Scan Report CRM

Summary
This document reports on the results of an automatic security scan. The report first summarises the results
found. Then, for each host, the report describes every issue found. Please consider the advice given in each
description, in order to rectify the issue.
Vendor security updates are not trusted.
Overrides are on. W hen a result has an override, this report uses the threat of the override.
Notes are included in the report.
This report might not show details of all issues that w ere found. It only lists hosts that produced issues.
Issues w ith the threat level "Debug" are not show n. Issues w ith the threat level "False Positive" are not
show n.
This report contains all 40 results selected by the filtering described above. Before filtering there w ere 40
results.
All dates are displayed using the timezone "Coordinated Universal Time", w hich is abbreviated "UTC".
Scan started: Fri Nov 13 08:50:20 2015 UTC
Scan ended: Fri Nov 13 09:07:34 2015 UTC
Task:
secu crm mobile
Host Summary
Host
Start
End
High Medium Low Log False Positive
172.29.99.33 Nov 13, 08:50:31 Nov 13, 09:07:34 7
29 0
Total: 1
29 0
Results per Host

Host 172.29.99.33
Scanning of this host started at: Fri Nov 13 08:50:31 2015 UTC
Number of results:
40
Port Summary for Host 172.29.99.33

Service (Port) Threat Level
22/tcp
High
80/tcp
High
3389/tcp
Medium
general/tcp
Low
general/icmp
Log
general/CPE-T Log
21/tcp
Log
111/tcp
Log
Security Issues for Host 172.29.99.33

High (CVSS: 8.5)
NVT: OpenSSH Multiple Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.806052)
Product detection result: cpe:/a:openbsd:openssh:6.6.1p1 by SSH Server type and version (OID:
1.3.6.1.4.1.25623.1.0.10267)
Summary
This host is running OpenSSH and is prone to multiple vulnerabilities.
Vulnerability Detection Result
Installed version: 6.6.1p1
Fixed version:
7.0
Impact
Successful exploitation w ill allow an attacker to gain privileges, to conduct impersonation attacks, to
conduct brute-force attacks or cause a denial of service.
Impact Level: Application
Solution
Upgrade to OpenSSH 7.0 or later. For updates refer to http://w w w .openssh.com
Affected Software/OS
OpenSSH versions before 7.0
Vulnerability Insight
22/tcp
Multiple flaw s are due to: - Use-after-free vulnerability in the 'mm_answ er_pam_free_ctx' function in
monitor.c in sshd. - Vulnerability in 'kbdint_next_device' function in auth2-chall.c in sshd. - vulnerability in
the handler for the MONITOR_REQ_PAM_FREE_CTX request.
Vulnerability Detection Method
Get the installed version w ith the help of detect NVT and check the version is vulnerable or not.
Details: OpenSSH Multiple Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.806052)
Version used: $Revision: 1784 $
Product Detection Result
Product: cpe:/a:openbsd:openssh:6.6.1p1
Method: SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267)
References
CVE:
CVE-2015-6564, CVE-2015-6563, CVE-2015-5600
CERT: DFN-CERT-2015-1679 , DFN-CERT-2015-1644 , DFN-CERT-2015-1632 , DFN-CERT-2015-1591 , DFNCERT-2015-1443 , DFN-CERT-2015-1406 , DFN-CERT-2015-1263 , DFN-CERT-2015-1259 , DFNCERT-2015-1252 , DFN-CERT-2015-1239 , DFN-CERT-2015-1161 , DFN-CERT-2015-1159
Other: http://seclists.org/fulldisclosure/2015/Aug/54
http://openw all.com/lists/oss-security/2015/07/23/4
High (CVSS: 7.5)
NVT: php Multiple Vulnerabilities -01 June15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805651)
80/tcp
Product detection result: cpe:/a:php:php:5.5.9 by PHP Version Detection (OID:

