Mphasis Internal Document

Vulnerability Assessment Report

2015

Document Control Section:

Scan start Date
Scan end Date
Scanned Subnet/Host
Number of Hosts Scanned
Scanned Project / Process
Scanner Version
Scan Policy Name
Scan Policy Approval Date
Report Generated on
Report Prepared by
Report Verified by

23-July-2015
25-July-2015
10.33.105.0/24
116
AIG_10.33.105.0/24
Nessus 5.2.7
NetworkScan1_Servers_AIG
22-July-2014
11-Aug-2015
Varun Vasist HG
Dhanashekhar Devaraj

This report lists the vulnerabilities detected by Nessus Vulnerability Scanner after scanning the network.
Objective of the report:
This report is intended for Engineers (Infrastructure Security Administrators, Server Administrators,
Network Administrators, Workstation Support Engineers or Helpdesk Support Engineers) for closing the
identified vulnerabilities.
Please evaluate each identified vulnerabilities and
1. Uninstall the related softwares / applications if not required for the delivery function
2. Close them as per the recommendations provided by OEM of the respective software or
Can refer the remedy information for vulnerabilities provided in this report

Note:
Number of systems identified and scanned in this report may not be accurate. The Vulnerability scanner
reports the vulnerabilities on the systems which were active during scanning. It is recommended to
check for these vulnerabilities in all the systems which are actually installed in the subnet.

Mphasis Internal Document

Host Information
Consolidated Vulnerability Count
Important Note:
Total number of Critical and High Vulnerabilities are represented under High Vulnerability
column.

High Vulnerabilities

Medium Vulnerabilities

10

Mphasis Internal Document

10.33.105.1

Host Information
IP:

10.33.105.1

OS:

CISCO IOS 12.1, CISCO IOS 12.4

Results Summary
Critical

High

Medium

Low

Info

Total

Results Details
23/tcp
42263 - Unencrypted Telnet Server
Synopsis
The remote Telnet server transmits traffic in cleartext.

Description
The remote host is running a Telnet server over an unencrypted channel.
Using Telnet over an unencrypted channel is not recommended as logins, passwords, and commands are transferred
in cleartext. This allows a remote, man-in-the-middle attacker to eavesdrop on a Telnet session to obtain credentials
or other sensitive information and to modify traffic exchanged between a client and server.
SSH is preferred over Telnet since it protects credentials from eavesdropping and can tunnel additional data streams
such as an X11 session.

Solution
Disable the Telnet service and use SSH instead.

Risk Factor
Medium

CVSS Base Score

5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

Plugin Information:
Publication date: 2009/10/27, Modification date: 2015/03/19

Ports
tcp/23
Nessus collected the following banner from the remote Telnet server :
------------------------------ snip -----------------------------C
***************************************************************************
THIS IS AN OFFICIAL COMPUTER SYSTEM/PRIVATE NETWORK & IS THE PROPERTY OF
THE MPHASIS Ltd. AND IS FOR AUTHORIZED MPHASIS BUSINESS PURPOSE AND
FOR AUTHORIZED INDIVIDUALS ONLY.UNAUTHORIZED ACCESS OR ATTEMPTS
TO ACCESS IS PROHIBITED AND USER / VIOLATOR WILL
BE PROSECUTED AS PER LAW.
***************************************************************************
Users (authorized or unauthorized) have no explicit or implicit expectation
of privacy. Any or all users of this system may be subject to one or more
of the following a ctions: interception, monitoring, recording, auditing
inspection and disclosing, to security personnel and law enforcement
personnel, as well as authorized officials of other agencies,both domestic
and foreign.By using this system,the authorized user
consents to these actions.

Mphasis Internal Document

Unauthorized or improper use of this system may result in administrative
disciplinary action. By accessing this system you indicate your awareness
of and consent to these terms and conditions of use. Discontinue access
immediately if you do not agree to the conditions
stated in this notice.
***************************************************************************

SWTBAN18AIGL30701 line 1
C
***************************************************************************
THIS IS AN OFFICIAL COMPUTER SYSTEM/PRIVATE NETWORK & IS THE PROPERTY OF
THE MPHASIS Ltd. AND IS FOR AUTHORIZED MPHASIS BUSINESS PURPOSE AND
FOR AUTHORIZED INDIVIDUALS ONLY.UNAUTHORIZED ACCESS OR ATTEMPTS
TO ACCESS IS PROHIBITED AND USER / VIOLATOR WILL
BE PROSECUTED AS PER LAW.
********************************************** [...]

Mphasis Internal Document

10.33.105.36

Host Information
IP:

10.33.105.36

OS:

Dell iDRAC Controller, KYOCERA Printer, Linux Kernel 2.6

Results Summary
Critical

High

Medium

Low

Info

Total

14

16

Results Details
389/tcp
26928 - SSL Weak Cipher Suites Supported
Synopsis
The remote service supports the use of weak SSL ciphers.

Description
The remote host supports the use of SSL ciphers that offer weak encryption.
Note: This is considerably easier to exploit if the attacker is on the same physical network.

See Also
http://www.openssl.org/docs/apps/ciphers.html

Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.

Risk Factor
Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

References
XREF

CWE:326

XREF

CWE:327

XREF

CWE:720

XREF

CWE:753

XREF

CWE:803

XREF

CWE:928

XREF

CWE:934

Plugin Information:
Publication date: 2007/10/08, Modification date: 2014/12/30

Ports
tcp/389

5
Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)

Mphasis Internal Document

TLSv1
EXP-DES-CBC-SHA
export
EXP-RC2-CBC-MD5
export
EXP-RC4-MD5
export

Kx=RSA(512)

Au=RSA

Enc=DES-CBC(40)

Mac=SHA1

Kx=RSA(512)

Au=RSA

Enc=RC2-CBC(40)

Mac=MD5

Kx=RSA(512)

Au=RSA

Enc=RC4(40)

Mac=MD5

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

20007 - SSL Version 2 and 3 Protocol Detection

Synopsis
The remote service encrypts traffic using a protocol with known weaknesses.

Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.

See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70

Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.

Risk Factor
Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01

Ports
tcp/389
- SSLv3 is enabled and the server supports at least one cipher.

42873 - SSL Medium Strength Cipher Suites Supported

Synopsis
The remote service supports the use of medium strength SSL ciphers.

Description
The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as
6
those with key lengths at least 56 bits and less than 112 bits.
Note: This is considerably easier to exploit if the attacker is on the same physical network.

Solution
7

Mphasis Internal Document

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Risk Factor
Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2009/11/23, Modification date: 2012/04/02

Ports
tcp/389
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
TLSv1
DES-CBC-SHA

Kx=RSA

Au=RSA

Enc=DES-CBC(56)

Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

636/tcp
26928 - SSL Weak Cipher Suites Supported
Synopsis
The remote service supports the use of weak SSL ciphers.

