDB:50288
XREF
OSVDB:64532
XREF
OSVDB:64611
XREF
OSVDB:65285
XREF
OSVDB:68026
XREF
OSVDB:68089
XREF
OSVDB:68141
XREF
OSVDB:68538
28
29
OSVDB:68880
XREF
OSVDB:68962
XREF
OSVDB:70176
XREF
OSVDB:72231
XREF
OSVDB:72498
XREF
OSVDB:72972
XREF
OSVDB:73413
XREF
OSVDB:74135
XREF
OSVDB:78307
XREF
OSVDB:78308
XREF
OSVDB:79653
XREF
OSVDB:79867
XREF
OSVDB:80586
XREF
OSVDB:82647
XREF
OSVDB:82678
XREF
OSVDB:88925
XREF
OSVDB:89293
XREF
EDB-ID:24915
XREF
EDB-ID:33428
XREF
EDB-ID:35056
XREF
CWE:22
Plugin Information:
Publication date: 1999/11/05, Modification date: 2015/01/13
Ports
tcp/9000
Nessus was able to retrieve the remote host's 'win.ini' file using the
following URL :
- http://srvban18bkp02.fs.mphasis.com:9000/../../../../../../../../../../../../winnt/win.ini
Here are the contents :
------------------------------ snip -----------------------------; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[MCI Extensions.BAK]
asf=MPEGVideo
asx=MPEGVideo
m3u=MPEGVideo
mp2v=MPEGVideo
29
30
mp3=MPEGVideo
mpv2=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wvx=MPEGVideo
wmx=MPEGVideo2
wpl=MPEGVideo
[WinZip]
Note-1=This section is required only to install the optional WinZip Internet Browser Support
build
0231.
Note-2=Removing this section of the win.ini will have no effect except preventing installation of
WinZip Internet Browser Support build 0231.
win32_version=6.3-8.0
[Solitaire]
Options=3
[Mail]
MAPI=1
CMCDLLNAME32=mapi32.dll
CMCDLLNAME=mapi.dll
CMC=1
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
------------------------------ snip -----------------------------Note that Nessus stopped searching after one exploit was found.
report all known exploits, enable 'Thorough tests' and re-scan.
To
30
31
Host Information
DNS Name:
mpbakoraiusrv8.fs.mphasis.com
Netbios Name:
MPBAKORAIUSRV8
IP:
10.33.105.50
MAC Address:
00:17:a4:10:ff:28
OS:
Results Summary
Critical
High
Medium
Low
Info
Total
Results Details
1433/tcp
26928 - SSL Weak Cipher Suites Supported
Synopsis
The remote service supports the use of weak SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer weak encryption.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
See Also
http://www.openssl.org/docs/apps/ciphers.html
Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.
Risk Factor
Medium
References
XREF
CWE:326
XREF
CWE:327
XREF
CWE:720
XREF
CWE:753
XREF
CWE:803
XREF
CWE:928
XREF
CWE:934
31
Plugin Information:
Publication date: 2007/10/08, Modification date: 2014/12/30
32
Ports
tcp/1433
Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
TLSv1
EXP-RC2-CBC-MD5
export
EXP-RC4-MD5
export
Kx=RSA(512)
Au=RSA
Enc=RC2-CBC(40)
Mac=MD5
Kx=RSA(512)
Au=RSA
Enc=RC4(40)
Mac=MD5
Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.
See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70
Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.
Risk Factor
Medium
Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01
Ports
tcp/1433
- SSLv3 is enabled and the server supports at least one cipher.
32
The remote service supports the use of medium strength SSL ciphers.
Description
33
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
Plugin Information:
Publication date: 2009/11/23, Modification date: 2012/04/02
Ports
tcp/1433
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
TLSv1
EXP1024-DES-CBC-SHA
export
EXP1024-RC4-SHA
export
DES-CBC-SHA
Kx=RSA(1024)
Au=RSA
Enc=DES-CBC(56)
Mac=SHA1
Kx=RSA(1024)
Au=RSA
Enc=RC4(56)
Mac=SHA1
Kx=RSA
Au=RSA
Enc=DES-CBC(56)
Mac=SHA1
33
34
Host Information
DNS Name:
srvllaiusybase.fs.mphasis.com
Netbios Name:
SRVLLAIUSYBASE
IP:
10.33.105.52
MAC Address:
00:17:a4:10:28:2c
OS:
Results Summary
Critical
High
Medium
Low
Info
Total
Results Details
1498/tcp
26928 - SSL Weak Cipher Suites Supported
Synopsis
The remote service supports the use of weak SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer weak encryption.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
See Also
http://www.openssl.org/docs/apps/ciphers.html
Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.