1.3.6.1.4.1.25623.1.0.800109)
Summary
This host is installed w ith php and is prone to multiple vulnerabilities.
Installed Version: 5.5.9
Fixed Version:
5.5.23
Impact
Successfully exploiting this issue allow remote attackers to obtain sensitive information by providing crafted
serialized data w ith an int data type and to execute arbitrary code by providing crafted serialized data w ith
an unexpected data type.
Solution
Upgrade to php 5.4.39 or 5.5.23 or 5.6.7 or later. For updates refer to http://w w w .php.net
php versions before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7
Multiple flaw s are due to, - 'do_soap_call' function in ext/soap/soap.c script in PHP does not verify that the
uri property is a string. - 'SoapClient::__call' method in ext/soap/soap.c script in PHP does not verify that
__default_headers is an array. - use-after-free error related to the 'unserialize' function w hen using
DateInterval input. - a flaw in the 'move_uploaded_file' function that is triggered w hen handling NULL
bytes. - an integer overflow condition in the '_zip_cdir_new ' function in 'zip_dirent.c' script.
Details: php Multiple Vulnerabilities -01 June15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805651)
Product: cpe:/a:php:php:5.5.9
Method: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)
References
CVE:
CVE-2015-4148, CVE-2015-4147, CVE-2015-2787, CVE-2015-2348, CVE-2015-2331
BID:
73357, 73431, 73434
CERT: DFN-CERT-2015-1514 , DFN-CERT-2015-1252 , DFN-CERT-2015-1083 , DFN-CERT-2015-1017 , DFNCERT-2015-0989 , DFN-CERT-2015-0900 , DFN-CERT-2015-0854 , DFN-CERT-2015-0842 , DFNCERT-2015-0809 , DFN-CERT-2015-0794 , DFN-CERT-2015-0697 , DFN-CERT-2015-0583 , DFNCERT-2015-0505 , DFN-CERT-2015-0387 , DFN-CERT-2015-0383 , DFN-CERT-2015-0382
Other: http://php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=69085
High (CVSS: 7.5)
80/tcp

1.3.6.1.4.1.25623.1.0.800109)
Summary
Fixed Version:
5.5.24
Impact
Successfully exploiting this issue allow remote attackers to cause a denial of service, to obtain sensitive
information from process memory and to execute arbitrary code via crafted dimensions.
Solution
Multiple flaw s are due to, - Multiple stack-based buffer overflow s in the 'phar_set_inode' function in
phar_internal.h script in PHP . - Vulnerabilities in 'phar_parse_metadata' and 'phar_parse_pharfile'
functions in ext/phar/phar.c script in PHP. - A NULL pointer dereference flaw in the 'build_tablename'
function in 'ext/pgsql/pgsql.c' script that is triggered w hen handling NULL return values for 'token'.
References
CVE:
CVE-2015-3329, CVE-2015-3307, CVE-2015-2783, CVE-2015-1352
BID:
74240, 74239, 74703
CERT: DFN-CERT-2015-1514 , DFN-CERT-2015-1252 , DFN-CERT-2015-1017 , DFN-CERT-2015-0926 , DFNCERT-2015-0900 , DFN-CERT-2015-0842 , DFN-CERT-2015-0809 , DFN-CERT-2015-0803 , DFNCERT-2015-0794 , DFN-CERT-2015-0697 , DFN-CERT-2015-0677 , DFN-CERT-2015-0583 , DFNCERT-2015-0579 , DFN-CERT-2015-0212
High (CVSS: 7.5)
80/tcp

1.3.6.1.4.1.25623.1.0.800109)
Summary
Fixed Version:
5.5.25
Impact
Successfully exploiting this issue allow remote attackers to cause a denial of service , bypass intended
extension restrictions and access and execute files or directories w ith unexpected names via crafted
dimensions and remote FTP servers to execute arbitrary code.

Solution
Multiple flaw s are due to, - Algorithmic complexity vulnerability in the 'multipart_buffer_headers' function in
main/rfc1867.c script in PHP. - 'pcntl_exec' implementation in PHP truncates a pathname upon encountering
a \x00 character. - Integer overflow in the 'ftp_genlist' function in ext/ftp/ftp.c script in PHP. - The
'phar_parse_tarfile' function in ext/phar/tar.c script in PHP does not verify that the first character of a
filename is different from the \0 character.
References
CVE:
CVE-2015-4026, CVE-2015-4025, CVE-2015-4024, CVE-2015-4022, CVE-2015-4021
BID:
75056, 74904, 74903, 74902, 74700
CERT: DFN-CERT-2015-1252 , DFN-CERT-2015-1139 , DFN-CERT-2015-1083 , DFN-CERT-2015-1021 , DFNCERT-2015-1017 , DFN-CERT-2015-0989 , DFN-CERT-2015-0973 , DFN-CERT-2015-0926 , DFNCERT-2015-0900 , DFN-CERT-2015-0809 , DFN-CERT-2015-0803 , DFN-CERT-2015-0797 , DFNCERT-2015-0732
High (CVSS: 7.5)
NVT: php Multiple Remote Code Execution Vulnerabilities July15 (Linux) (OID:
1.3.6.1.4.1.25623.1.0.805685)
80/tcp