Description
The remote host supports the use of SSL ciphers that offer weak encryption.
Note: This is considerably easier to exploit if the attacker is on the same physical network.

See Also
http://www.openssl.org/docs/apps/ciphers.html

Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.

Risk Factor
Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

References
XREF

CWE:326

XREF

CWE:327

XREF

CWE:720

XREF

CWE:753

XREF

CWE:803

XREF

CWE:928

XREF

CWE:934

Plugin Information:
8

Mphasis Internal Document

Publication date: 2007/10/08, Modification date: 2014/12/30

Ports
tcp/636
Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
TLSv1
EXP-DES-CBC-SHA
export
EXP-RC2-CBC-MD5
export
EXP-RC4-MD5
export

Kx=RSA(512)

Au=RSA

Enc=DES-CBC(40)

Mac=SHA1

Kx=RSA(512)

Au=RSA

Enc=RC2-CBC(40)

Mac=MD5

Kx=RSA(512)

Au=RSA

Enc=RC4(40)

Mac=MD5

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

20007 - SSL Version 2 and 3 Protocol Detection

Synopsis
The remote service encrypts traffic using a protocol with known weaknesses.

Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.

See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70

Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.

Risk Factor
Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01

Ports
tcp/636
- SSLv3 is enabled and the server supports at least one cipher.

42873 - SSL Medium Strength Cipher Suites Supported

Synopsis
9

Mphasis Internal Document

The remote service supports the use of medium strength SSL ciphers.

Description
The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as
those with key lengths at least 56 bits and less than 112 bits.
Note: This is considerably easier to exploit if the attacker is on the same physical network.

Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Risk Factor
Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2009/11/23, Modification date: 2012/04/02

Ports
tcp/636
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
TLSv1
DES-CBC-SHA

Kx=RSA

Au=RSA

Enc=DES-CBC(56)

Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

42880 - SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection

Synopsis
The remote service allows insecure renegotiation of TLS / SSL connections.

Description
The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after
the initial handshake.
An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext
into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service
assumes that the sessions before and after renegotiation are from the same 'client' and merges them at the
application layer.

See Also
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
http://www.g-sec.lu/practicaltls.pdf
http://tools.ietf.org/html/rfc5746

Solution
Contact the vendor for specific patch information.

Risk Factor
Medium

CVSS Base Score

5.8 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)

CVSS Temporal Score

10

Mphasis Internal Document

5.0 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)

References
BID

36935

CVE

CVE-2009-3555

XREF

OSVDB:59968

XREF

OSVDB:59969

XREF

OSVDB:59970

XREF

OSVDB:59971

XREF

OSVDB:59972

XREF

OSVDB:59973

XREF

OSVDB:59974

XREF

OSVDB:60366

XREF

OSVDB:60521

XREF

OSVDB:61234

XREF

OSVDB:61718

XREF

OSVDB:61784

XREF

OSVDB:61785

XREF

OSVDB:61929

XREF

OSVDB:62064

XREF

OSVDB:62135

XREF

OSVDB:62210

XREF

OSVDB:62273

XREF

OSVDB:62536

XREF

OSVDB:62877

XREF

OSVDB:64040

XREF

OSVDB:64499

XREF

OSVDB:64725

XREF

OSVDB:65202

XREF

OSVDB:66315

XREF

OSVDB:67029

XREF

OSVDB:69032

XREF

OSVDB:69561

10

11

Mphasis Internal Document

XREF

OSVDB:70055

XREF

OSVDB:70620

XREF

OSVDB:71951

XREF

OSVDB:71961

XREF

OSVDB:74335

XREF

OSVDB:75622

XREF

OSVDB:77832

XREF

OSVDB:90597

XREF

OSVDB:99240

XREF

OSVDB:100172

XREF

OSVDB:104575

XREF

OSVDB:104796

XREF

CERT:120541

XREF

CWE:310

Plugin Information:
Publication date: 2009/11/24, Modification date: 2014/03/25

Ports
tcp/636
SSLv3 supports insecure renegotiation.

8080/tcp
34460 - Unsupported Web Server Detection
Synopsis
The remote web server is obsolete / unsupported.

Description
According to its version, the remote web server is obsolete and no longer maintained by its vendor or provider.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may
contain security vulnerabilities.

Solution
Remove the service if it is no longer needed. Otherwise, upgrade to a newer version if possible or switch to another
server.

Risk Factor
High

CVSS Base Score

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Plugin Information:
Publication date: 2008/10/21, Modification date: 2014/09/09

Ports
tcp/8080
Product
Installed version
Supported versions

11
: Tomcat
: 5.0.28
: 7.0.x / 6.0.x

12

Mphasis Internal Document

Additional information : http://wiki.apache.org/tomcat/TomcatVersions

12085 - Apache Tomcat servlet/JSP container default files

Synopsis
The remote web server contains example files.

Description
Example JSPs and Servlets are installed in the remote Apache Tomcat servlet/JSP container. These files should be
removed as they may help an attacker uncover information about the remote Tomcat install or host itself. Or they may
themselves contain vulnerabilities such as cross-site scripting issues.

Solution
Review the files and delete those that are not needed.

Risk Factor
Medium

CVSS Base Score

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

References
XREF

CWE:20

XREF

CWE:74

XREF

CWE:79

XREF

CWE:442

XREF

CWE:629

XREF

CWE:711

XREF

CWE:712

XREF

CWE:722

XREF

CWE:725

XREF

CWE:750

XREF

CWE:751

XREF

CWE:800

XREF

CWE:801

XREF

CWE:809

XREF

CWE:811

XREF

CWE:864

XREF

CWE:900

XREF

CWE:928

XREF

CWE:931

XREF

CWE:990

Plugin Information:

12

Publication date: 2004/03/02, Modification date: 2015/02/13

Ports
13

Mphasis Internal Document

tcp/8080

The following default files were found :

/tomcat-docs/index.html

8443/tcp
34460 - Unsupported Web Server Detection
Synopsis
The remote web server is obsolete / unsupported.

Description
According to its version, the remote web server is obsolete and no longer maintained by its vendor or provider.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may
contain security vulnerabilities.

Solution
Remove the service if it is no longer needed. Otherwise, upgrade to a newer version if possible or switch to another
server.

Risk Factor
High

CVSS Base Score

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Plugin Information:
Publication date: 2008/10/21, Modification date: 2014/09/09

Ports
tcp/8443
Product
Installed version
Supported versions
Additional information

:
:
:
:

Tomcat
5.0.28
7.0.x / 6.0.x
http://wiki.apache.org/tomcat/TomcatVersions

12085 - Apache Tomcat servlet/JSP container default files

Synopsis
The remote web server contains example files.