Risk Factor
Medium
References
XREF
CWE:326
XREF
CWE:327
XREF
CWE:720
XREF
CWE:753
XREF
CWE:803
XREF
CWE:928
XREF
CWE:934
34
Plugin Information:
Publication date: 2007/10/08, Modification date: 2014/12/30
35
Ports
tcp/1498
Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
TLSv1
EXP-RC2-CBC-MD5
export
EXP-RC4-MD5
export
Kx=RSA(512)
Au=RSA
Enc=RC2-CBC(40)
Mac=MD5
Kx=RSA(512)
Au=RSA
Enc=RC4(40)
Mac=MD5
Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.
See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70
Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.
Risk Factor
Medium
Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01
Ports
tcp/1498
- SSLv3 is enabled and the server supports at least one cipher.
35
The remote service supports the use of medium strength SSL ciphers.
Description
36
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
Plugin Information:
Publication date: 2009/11/23, Modification date: 2012/04/02
Ports
tcp/1498
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
TLSv1
EXP1024-DES-CBC-SHA
export
EXP1024-RC4-SHA
export
DES-CBC-SHA
Kx=RSA(1024)
Au=RSA
Enc=DES-CBC(56)
Mac=SHA1
Kx=RSA(1024)
Au=RSA
Enc=RC4(56)
Mac=SHA1
Kx=RSA
Au=RSA
Enc=DES-CBC(56)
Mac=SHA1
36
37
Host Information
IP:
10.33.105.56
OS:
Microsoft Windows Vista, Microsoft Windows Server 2008, Microsoft Windows Server 2008
R2, Microsoft Windows 7
Results Summary
Critical
High
Medium
Low
Info
Total
Results Details
8080/tcp
12085 - Apache Tomcat servlet/JSP container default files
Synopsis
The remote web server contains example files.
Description
Example JSPs and Servlets are installed in the remote Apache Tomcat servlet/JSP container. These files should be
removed as they may help an attacker uncover information about the remote Tomcat install or host itself. Or they may
themselves contain vulnerabilities such as cross-site scripting issues.
Solution
Review the files and delete those that are not needed.
Risk Factor
Medium
References
XREF
CWE:20
XREF
CWE:74
XREF
CWE:79
XREF
CWE:442
XREF
CWE:629
XREF
CWE:711
XREF
CWE:712
XREF
CWE:722
XREF
CWE:725
XREF
CWE:750
XREF
CWE:751
XREF
CWE:800
37
38
CWE:801
XREF
CWE:809
XREF
CWE:811
XREF
CWE:864
XREF
CWE:900
XREF
CWE:928
XREF
CWE:931
XREF
CWE:990
Plugin Information:
Publication date: 2004/03/02, Modification date: 2015/02/13
Ports
tcp/8080
The following default files were found :
/examples/servlets/index.html
/examples/jsp/snp/snoop.jsp
/examples/jsp/index.html
38
39
Host Information
Netbios Name:
WKSBAN18ALF7169
IP:
10.33.105.85
MAC Address:
2c:27:d7:46:b5:d8
OS:
Results Summary
Critical
High
Medium
Low
Info
Total
Results Details
8080/tcp
12085 - Apache Tomcat servlet/JSP container default files
Synopsis
The remote web server contains example files.
Description
Example JSPs and Servlets are installed in the remote Apache Tomcat servlet/JSP container. These files should be
removed as they may help an attacker uncover information about the remote Tomcat install or host itself. Or they may
themselves contain vulnerabilities such as cross-site scripting issues.
Solution
Review the files and delete those that are not needed.
Risk Factor
Medium
References
XREF
CWE:20
XREF
CWE:74
XREF
CWE:79
XREF
CWE:442
XREF
CWE:629
XREF
CWE:711
XREF
CWE:712
XREF
CWE:722
XREF
CWE:725
XREF
CWE:750
39
40
CWE:751
XREF
CWE:800
XREF
CWE:801
XREF
CWE:809
XREF
CWE:811
XREF
CWE:864
XREF
CWE:900
XREF
CWE:928
XREF
CWE:931
XREF
CWE:990
Plugin Information:
Publication date: 2004/03/02, Modification date: 2015/02/13
Ports
tcp/8080
The following default files were found :
/examples/servlets/index.html
/examples/jsp/snp/snoop.jsp
/examples/jsp/index.html
40
41
Host Information
Netbios Name:
WKSBAN18ALF7171
IP:
10.33.105.108
MAC Address:
3c:d9:2b:4c:bf:25
OS:
Results Summary
Critical
High
Medium
Low
Info
Total
Results Details
8080/tcp
12085 - Apache Tomcat servlet/JSP container default files
Synopsis
The remote web server contains example files.