1.3.6.1.4.1.25623.1.0.800109)
Summary
Fixed Version:
5.5.22
Impact
Successfully exploiting this issue allow remote attackers to execute arbitrary code via some crafted
dimensions.
Solution
Multiple flaw s are due to, - Multiple use-after-free vulnerabilities in 'ext/date/php_date.c' script. - Heapbased buffer overflow in the 'enchant_broker_request_dict' function in 'ext/enchant/enchant.c' script.
Details: php Multiple Remote Code Execution Vulnerabilities July15 (Linux) (OID:
1.3.6.1.4.1.25623.1.0.805685)

References
CVE:
CVE-2015-0273, CVE-2014-9705
BID:
73031, 72701
CERT: DFN-CERT-2015-1644 , DFN-CERT-2015-1514 , DFN-CERT-2015-1017 , DFN-CERT-2015-0956 , DFNCERT-2015-0900 , DFN-CERT-2015-0842 , DFN-CERT-2015-0809 , DFN-CERT-2015-0794 , DFNCERT-2015-0697 , DFN-CERT-2015-0505 , DFN-CERT-2015-0371 , DFN-CERT-2015-0370 , DFNCERT-2015-0286 , DFN-CERT-2015-0228
https://bugzilla.redhat.com/show _bug.cgi?id=1194730
http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html
High (CVSS: 7.5)
NVT: php Use-After-Free Remote Code EXecution Vulnerability -01 July15 (Linux) (OID:
1.3.6.1.4.1.25623.1.0.805686)
80/tcp

1.3.6.1.4.1.25623.1.0.800109)
Summary
This host is installed w ith php and is prone to remote code execution vulnerability.
Fixed Version:
5.5.22
Impact
Successfully exploiting this issue allow remote attackers to execute arbitrary code on the target system.
Solution
Upgrade to php 5.5.22 or 5.6.6 or later. For updates refer to http://w w w .php.net
php versions before 5.5.22 and 5.6.x before 5.6.6
The flaw is due to Use-after-free vulnerability in the 'phar_rename_archive' function in 'phar_object.c' script
Details: php Use-After-Free Remote Code EXecution Vulnerability -01 July15 (Linux) (OID:
1.3.6.1.4.1.25623.1.0.805686)
References
CVE:
CVE-2015-2301
BID:
73037
CERT: DFN-CERT-2015-1514 , DFN-CERT-2015-1017 , DFN-CERT-2015-0900 , DFN-CERT-2015-0842 , DFNCERT-2015-0809 , DFN-CERT-2015-0794 , DFN-CERT-2015-0697 , DFN-CERT-2015-0505 , DFNCERT-2015-0387 , DFN-CERT-2015-0370
https://bugzilla.redhat.com/show _bug.cgi?id=1194747
http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html
High (CVSS: 7.5)
NVT: php Use-After-Free Denial Of Service Vulnerability -02 July15 (Linux) (OID:
1.3.6.1.4.1.25623.1.0.805687)
1.3.6.1.4.1.25623.1.0.800109)
Summary
80/tcp
This host is installed w ith php and is prone to denial of service vulnerability.
Fixed Version:
5.5.25
Impact
Successfully exploiting this issue allow remote attackers to cause a denial of service or possibly have
unspecified other impact.
Solution
Upgrade to php 5.5.22 or 5.6.6 or later. For updates refer to http://w w w .php.net
php versions through 5.6.7 and 5.5.x before 5.5.25
The flaw is due to Use-after-free vulnerability in the '_zend_shared_memdup' function in
'zend_shared_alloc.c' script.
Details: php Use-After-Free Denial Of Service Vulnerability -02 July15 (Linux) (OID:
1.3.6.1.4.1.25623.1.0.805687)
References
CVE:
CVE-2015-1351
BID:
71929
CERT: DFN-CERT-2015-1514 , DFN-CERT-2015-0794 , DFN-CERT-2015-0579 , DFN-CERT-2015-0487 , DFNCERT-2015-0212