Description
Example JSPs and Servlets are installed in the remote Apache Tomcat servlet/JSP container. These files should be
removed as they may help an attacker uncover information about the remote Tomcat install or host itself. Or they may
themselves contain vulnerabilities such as cross-site scripting issues.

Solution
Review the files and delete those that are not needed.

Risk Factor
Medium

CVSS Base Score

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

References
XREF

CWE:20

XREF

CWE:74

XREF

CWE:79

XREF

CWE:442

XREF

CWE:629

13

14

Mphasis Internal Document

XREF

CWE:711

XREF

CWE:712

XREF

CWE:722

XREF

CWE:725

XREF

CWE:750

XREF

CWE:751

XREF

CWE:800

XREF

CWE:801

XREF

CWE:809

XREF

CWE:811

XREF

CWE:864

XREF

CWE:900

XREF

CWE:928

XREF

CWE:931

XREF

CWE:990

Plugin Information:
Publication date: 2004/03/02, Modification date: 2015/02/13

Ports
tcp/8443
The following default files were found :
/tomcat-docs/index.html

15901 - SSL Certificate Expiry

Synopsis
The remote server's SSL certificate has already expired.

Description
This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and reports
whether any have already expired.

Solution
Purchase or generate a new SSL certificate to replace the existing one.

Risk Factor
Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Plugin Information:
Publication date: 2004/12/03, Modification date: 2015/06/17

Ports
tcp/8443

14

The SSL certificate has already expired :

15

Subject
:
Issuer
:
Not valid before :
Not valid after :

Mphasis Internal Document

C=US, ST=, L=, O=Novell, OU=iManager, CN=Temporary Certificate

C=US, ST=, L=, O=Novell, OU=iManager, CN=Temporary Certificate
Jan 4 12:31:31 2010 GMT
Jan 4 12:31:31 2011 GMT

26928 - SSL Weak Cipher Suites Supported

Synopsis
The remote service supports the use of weak SSL ciphers.

Description
The remote host supports the use of SSL ciphers that offer weak encryption.
Note: This is considerably easier to exploit if the attacker is on the same physical network.

See Also
http://www.openssl.org/docs/apps/ciphers.html

Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.

Risk Factor
Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

References
XREF

CWE:326

XREF

CWE:327

XREF

CWE:720

XREF

CWE:753

XREF

CWE:803

XREF

CWE:928

XREF

CWE:934

Plugin Information:
Publication date: 2007/10/08, Modification date: 2014/12/30

Ports
tcp/8443
Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
TLSv1
EXP-EDH-RSA-DES-CBC-SHA
export
EXP-DES-CBC-SHA
export
EXP-RC4-MD5
export

Kx=DH(512)

Au=RSA

Enc=DES-CBC(40)

Mac=SHA1

Kx=RSA(512)

Au=RSA

Enc=DES-CBC(40)

Mac=SHA1

Kx=RSA(512)

Au=RSA

Enc=RC4(40)

Mac=MD5

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

15

20007 - SSL Version 2 and 3 Protocol Detection

Synopsis
16

Mphasis Internal Document

The remote service encrypts traffic using a protocol with known weaknesses.

Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.

See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70

Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.

Risk Factor
Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01

Ports
tcp/8443
- SSLv3 is enabled and the server supports at least one cipher.

42873 - SSL Medium Strength Cipher Suites Supported

Synopsis
The remote service supports the use of medium strength SSL ciphers.

Description
The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as
those with key lengths at least 56 bits and less than 112 bits.
Note: This is considerably easier to exploit if the attacker is on the same physical network.

Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Risk Factor
Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2009/11/23, Modification date: 2012/04/02

Ports
tcp/8443
Here is the list of medium strength SSL ciphers supported by the remote server :

16

Medium Strength Ciphers (>= 56-bit and < 112-bit key)

17

TLSv1
EDH-RSA-DES-CBC-SHA
DES-CBC-SHA

Mphasis Internal Document

Kx=DH
Kx=RSA

Au=RSA
Au=RSA

Enc=DES-CBC(56)
Enc=DES-CBC(56)

Mac=SHA1
Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

42880 - SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection

Synopsis
The remote service allows insecure renegotiation of TLS / SSL connections.

Description
The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after
the initial handshake.
An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext
into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service
assumes that the sessions before and after renegotiation are from the same 'client' and merges them at the
application layer.

See Also
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
http://www.g-sec.lu/practicaltls.pdf
http://tools.ietf.org/html/rfc5746

Solution
Contact the vendor for specific patch information.

Risk Factor
Medium

CVSS Base Score

5.8 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)

CVSS Temporal Score

5.0 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)

References
BID

36935

CVE

CVE-2009-3555

XREF

OSVDB:59968

XREF

OSVDB:59969

XREF

OSVDB:59970

XREF

OSVDB:59971

XREF

OSVDB:59972

XREF

OSVDB:59973

XREF

OSVDB:59974

XREF

OSVDB:60366

XREF

OSVDB:60521

17

18

Mphasis Internal Document

XREF

OSVDB:61234

XREF

OSVDB:61718

XREF

OSVDB:61784

XREF

OSVDB:61785

XREF

OSVDB:61929

XREF

OSVDB:62064

XREF

OSVDB:62135

XREF

OSVDB:62210

XREF

OSVDB:62273

XREF

OSVDB:62536

XREF

OSVDB:62877

XREF

OSVDB:64040

XREF

OSVDB:64499

XREF

OSVDB:64725

XREF

OSVDB:65202

XREF

OSVDB:66315

XREF

OSVDB:67029

XREF

OSVDB:69032

XREF

OSVDB:69561

XREF

OSVDB:70055

XREF

OSVDB:70620

XREF

OSVDB:71951

XREF

OSVDB:71961

XREF

OSVDB:74335

XREF

OSVDB:75622

XREF

OSVDB:77832

XREF

OSVDB:90597

XREF

OSVDB:99240

XREF

OSVDB:100172

XREF

OSVDB:104575

XREF

OSVDB:104796

18

19

Mphasis Internal Document

XREF

CERT:120541

XREF

CWE:310

Plugin Information:
Publication date: 2009/11/24, Modification date: 2014/03/25

Ports
tcp/8443
TLSv1 supports insecure renegotiation.
SSLv3 supports insecure renegotiation.