Description
Example JSPs and Servlets are installed in the remote Apache Tomcat servlet/JSP container. These files should be
removed as they may help an attacker uncover information about the remote Tomcat install or host itself. Or they may
themselves contain vulnerabilities such as cross-site scripting issues.
Solution
Review the files and delete those that are not needed.
Risk Factor
Medium
References
XREF
CWE:20
XREF
CWE:74
XREF
CWE:79
XREF
CWE:442
XREF
CWE:629
XREF
CWE:711
XREF
CWE:712
XREF
CWE:722
XREF
CWE:725
XREF
CWE:750
41
42
CWE:751
XREF
CWE:800
XREF
CWE:801
XREF
CWE:809
XREF
CWE:811
XREF
CWE:864
XREF
CWE:900
XREF
CWE:928
XREF
CWE:931
XREF
CWE:990
Plugin Information:
Publication date: 2004/03/02, Modification date: 2015/02/13
Ports
tcp/8080
The following default files were found :
/examples/servlets/index.html
/examples/jsp/snp/snoop.jsp
/examples/jsp/index.html
42
43
Host Information
Netbios Name:
WKSBAN18ALF7240
IP:
10.33.105.125
MAC Address:
2c:27:d7:46:b6:0c
OS:
Results Summary
Critical
High
Medium
Low
Info
Total
Results Details
8880/tcp
64097 - IBM WebSphere Application Server 7.0 < Fix Pack 27 Multiple Vulnerabilities
Synopsis
The remote application server may be affected by multiple vulnerabilities.
Description
IBM WebSphere Application Server 7.0 before Fix Pack 27 appears to be running on the remote host. It is, therefore,
potentially affected by the following vulnerabilities :
- A request validation error exists related to the proxy server component that could allow a remote attacker to cause
the proxy status to be reported as disabled, thus denying applications access to the proxy.
(CVE-2012-3330, PM71319)
- A user-supplied input validation error exists that could allow cross-site request forgery (CSRF) attacks to be carried
out. (CVE-2012-4853, PM62920)
- Unspecified errors exist related to the administration console that could allow cross-site scripting attacks.
(CVE-2013-0458, CVE-2013-0459, CVE-2013-0460, PM71139, PM72536, PM72275)
- An unspecified error exists related to the administration console for 'virtual member manager'
(VMM) that can allow cross-site scripting.
(CVE-2013-0461, PM71389)
See Also
http://www.nessus.org/u?c8df3590
http://www.nessus.org/u?85335f50
http://www.nessus.org/u?6249ee05
http://www.nessus.org/u?5ae80ba2
Solution
If using WebSphere Application Server, apply Fix Pack 27 (7.0.0.27) or later.
Otherwise, if using embedded WebSphere Application Server packaged with Tivoli Directory Server, contact the
vendor for more information as IBM currently has not a published fix pack 27 for that.
Risk Factor
Medium
43
44
References
BID
56458
BID
56459
BID
57508
BID
57509
BID
57510
BID
57512
CVE
CVE-2012-3330
CVE
CVE-2012-4853
CVE
CVE-2013-0458
CVE
CVE-2013-0459
CVE
CVE-2013-0460
CVE
CVE-2013-0461
XREF
OSVDB:87338
XREF
OSVDB:87339
XREF
OSVDB:89514
XREF
OSVDB:89515
XREF
OSVDB:89517
XREF
OSVDB:89518
XREF
CWE:20
XREF
CWE:74
XREF
CWE:79
XREF
CWE:442
XREF
CWE:629
XREF
CWE:711
XREF
CWE:712
XREF
CWE:722
XREF
CWE:725
XREF
CWE:750
XREF
CWE:751
XREF
CWE:800
XREF
CWE:801
44
45
CWE:809
XREF
CWE:811
XREF
CWE:864
XREF
CWE:900
XREF
CWE:928
XREF
CWE:931
XREF
CWE:990
Plugin Information:
Publication date: 2013/01/25, Modification date: 2015/07/13
Ports
tcp/8880
Version source
: <SOAP-ENV:Header xmlns:ns0="admin" ns0:WASRemoteRuntimeVersion="7.0.0.0"
ns0:JMXMessageVersion="1.0.0" ns0:JMXVersion="1.2.0">
Installed version : 7.0.0.0
Fixed version
: 7.0.0.27
Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.