Other: http://bugzilla.redhat.com/show _bug.cgi?id=1185900
Medium (CVSS: 6.4)
NVT: Microsoft RDP Server Private Key Information Disclosure Vulnerability (OID:
1.3.6.1.4.1.25623.1.0.902658)
3389/tcp
Summary
This host is running Remote Desktop Protocol server and is prone to information disclosure vulnerability.
Vulnerability w as detected according to the Vulnerability Detection Method.
Impact
Successful exploitation could allow remote attackers to gain sensitive information.
Impact Level: System/Application
Solution
No solution or patch w as made available for at least one year since disclosure of this vulnerability. Likely
none w ill be provided anymore. General solution options are to upgrade to a new er release, disable
respective features, remove the product or replace the product by another one.
A W orkaround is to connect only to terminal services over trusted netw orks.
All Microsoft-compatible RDP (5.2 or earlier) softw ares
The flaw is due to RDP server w hich stores an RSA private key used for signing a terminal server's public
key in the mstlsapi.dll library, w hich allow s remote attackers to calculate a valid signature and further
perform a man-in-the-middle (MITM) attacks to obtain sensitive information.

Details: Microsoft RDP Server Private Key Information Disclosure Vulnerability (OID:
1.3.6.1.4.1.25623.1.0.902658)
References
CVE:
CVE-2005-1794
BID:
13818
Other: http://secunia.com/advisories/15605/
http://xforce.iss.net/xforce/xfdb/21954
http://w w w .oxid.it/dow nloads/rdp-gbu.pdf
http://sourceforge.net/p/xrdp/mailman/message/32732056
Medium (CVSS: 5.0)
NVT: Missing httpOnly Cookie Attribute (OID: 1.3.6.1.4.1.25623.1.0.105925)
80/tcp
Summary
The application is missing the 'httpOnly' cookie attribute
The cookies:
Set-Cookie: PHPSESSID=0foma9opbd9lv1gr1bf5gmraj6; path=/
are missing the httpOnly attribute.
Impact
Application
Solution
Set the 'httpOnly' attribute for any session cookies.
Application w ith session handling in cookies.
The flaw is due to a cookie is not using the 'httpOnly' attribute. This allow s a cookie to be accessed by
JavaScript w hich could lead to session hijacking attacks.
Check all cookies sent by the application for a missing 'httpOnly' attribute
Details: Missing httpOnly Cookie Attribute (OID: 1.3.6.1.4.1.25623.1.0.105925)
References
Other: https://w w w .ow asp.org/index.php/HttpOnly
https://w w w .ow asp.org/index.php/Testing_for_cookies_attributes_(OTG-SESS-002)
Medium (CVSS: 4.3)
NVT: OpenSSH Security Bypass Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.806049)
Product detection result: cpe:/a:openbsd:openssh:6.6.1p1 by SSH Server type and version (OID:
1.3.6.1.4.1.25623.1.0.10267)
Summary
This host is running OpenSSH and is prone to security bypass vulnerability.
Installed version: 6.6.1p1
Fixed version:
6.9
Impact
Successful exploitation w ill allow remote attackers to bypass intended access restrictions.
Solution
Upgrade to OpenSSH version 6.9 or later. For updates refer to http://w w w .openssh.com
OpenSSH versions before 6.9
22/tcp
The flaw is due to the refusal deadline w as not checked w ithin the x11_open_helper function.
Details: OpenSSH Security Bypass Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.806049)
Product: cpe:/a:openbsd:openssh:6.6.1p1
Method: SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267)
References
CVE:
CVE-2015-5352
CERT: DFN-CERT-2015-1679 , DFN-CERT-2015-1406 , DFN-CERT-2015-1263 , DFN-CERT-2015-0987