19

20

Mphasis Internal Document

10.33.105.37

Host Information
DNS Name:

srvban18dvsql01.fs.mphasis.com

Netbios Name:

SRVBAN18DVSQL01

IP:

10.33.105.37

MAC Address:

00:1a:a0:b5:b4:85

OS:

Microsoft Windows Server 2003 Service Pack 2

Results Summary
Critical

High

Medium

Low

Info

Total

Results Details
1433/tcp
26928 - SSL Weak Cipher Suites Supported
Synopsis
The remote service supports the use of weak SSL ciphers.

Description
The remote host supports the use of SSL ciphers that offer weak encryption.
Note: This is considerably easier to exploit if the attacker is on the same physical network.

See Also
http://www.openssl.org/docs/apps/ciphers.html

Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.

Risk Factor
Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

References
XREF

CWE:326

XREF

CWE:327

XREF

CWE:720

XREF

CWE:753

XREF

CWE:803

XREF

CWE:928

XREF

CWE:934

20

Plugin Information:
Publication date: 2007/10/08, Modification date: 2014/12/30

21

Ports
tcp/1433

Mphasis Internal Document

Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
TLSv1
EXP-RC2-CBC-MD5
export
EXP-RC4-MD5
export

Kx=RSA(512)

Au=RSA

Enc=RC2-CBC(40)

Mac=MD5

Kx=RSA(512)

Au=RSA

Enc=RC4(40)

Mac=MD5

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

20007 - SSL Version 2 and 3 Protocol Detection

Synopsis
The remote service encrypts traffic using a protocol with known weaknesses.

Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.

See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70

Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.

Risk Factor
Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01

Ports
tcp/1433
- SSLv3 is enabled and the server supports at least one cipher.

42873 - SSL Medium Strength Cipher Suites Supported

Synopsis

21

The remote service supports the use of medium strength SSL ciphers.

Description
22

Mphasis Internal Document

The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as
those with key lengths at least 56 bits and less than 112 bits.
Note: This is considerably easier to exploit if the attacker is on the same physical network.

Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Risk Factor
Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2009/11/23, Modification date: 2012/04/02

Ports
tcp/1433
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
TLSv1
EXP1024-DES-CBC-SHA
export
EXP1024-RC4-SHA
export
DES-CBC-SHA

Kx=RSA(1024)

Au=RSA

Enc=DES-CBC(56)

Mac=SHA1

Kx=RSA(1024)

Au=RSA

Enc=RC4(56)

Mac=SHA1

Kx=RSA

Au=RSA

Enc=DES-CBC(56)

Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

22

23

Mphasis Internal Document

10.33.105.38

Host Information
DNS Name:

srvban18qasql02.fs.mphasis.com

Netbios Name:

SRVBAN18QASQL02

IP:

10.33.105.38

MAC Address:

00:1a:a0:bf:65:c4

OS:

Microsoft Windows Server 2003 Service Pack 2

Results Summary
Critical

High

Medium

Low

Info

Total

Results Details
1433/tcp
26928 - SSL Weak Cipher Suites Supported
Synopsis
The remote service supports the use of weak SSL ciphers.

Description
The remote host supports the use of SSL ciphers that offer weak encryption.
Note: This is considerably easier to exploit if the attacker is on the same physical network.

See Also
http://www.openssl.org/docs/apps/ciphers.html

Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.

Risk Factor
Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

References
XREF

CWE:326

XREF

CWE:327

XREF

CWE:720

XREF

CWE:753

XREF

CWE:803

XREF

CWE:928

XREF

CWE:934

23

Plugin Information:
Publication date: 2007/10/08, Modification date: 2014/12/30

24

Ports
tcp/1433

Mphasis Internal Document

Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
TLSv1
EXP-RC2-CBC-MD5
export
EXP-RC4-MD5
export

Kx=RSA(512)

Au=RSA

Enc=RC2-CBC(40)

Mac=MD5

Kx=RSA(512)

Au=RSA

Enc=RC4(40)

Mac=MD5

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

20007 - SSL Version 2 and 3 Protocol Detection

Synopsis
The remote service encrypts traffic using a protocol with known weaknesses.

Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.

See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70

Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.

Risk Factor
Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01

Ports
tcp/1433
- SSLv3 is enabled and the server supports at least one cipher.

42873 - SSL Medium Strength Cipher Suites Supported

Synopsis

24

The remote service supports the use of medium strength SSL ciphers.

Description
25

Mphasis Internal Document

The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as
those with key lengths at least 56 bits and less than 112 bits.
Note: This is considerably easier to exploit if the attacker is on the same physical network.

Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Risk Factor
Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2009/11/23, Modification date: 2012/04/02

Ports
tcp/1433
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
TLSv1
EXP1024-DES-CBC-SHA
export
EXP1024-RC4-SHA
export
DES-CBC-SHA

Kx=RSA(1024)

Au=RSA

Enc=DES-CBC(56)

Mac=SHA1

Kx=RSA(1024)

Au=RSA

Enc=RC4(56)

Mac=SHA1

Kx=RSA

Au=RSA

Enc=DES-CBC(56)

Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

25

26

Mphasis Internal Document

10.33.105.43

Host Information
DNS Name:

srvban18bkp02.fs.mphasis.com

Netbios Name:

SRVBAN18BKP02

IP:

10.33.105.43

MAC Address:

00:17:a4:10:48:a3

OS:

Microsoft Windows Server 2003 Service Pack 2

Results Summary
Critical

High

Medium

Low

Info

Total

Results Details
9000/tcp
10297 - Web Server Directory Traversal Arbitrary File Access
Synopsis
The remote web server is affected by a directory traversal vulnerability.

Description
It appears possible to read arbitrary files on the remote host outside the web server's document directory using a
specially crafted URL. An unauthenticated attacker may be able to exploit this issue to access sensitive information to
aide in subsequent attacks.
Note that this plugin is not limited to testing for known vulnerabilities in a specific set of web servers. Instead, it
attempts a variety of generic directory traversal attacks and considers a product to be vulnerable simply if it finds
evidence of the contents of '/etc/passwd' or a Windows 'win.ini' file in the response. It may, in fact, uncover 'new'
issues, that have yet to be reported to the product's vendor.

Solution
Contact the vendor for an update, use a different product, or disable the service altogether.