See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70
Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.
Risk Factor
Medium
Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01
Ports
tcp/8880
45
46
Description
The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after
the initial handshake.
An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext
into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service
assumes that the sessions before and after renegotiation are from the same 'client' and merges them at the
application layer.
See Also
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
http://www.g-sec.lu/practicaltls.pdf
http://tools.ietf.org/html/rfc5746
Solution
Contact the vendor for specific patch information.
Risk Factor
Medium
References
BID
36935
CVE
CVE-2009-3555
XREF
OSVDB:59968
XREF
OSVDB:59969
XREF
OSVDB:59970
XREF
OSVDB:59971
XREF
OSVDB:59972
XREF
OSVDB:59973
XREF
OSVDB:59974
XREF
OSVDB:60366
XREF
OSVDB:60521
XREF
OSVDB:61234
XREF
OSVDB:61718
XREF
OSVDB:61784
XREF
OSVDB:61785
XREF
OSVDB:61929
46
47
OSVDB:62064
XREF
OSVDB:62135
XREF
OSVDB:62210
XREF
OSVDB:62273
XREF
OSVDB:62536
XREF
OSVDB:62877
XREF
OSVDB:64040
XREF
OSVDB:64499
XREF
OSVDB:64725
XREF
OSVDB:65202
XREF
OSVDB:66315
XREF
OSVDB:67029
XREF
OSVDB:69032
XREF
OSVDB:69561
XREF
OSVDB:70055
XREF
OSVDB:70620
XREF
OSVDB:71951
XREF
OSVDB:71961
XREF
OSVDB:74335
XREF
OSVDB:75622
XREF
OSVDB:77832
XREF
OSVDB:90597
XREF
OSVDB:99240
XREF
OSVDB:100172
XREF
OSVDB:104575
XREF
OSVDB:104796
XREF
CERT:120541
XREF
CWE:310
Plugin Information:
Publication date: 2009/11/24, Modification date: 2014/03/25
Ports
tcp/8880
47
48
Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.
See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70
Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.
Risk Factor
Medium
Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01
Ports
tcp/9043
- SSLv3 is enabled and the server supports at least one cipher.
9443/tcp
20007 - SSL Version 2 and 3 Protocol Detection
Synopsis
The remote service encrypts traffic using a protocol with known weaknesses.
Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.
See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
48
http://www.nessus.org/u?5d15ba70
Solution
49
Risk Factor
Medium
Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01
Ports
tcp/9443
- SSLv3 is enabled and the server supports at least one cipher.
49
50
Host Information
Netbios Name:
WKSBAN18ALF7178
IP:
10.33.105.136
MAC Address:
d4:85:64:b3:7e:be
OS:
Results Summary
Critical
High
Medium
Low
Info
Total
Results Details
8080/tcp
12085 - Apache Tomcat servlet/JSP container default files
Synopsis
The remote web server contains example files.
Description
Example JSPs and Servlets are installed in the remote Apache Tomcat servlet/JSP container. These files should be
removed as they may help an attacker uncover information about the remote Tomcat install or host itself. Or they may
themselves contain vulnerabilities such as cross-site scripting issues.
Solution
Review the files and delete those that are not needed.
Risk Factor
Medium
References
XREF
CWE:20
XREF
CWE:74
XREF
CWE:79
XREF
CWE:442
XREF
CWE:629
XREF
CWE:711
XREF
CWE:712
XREF
CWE:722
XREF
CWE:725
XREF
CWE:750
50
51
CWE:751
XREF
CWE:800
XREF
CWE:801
XREF
CWE:809
XREF
CWE:811
XREF
CWE:864
XREF
CWE:900
XREF
CWE:928
XREF
CWE:931
XREF
CWE:990
Plugin Information:
Publication date: 2004/03/02, Modification date: 2015/02/13
Ports
tcp/8080
The following default files were found :
/examples/servlets/index.html
/examples/jsp/snp/snoop.jsp
/examples/jsp/index.html
51
52
Host Information
Netbios Name:
WKSBAN18ALF7224
IP:
10.33.105.158
MAC Address:
2c:27:d7:46:b4:32
OS:
Results Summary
Critical
High
Medium
Low
Info
Total
Results Details
1433/tcp
20007 - SSL Version 2 and 3 Protocol Detection
Synopsis
The remote service encrypts traffic using a protocol with known weaknesses.
Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.
See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70
Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.
Risk Factor
Medium
Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01
Ports
tcp/1433
52
53
Host Information
Netbios Name:
WKSBAN18ALF7239
IP:
10.33.105.160
MAC Address:
2c:27:d7:46:b6:55
OS:
Results Summary
Critical
High
Medium
Low
Info
Total
Results Details
80/tcp
11213 - HTTP TRACE / TRACK Methods Allowed
Synopsis
Debugging functions are enabled on the remote web server.
Description
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that
are used to debug web server connections.
See Also
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
http://www.apacheweek.com/issues/03-01-24
http://download.oracle.com/sunalerts/1000718.1.html
Solution
Disable these methods. Refer to the plugin output for more information.
Risk Factor
Medium
References
BID
9506
BID
9561
BID
11604
BID
33374
BID
37995
CVE
CVE-2003-1567
53
54
CVE-2004-2320
CVE
CVE-2010-0386
XREF
OSVDB:877
XREF
OSVDB:3726
XREF
OSVDB:5648
XREF
OSVDB:50485
XREF
CERT:288308
XREF
CERT:867593
XREF
CWE:16
Plugin Information:
Publication date: 2003/01/23, Modification date: 2015/01/13
Ports
tcp/80
Nessus sent the following TRACE request :
------------------------------ snip -----------------------------TRACE /Nessus34398088.html HTTP/1.1
Connection: Close
Host: 10.33.105.160
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8
------------------------------ snip -----------------------------and received the following response from the remote server :
------------------------------ snip -----------------------------HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 23 Jul 2015 21:00:45 GMT
Content-type: message/http
Connection: close
54
55
Host Information
Netbios Name:
WKSBAN18ALF7004
IP:
10.33.105.171
MAC Address:
00:23:24:08:31:aa
OS:
Results Summary
Critical
High
Medium
Low
Info
Total
Results Details
1433/tcp
20007 - SSL Version 2 and 3 Protocol Detection
Synopsis
The remote service encrypts traffic using a protocol with known weaknesses.
Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.
See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70
Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.
Risk Factor
Medium
Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01
Ports
tcp/1433
55
56
Host Information
Netbios Name:
WKSBAN18ALF7170
IP:
10.33.105.177
MAC Address:
2c:27:d7:47:6b:2b
OS:
Results Summary
Critical
High
Medium
Low
Info
Total
Results Details
8080/tcp
34970 - Apache Tomcat Manager Common Administrative Credentials
Synopsis
The management console for the remote web server is protected using a known set of credentials.
Description
Nessus was able to gain access to the Manager web application for the remote Tomcat server using a known set of
credentials. A remote attacker can exploit this issue to install a malicious application on the affected server and run
arbitrary code with Tomcat's privileges (usually SYSTEM on Windows, or the unprivileged 'tomcat' account on Unix).
Worms are known to propagate this way.
See Also
http://markmail.org/thread/wfu4nff5chvkb6xp
http://svn.apache.org/viewvc?view=revision&revision=834047
http://www.intevydis.com/blog/?p=87
http://www.zerodayinitiative.com/advisories/ZDI-10-214/
http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0260.html
Solution
Edit the associated 'tomcat-users.xml' file and change or remove the affected set of credentials.
Risk Factor
Critical
References
BID
36253
BID
36954
BID
37086
56
57
38084
BID
44172
CVE
CVE-2009-3099
CVE
CVE-2009-3548
CVE
CVE-2010-0557
CVE
CVE-2010-4094
XREF
OSVDB:57898
XREF
OSVDB:60176
XREF
OSVDB:60317
XREF
OSVDB:62118
XREF
OSVDB:69008
XREF
EDB-ID:18619
XREF
CWE:255
Exploitable with
Core Impact (true)Metasploit (true)
Plugin Information:
Publication date: 2008/11/26, Modification date: 2015/04/20
Ports
tcp/8080
It was possible to log into the Tomcat Manager web app using the
following info :
URL
: http://10.33.105.177:8080/manager/html
Username : admin
Password :
URL
: http://10.33.105.177:8080/host-manager/html
Username : admin
Password :
URL
: http://10.33.105.177:8080/manager/status
Username : admin
Password :
57
58