Risk Factor
Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

4.1 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

References
BID

7308

BID

7362

BID

7378

BID

7544

BID

7715

BID

26583

26

27

Mphasis Internal Document

BID

32412

BID

40053

BID

40133

BID

40680

BID

43230

BID

43258

BID

43356

BID

43358

BID

43830

BID

44393

BID

44564

BID

44586

BID

45599

BID

45603

BID

47760

BID

47842

BID

47987

BID

48114

BID

48926

BID

51286

BID

51311

BID

51399

BID

52327

BID

52384

BID

52541

BID

56871

BID

57143

BID

57313

BID

58794

BID

67389

BID

70760

27

28

Mphasis Internal Document

CVE

CVE-2000-0920

CVE

CVE-2007-6483

CVE

CVE-2008-5315

CVE

CVE-2010-1571

CVE

CVE-2010-3459

CVE

CVE-2010-3487

CVE

CVE-2010-3488

CVE

CVE-2010-3743

CVE

CVE-2010-4181

CVE

CVE-2011-1900

CVE

CVE-2011-2524

CVE

CVE-2011-4788

CVE

CVE-2012-0697

CVE

CVE-2012-1464

CVE

CVE-2012-5100

CVE

CVE-2012-5335

CVE

CVE-2012-5344

CVE

CVE-2012-5641

CVE

CVE-2013-2619

CVE

CVE-2013-3304

CVE

CVE-2014-3744

XREF

OSVDB:3681

XREF

OSVDB:42402

XREF

OSVDB:50288

XREF

OSVDB:64532

XREF

OSVDB:64611

XREF

OSVDB:65285

XREF

OSVDB:68026

XREF

OSVDB:68089

XREF

OSVDB:68141

XREF

OSVDB:68538

28

29

Mphasis Internal Document

XREF

OSVDB:68880

XREF

OSVDB:68962

XREF

OSVDB:70176

XREF

OSVDB:72231

XREF

OSVDB:72498

XREF

OSVDB:72972

XREF

OSVDB:73413

XREF

OSVDB:74135

XREF

OSVDB:78307

XREF

OSVDB:78308

XREF

OSVDB:79653

XREF

OSVDB:79867

XREF

OSVDB:80586

XREF

OSVDB:82647

XREF

OSVDB:82678

XREF

OSVDB:88925

XREF

OSVDB:89293

XREF

EDB-ID:24915

XREF

EDB-ID:33428

XREF

EDB-ID:35056

XREF

CWE:22

Plugin Information:
Publication date: 1999/11/05, Modification date: 2015/01/13

Ports
tcp/9000
Nessus was able to retrieve the remote host's 'win.ini' file using the
following URL :
- http://srvban18bkp02.fs.mphasis.com:9000/../../../../../../../../../../../../winnt/win.ini
Here are the contents :
------------------------------ snip -----------------------------; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[MCI Extensions.BAK]
asf=MPEGVideo
asx=MPEGVideo
m3u=MPEGVideo
mp2v=MPEGVideo

29

30

Mphasis Internal Document

mp3=MPEGVideo
mpv2=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wvx=MPEGVideo
wmx=MPEGVideo2
wpl=MPEGVideo
[WinZip]
Note-1=This section is required only to install the optional WinZip Internet Browser Support
build
0231.
Note-2=Removing this section of the win.ini will have no effect except preventing installation of
WinZip Internet Browser Support build 0231.
win32_version=6.3-8.0
[Solitaire]
Options=3
[Mail]
MAPI=1
CMCDLLNAME32=mapi32.dll
CMCDLLNAME=mapi.dll
CMC=1
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
------------------------------ snip -----------------------------Note that Nessus stopped searching after one exploit was found.
report all known exploits, enable 'Thorough tests' and re-scan.

To

30

31

Mphasis Internal Document

10.33.105.50

Host Information
DNS Name:

mpbakoraiusrv8.fs.mphasis.com

Netbios Name:

MPBAKORAIUSRV8

IP:

10.33.105.50

MAC Address:

00:17:a4:10:ff:28

OS:

Microsoft Windows Server 2003 Service Pack 2

Results Summary
Critical

High

Medium

Low

Info

Total

Results Details
1433/tcp
26928 - SSL Weak Cipher Suites Supported
Synopsis
The remote service supports the use of weak SSL ciphers.

Description
The remote host supports the use of SSL ciphers that offer weak encryption.
Note: This is considerably easier to exploit if the attacker is on the same physical network.

See Also
http://www.openssl.org/docs/apps/ciphers.html

Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.

Risk Factor
Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

References
XREF

CWE:326

XREF

CWE:327

XREF

CWE:720

XREF

CWE:753

XREF

CWE:803

XREF

CWE:928

XREF

CWE:934

31

Plugin Information:
Publication date: 2007/10/08, Modification date: 2014/12/30

32

Ports
tcp/1433

Mphasis Internal Document

Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
TLSv1
EXP-RC2-CBC-MD5
export
EXP-RC4-MD5
export

Kx=RSA(512)

Au=RSA

Enc=RC2-CBC(40)

Mac=MD5

Kx=RSA(512)

Au=RSA

Enc=RC4(40)

Mac=MD5

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

20007 - SSL Version 2 and 3 Protocol Detection

Synopsis
The remote service encrypts traffic using a protocol with known weaknesses.

Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.

See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70

Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.

Risk Factor
Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01

Ports
tcp/1433
- SSLv3 is enabled and the server supports at least one cipher.

42873 - SSL Medium Strength Cipher Suites Supported

Synopsis

32

The remote service supports the use of medium strength SSL ciphers.

Description
33

Mphasis Internal Document

The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as
those with key lengths at least 56 bits and less than 112 bits.
Note: This is considerably easier to exploit if the attacker is on the same physical network.

Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Risk Factor
Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2009/11/23, Modification date: 2012/04/02

Ports
tcp/1433
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
TLSv1
EXP1024-DES-CBC-SHA
export
EXP1024-RC4-SHA
export
DES-CBC-SHA

Kx=RSA(1024)

Au=RSA

Enc=DES-CBC(56)

Mac=SHA1

Kx=RSA(1024)

Au=RSA

Enc=RC4(56)

Mac=SHA1

Kx=RSA

Au=RSA

Enc=DES-CBC(56)

Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

33

34

Mphasis Internal Document

10.33.105.52

Host Information
DNS Name:

srvllaiusybase.fs.mphasis.com

Netbios Name:

SRVLLAIUSYBASE

IP:

10.33.105.52

MAC Address:

00:17:a4:10:28:2c

OS:

Microsoft Windows Server 2003 Service Pack 2

Results Summary
Critical

High

Medium

Low

Info

Total

Results Details
1498/tcp
26928 - SSL Weak Cipher Suites Supported
Synopsis
The remote service supports the use of weak SSL ciphers.

Description
The remote host supports the use of SSL ciphers that offer weak encryption.
Note: This is considerably easier to exploit if the attacker is on the same physical network.

See Also
http://www.openssl.org/docs/apps/ciphers.html

Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.

Risk Factor
Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

References
XREF

CWE:326

XREF

CWE:327

XREF

CWE:720

XREF

CWE:753

XREF

CWE:803

XREF

CWE:928

XREF

CWE:934

34

Plugin Information:
Publication date: 2007/10/08, Modification date: 2014/12/30

35

Ports
tcp/1498

Mphasis Internal Document

Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
TLSv1
EXP-RC2-CBC-MD5
export
EXP-RC4-MD5
export

Kx=RSA(512)

Au=RSA

Enc=RC2-CBC(40)

Mac=MD5

Kx=RSA(512)

Au=RSA

Enc=RC4(40)

Mac=MD5

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

20007 - SSL Version 2 and 3 Protocol Detection

Synopsis
The remote service encrypts traffic using a protocol with known weaknesses.

Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.

See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70

Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.

Risk Factor
Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01

Ports
tcp/1498
- SSLv3 is enabled and the server supports at least one cipher.

42873 - SSL Medium Strength Cipher Suites Supported

Synopsis

35

The remote service supports the use of medium strength SSL ciphers.

Description
36

Mphasis Internal Document

The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as
those with key lengths at least 56 bits and less than 112 bits.
Note: This is considerably easier to exploit if the attacker is on the same physical network.

Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Risk Factor
Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2009/11/23, Modification date: 2012/04/02

Ports
tcp/1498
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
TLSv1
EXP1024-DES-CBC-SHA
export
EXP1024-RC4-SHA
export
DES-CBC-SHA

Kx=RSA(1024)

Au=RSA

Enc=DES-CBC(56)

Mac=SHA1

Kx=RSA(1024)

Au=RSA

Enc=RC4(56)

Mac=SHA1

Kx=RSA

Au=RSA

Enc=DES-CBC(56)

Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

36

37

Mphasis Internal Document

10.33.105.56

Host Information
IP:

10.33.105.56

OS:

Microsoft Windows Vista, Microsoft Windows Server 2008, Microsoft Windows Server 2008
R2, Microsoft Windows 7

Results Summary
Critical

High

Medium

Low

Info

Total

Results Details
8080/tcp
12085 - Apache Tomcat servlet/JSP container default files
Synopsis
The remote web server contains example files.

Description
Example JSPs and Servlets are installed in the remote Apache Tomcat servlet/JSP container. These files should be
removed as they may help an attacker uncover information about the remote Tomcat install or host itself. Or they may
themselves contain vulnerabilities such as cross-site scripting issues.

Solution
Review the files and delete those that are not needed.

Risk Factor
Medium

CVSS Base Score

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

References
XREF

CWE:20

XREF

CWE:74

XREF

CWE:79

XREF

CWE:442

XREF

CWE:629

XREF

CWE:711

XREF

CWE:712

XREF

CWE:722

XREF

CWE:725

XREF

CWE:750

XREF

CWE:751

XREF

CWE:800

37

38

Mphasis Internal Document

XREF

CWE:801

XREF

CWE:809

XREF

CWE:811

XREF

CWE:864

XREF

CWE:900

XREF

CWE:928

XREF

CWE:931

XREF

CWE:990

Plugin Information:
Publication date: 2004/03/02, Modification date: 2015/02/13

Ports
tcp/8080
The following default files were found :
/examples/servlets/index.html
/examples/jsp/snp/snoop.jsp
/examples/jsp/index.html

38

39

Mphasis Internal Document

10.33.105.85

Host Information
Netbios Name:

WKSBAN18ALF7169

IP:

10.33.105.85

MAC Address:

2c:27:d7:46:b5:d8

OS:

Microsoft Windows 7 Enterprise

Results Summary
Critical

High

Medium

Low

Info

Total

Results Details
8080/tcp
12085 - Apache Tomcat servlet/JSP container default files
Synopsis
The remote web server contains example files.

Description
Example JSPs and Servlets are installed in the remote Apache Tomcat servlet/JSP container. These files should be
removed as they may help an attacker uncover information about the remote Tomcat install or host itself. Or they may
themselves contain vulnerabilities such as cross-site scripting issues.

Solution
Review the files and delete those that are not needed.

Risk Factor
Medium

CVSS Base Score

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

References
XREF

CWE:20

XREF

CWE:74

XREF

CWE:79

XREF

CWE:442

XREF

CWE:629

XREF

CWE:711

XREF

CWE:712

XREF

CWE:722

XREF

CWE:725

XREF

CWE:750

39

40

Mphasis Internal Document

XREF

CWE:751

XREF

CWE:800

XREF

CWE:801

XREF

CWE:809

XREF

CWE:811

XREF

CWE:864

XREF

CWE:900

XREF

CWE:928

XREF

CWE:931

XREF

CWE:990

Plugin Information:
Publication date: 2004/03/02, Modification date: 2015/02/13

Ports
tcp/8080
The following default files were found :
/examples/servlets/index.html
/examples/jsp/snp/snoop.jsp
/examples/jsp/index.html

40

41

Mphasis Internal Document

10.33.105.108

Host Information
Netbios Name:

WKSBAN18ALF7171

IP:

10.33.105.108

MAC Address:

3c:d9:2b:4c:bf:25

OS:

Microsoft Windows 7 Enterprise

Results Summary
Critical

High

Medium

Low

Info

Total

Results Details
8080/tcp
12085 - Apache Tomcat servlet/JSP container default files
Synopsis
The remote web server contains example files.

Description
Example JSPs and Servlets are installed in the remote Apache Tomcat servlet/JSP container. These files should be
removed as they may help an attacker uncover information about the remote Tomcat install or host itself. Or they may
themselves contain vulnerabilities such as cross-site scripting issues.

Solution
Review the files and delete those that are not needed.

Risk Factor
Medium

CVSS Base Score

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

References
XREF

CWE:20

XREF

CWE:74

XREF

CWE:79

XREF

CWE:442

XREF

CWE:629

XREF

CWE:711

XREF

CWE:712

XREF

CWE:722

XREF

CWE:725

XREF

CWE:750

41

42

Mphasis Internal Document

XREF

CWE:751

XREF

CWE:800

XREF

CWE:801

XREF

CWE:809

XREF

CWE:811

XREF

CWE:864

XREF

CWE:900

XREF

CWE:928

XREF

CWE:931

XREF

CWE:990

Plugin Information:
Publication date: 2004/03/02, Modification date: 2015/02/13

Ports
tcp/8080
The following default files were found :
/examples/servlets/index.html
/examples/jsp/snp/snoop.jsp
/examples/jsp/index.html

42

43

Mphasis Internal Document

10.33.105.125

Host Information
Netbios Name:

WKSBAN18ALF7240

IP:

10.33.105.125

MAC Address:

2c:27:d7:46:b6:0c

OS:

Microsoft Windows 7 Enterprise

Results Summary
Critical

High

Medium

Low

Info

Total

Results Details
8880/tcp
64097 - IBM WebSphere Application Server 7.0 < Fix Pack 27 Multiple Vulnerabilities
Synopsis
The remote application server may be affected by multiple vulnerabilities.

Description
IBM WebSphere Application Server 7.0 before Fix Pack 27 appears to be running on the remote host. It is, therefore,
potentially affected by the following vulnerabilities :
- A request validation error exists related to the proxy server component that could allow a remote attacker to cause
the proxy status to be reported as disabled, thus denying applications access to the proxy.
(CVE-2012-3330, PM71319)
- A user-supplied input validation error exists that could allow cross-site request forgery (CSRF) attacks to be carried
out. (CVE-2012-4853, PM62920)
- Unspecified errors exist related to the administration console that could allow cross-site scripting attacks.
(CVE-2013-0458, CVE-2013-0459, CVE-2013-0460, PM71139, PM72536, PM72275)
- An unspecified error exists related to the administration console for 'virtual member manager'
(VMM) that can allow cross-site scripting.
(CVE-2013-0461, PM71389)

See Also
http://www.nessus.org/u?c8df3590
http://www.nessus.org/u?85335f50
http://www.nessus.org/u?6249ee05
http://www.nessus.org/u?5ae80ba2

Solution
If using WebSphere Application Server, apply Fix Pack 27 (7.0.0.27) or later.
Otherwise, if using embedded WebSphere Application Server packaged with Tivoli Directory Server, contact the
vendor for more information as IBM currently has not a published fix pack 27 for that.

Risk Factor
Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

43

CVSS Temporal Score

3.6 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

44

References

Mphasis Internal Document

BID

56458

BID

56459

BID

57508

BID

57509

BID

57510

BID

57512

CVE

CVE-2012-3330

CVE

CVE-2012-4853

CVE

CVE-2013-0458

CVE

CVE-2013-0459

CVE

CVE-2013-0460

CVE

CVE-2013-0461

XREF

OSVDB:87338

XREF

OSVDB:87339

XREF

OSVDB:89514

XREF

OSVDB:89515

XREF

OSVDB:89517

XREF

OSVDB:89518

XREF

CWE:20

XREF

CWE:74

XREF

CWE:79

XREF

CWE:442

XREF

CWE:629

XREF

CWE:711

XREF

CWE:712

XREF

CWE:722

XREF

CWE:725

XREF

CWE:750

XREF

CWE:751

XREF

CWE:800

XREF

CWE:801

44

45

Mphasis Internal Document

XREF

CWE:809

XREF

CWE:811

XREF

CWE:864

XREF

CWE:900

XREF

CWE:928

XREF

CWE:931

XREF

CWE:990

Plugin Information:
Publication date: 2013/01/25, Modification date: 2015/07/13

Ports
tcp/8880
Version source
: <SOAP-ENV:Header xmlns:ns0="admin" ns0:WASRemoteRuntimeVersion="7.0.0.0"
ns0:JMXMessageVersion="1.0.0" ns0:JMXVersion="1.2.0">
Installed version : 7.0.0.0
Fixed version
: 7.0.0.27

20007 - SSL Version 2 and 3 Protocol Detection

Synopsis
The remote service encrypts traffic using a protocol with known weaknesses.

Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.

See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70

Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.

Risk Factor
Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01

Ports
tcp/8880

45

- SSLv3 is enabled and the server supports at least one cipher.

46

Mphasis Internal Document

42880 - SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection

Synopsis
The remote service allows insecure renegotiation of TLS / SSL connections.

Description
The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after
the initial handshake.
An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext
into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service
assumes that the sessions before and after renegotiation are from the same 'client' and merges them at the
application layer.

See Also
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
http://www.g-sec.lu/practicaltls.pdf
http://tools.ietf.org/html/rfc5746

Solution
Contact the vendor for specific patch information.

Risk Factor
Medium

CVSS Base Score

5.8 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)

CVSS Temporal Score

5.0 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)

References
BID

36935

CVE

CVE-2009-3555

XREF

OSVDB:59968

XREF

OSVDB:59969

XREF

OSVDB:59970

XREF

OSVDB:59971

XREF

OSVDB:59972

XREF

OSVDB:59973

XREF

OSVDB:59974

XREF

OSVDB:60366

XREF

OSVDB:60521

XREF

OSVDB:61234

XREF

OSVDB:61718

XREF

OSVDB:61784

XREF

OSVDB:61785

XREF

OSVDB:61929

46

47

Mphasis Internal Document

XREF

OSVDB:62064

XREF

OSVDB:62135

XREF

OSVDB:62210

XREF

OSVDB:62273

XREF

OSVDB:62536

XREF

OSVDB:62877

XREF

OSVDB:64040

XREF

OSVDB:64499

XREF

OSVDB:64725

XREF

OSVDB:65202

XREF

OSVDB:66315

XREF

OSVDB:67029

XREF

OSVDB:69032

XREF

OSVDB:69561

XREF

OSVDB:70055

XREF

OSVDB:70620

XREF

OSVDB:71951

XREF

OSVDB:71961

XREF

OSVDB:74335

XREF

OSVDB:75622

XREF

OSVDB:77832

XREF

OSVDB:90597

XREF

OSVDB:99240

XREF

OSVDB:100172

XREF

OSVDB:104575

XREF

OSVDB:104796

XREF

CERT:120541

XREF

CWE:310

Plugin Information:
Publication date: 2009/11/24, Modification date: 2014/03/25

Ports
tcp/8880

47

SSLv3 supports insecure renegotiation.

48

Mphasis Internal Document

9043/tcp
20007 - SSL Version 2 and 3 Protocol Detection
Synopsis
The remote service encrypts traffic using a protocol with known weaknesses.

Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.

See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70

Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.

Risk Factor
Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01

Ports
tcp/9043
- SSLv3 is enabled and the server supports at least one cipher.

9443/tcp
20007 - SSL Version 2 and 3 Protocol Detection
Synopsis
The remote service encrypts traffic using a protocol with known weaknesses.

Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.

See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf

48

http://www.nessus.org/u?5d15ba70

Solution
49

Mphasis Internal Document

Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.

Risk Factor
Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01

Ports
tcp/9443
- SSLv3 is enabled and the server supports at least one cipher.

49

50

Mphasis Internal Document

10.33.105.136

Host Information
Netbios Name:

WKSBAN18ALF7178

IP:

10.33.105.136

MAC Address:

d4:85:64:b3:7e:be

OS:

Microsoft Windows 7 Enterprise

Results Summary
Critical

High

Medium

Low

Info

Total

Results Details
8080/tcp
12085 - Apache Tomcat servlet/JSP container default files
Synopsis
The remote web server contains example files.

Description
Example JSPs and Servlets are installed in the remote Apache Tomcat servlet/JSP container. These files should be
removed as they may help an attacker uncover information about the remote Tomcat install or host itself. Or they may
themselves contain vulnerabilities such as cross-site scripting issues.

Solution
Review the files and delete those that are not needed.

Risk Factor
Medium

CVSS Base Score

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

References
XREF

CWE:20

XREF

CWE:74

XREF

CWE:79

XREF

CWE:442

XREF

CWE:629

XREF

CWE:711

XREF

CWE:712

XREF

CWE:722

XREF

CWE:725

XREF

CWE:750

50

51

Mphasis Internal Document

XREF

CWE:751

XREF

CWE:800

XREF

CWE:801

XREF

CWE:809

XREF

CWE:811

XREF

CWE:864

XREF

CWE:900

XREF

CWE:928

XREF

CWE:931

XREF

CWE:990

Plugin Information:
Publication date: 2004/03/02, Modification date: 2015/02/13

Ports
tcp/8080
The following default files were found :
/examples/servlets/index.html
/examples/jsp/snp/snoop.jsp
/examples/jsp/index.html

51

52

Mphasis Internal Document

10.33.105.158

Host Information
Netbios Name:

WKSBAN18ALF7224

IP:

10.33.105.158

MAC Address:

2c:27:d7:46:b4:32

OS:

Microsoft Windows 7 Enterprise

Results Summary
Critical

High

Medium

Low

Info

Total

Results Details
1433/tcp
20007 - SSL Version 2 and 3 Protocol Detection
Synopsis
The remote service encrypts traffic using a protocol with known weaknesses.

Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.

See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70

Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.

Risk Factor
Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01

Ports
tcp/1433

52

- SSLv3 is enabled and the server supports at least one cipher.

53

Mphasis Internal Document

10.33.105.160

Host Information
Netbios Name:

WKSBAN18ALF7239

IP:

10.33.105.160

MAC Address:

2c:27:d7:46:b6:55

OS:

Microsoft Windows 7 Enterprise

Results Summary
Critical

High

Medium

Low

Info

Total

Results Details
80/tcp
11213 - HTTP TRACE / TRACK Methods Allowed
Synopsis
Debugging functions are enabled on the remote web server.

Description
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that
are used to debug web server connections.

See Also
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
http://www.apacheweek.com/issues/03-01-24
http://download.oracle.com/sunalerts/1000718.1.html

Solution
Disable these methods. Refer to the plugin output for more information.

Risk Factor
Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

3.9 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

References
BID

9506

BID

9561

BID

11604

BID

33374

BID

37995

CVE

CVE-2003-1567

53

54

Mphasis Internal Document

CVE

CVE-2004-2320

CVE

CVE-2010-0386

XREF

OSVDB:877

XREF

OSVDB:3726

XREF

OSVDB:5648

XREF

OSVDB:50485

XREF

CERT:288308

XREF

CERT:867593

XREF

CWE:16

Plugin Information:
Publication date: 2003/01/23, Modification date: 2015/01/13

Ports
tcp/80
Nessus sent the following TRACE request :
------------------------------ snip -----------------------------TRACE /Nessus34398088.html HTTP/1.1
Connection: Close
Host: 10.33.105.160
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8
------------------------------ snip -----------------------------and received the following response from the remote server :
------------------------------ snip -----------------------------HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 23 Jul 2015 21:00:45 GMT
Content-type: message/http
Connection: close

TRACE /Nessus34398088.html HTTP/1.1

Connection: Close
Host: 10.33.105.160
Pragma: no-cache
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-language: en
Accept-charset: iso-8859-1,*,utf-8
------------------------------ snip ------------------------------

54

55

Mphasis Internal Document

10.33.105.171

Host Information
Netbios Name:

WKSBAN18ALF7004

IP:

10.33.105.171

MAC Address:

00:23:24:08:31:aa

OS:

Microsoft Windows 7 Enterprise

Results Summary
Critical

High

Medium

Low

Info

Total

Results Details
1433/tcp
20007 - SSL Version 2 and 3 Protocol Detection
Synopsis
The remote service encrypts traffic using a protocol with known weaknesses.

Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly
suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle
attacks or to decrypt communications between the affected service and clients.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement
found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.

See Also
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70

Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.0 or higher instead.

Risk Factor
Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:
Publication date: 2005/10/12, Modification date: 2015/07/01

Ports
tcp/1433

55

- SSLv3 is enabled and the server supports at least one cipher.

56

Mphasis Internal Document

10.33.105.177

Host Information
Netbios Name:

WKSBAN18ALF7170

IP:

10.33.105.177

MAC Address:

2c:27:d7:47:6b:2b

OS:

Microsoft Windows 7 Enterprise

Results Summary
Critical

High

Medium

Low

Info

Total

Results Details
8080/tcp
34970 - Apache Tomcat Manager Common Administrative Credentials
Synopsis
The management console for the remote web server is protected using a known set of credentials.

Description
Nessus was able to gain access to the Manager web application for the remote Tomcat server using a known set of
credentials. A remote attacker can exploit this issue to install a malicious application on the affected server and run
arbitrary code with Tomcat's privileges (usually SYSTEM on Windows, or the unprivileged 'tomcat' account on Unix).
Worms are known to propagate this way.

See Also
http://markmail.org/thread/wfu4nff5chvkb6xp
http://svn.apache.org/viewvc?view=revision&revision=834047
http://www.intevydis.com/blog/?p=87
http://www.zerodayinitiative.com/advisories/ZDI-10-214/
http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0260.html

Solution
Edit the associated 'tomcat-users.xml' file and change or remove the affected set of credentials.

Risk Factor
Critical

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.3 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

References
BID

36253

BID

36954

BID

37086

56

57

Mphasis Internal Document

BID

38084

BID

44172

CVE

CVE-2009-3099

CVE

CVE-2009-3548

CVE

CVE-2010-0557

CVE

CVE-2010-4094

XREF

OSVDB:57898

XREF

OSVDB:60176

XREF

OSVDB:60317

XREF

OSVDB:62118

XREF

OSVDB:69008

XREF

EDB-ID:18619

XREF

CWE:255

Exploitable with
Core Impact (true)Metasploit (true)

Plugin Information:
Publication date: 2008/11/26, Modification date: 2015/04/20

Ports
tcp/8080
It was possible to log into the Tomcat Manager web app using the
following info :
URL
: http://10.33.105.177:8080/manager/html
Username : admin
Password :
URL
: http://10.33.105.177:8080/host-manager/html
Username : admin
Password :
URL
: http://10.33.105.177:8080/manager/status
Username : admin
Password :

57

58