Other: http://openw all.com/lists/oss-security/2015/07/01/10
Low (CVSS: 2.6)
NVT: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091)
general/tcp
Summary
The remote host implements TCP timestamps and therefore allow s to compute the uptime.
It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Paket 1: 14790252
Paket 2: 14790508
Impact
A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Solution
To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute
'sysctl -p' to apply the settings at runtime.
To disable TCP timestamps on W indow s execute 'netsh int tcp set global timestamps=disabled'
Starting w ith W indow s Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is, to not use the Timestamp options w hen
initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in
their synchronize (SYN) segment.
See also: http://w w w .microsoft.com/en-us/dow nload/details.aspx?id=9152
TCP/IPv4 implementations that implement RFC1323.
The remote host implements TCP timestamps, as defined by RFC1323.
Special IP packets are forged and sent w ith a little delay in betw een to the target IP. The responses are
searched for a timestamps. If found, the timestamps are reported.
Details: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091)
References
Other: http://w w w .ietf.org/rfc/rfc1323.txt
Log (CVSS: 0.0)
NVT: CPE Inventory (OID: 1.3.6.1.4.1.25623.1.0.810002)
general/CPE-T
Summary
This routine uses information collected by other routines about CPE identities (http://cpe.mitre.org/) of
operating systems, services and applications detected during the scan.
172.29.99.33|cpe:/a:apache:http_server:2.4.7
172.29.99.33|cpe:/a:php:php:5.5.9
172.29.99.33|cpe:/a:openbsd:openssh:6.6.1p1
172.29.99.33|cpe:/a:phpmyadmin:phpmyadmin
172.29.99.33|cpe:/o:canonical:ubuntu_linux
Log Method
Details: CPE Inventory (OID: 1.3.6.1.4.1.25623.1.0.810002)
Log (CVSS: 0.0)
NVT: ICMP Timestamp Detection (OID: 1.3.6.1.4.1.25623.1.0.103190)
general/icmp
Summary
The remote host responded to an ICMP timestamp request. The Timestamp Reply is an ICMP message
w hich replies to a Timestamp message. It consists of the originating timestamp sent by the sender of the
Timestamp as w ell as a receive timestamp and a transmit timestamp. This information could theoretically be
used to exploit w eak time-based random number generators in other services.
Log Method
Details: ICMP Timestamp Detection (OID: 1.3.6.1.4.1.25623.1.0.103190)
References
CVE:
CVE-1999-0524
CERT: DFN-CERT-2014-0658
Other: http://w w w .ietf.org/rfc/rfc0792.txt
Log (CVSS: 0.0)
NVT: Record route (OID: 1.3.6.1.4.1.25623.1.0.12264)
general/icmp
Summary
This plugin sends packets w ith the 'Record Route' option. It is a complement to traceroute.
Here is the route recorded between 172.29.99.21 and 172.29.99.33 :
172.29.99.33.
172.29.99.33.
Log Method
Details: Record route (OID: 1.3.6.1.4.1.25623.1.0.12264)
Log (CVSS: 7.8)
NVT: 3com sw itch2hub (OID: 1.3.6.1.4.1.25623.1.0.80103)
general/tcp
Summary
The remote host is subject to the sw itch to hub flood attack.
Description : The remote host on the local netw ork seems to be connected through a sw itch w hich can be
turned into a hub w hen flooded by different mac addresses. The theory is to send a lot of packets (>
1000000) to the port of the sw itch w e are connected to, w ith random mac addresses. This turns the sw itch
into learning mode, w here traffic goes everyw here. An attacker may use this flaw in the remote sw itch to
sniff data going to this host
Reference : http://w w w .securitybugw are.org/Other/2041.html
Fake IP address not specified. Skipping this check.
Solution
Lock Mac addresses on each port of the remote sw itch or buy new er sw itch.
Details: 3com sw itch2hub (OID: 1.3.6.1.4.1.25623.1.0.80103)
Log (CVSS: 5.0)
NVT: Easy File Management W eb Server USERID Buffer Overflow Vulnerability (OID:
1.3.6.1.4.1.25623.1.0.805096)
general/tcp
Summary
The host is running Easy File Management W eb Server and is prone to buffer overflow vulnerability.
bannerHTTP/1.1 301 Moved Permanently
Date: Fri, 13 Nov 2015 08:50:49 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.14
Set-Cookie: PHPSESSID=qodnrdba4imh061hpblghss071; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: index.php?action=Login&module=Users
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Impact
Successful exploitation may allow remote attackers to cause the application to crash, creating a denial-ofservice condition.
Solution
No solution or patch is available as of 25th September, 2015. Information regarding this issue w ill updated
once the solution details are available. For updates refer to http://w w w .efssoft.com
Easy File Management W eb Server version 5.6
The flaw is due to an error w hen processing w eb requests and can be exploited to cause a buffer overflow
via an overly long string passed to USERID in a HEAD or GET request.
Send a crafted request via HTTP GET and check w hether it is able to crash or not.
Details: Easy File Management W eb Server USERID Buffer Overflow Vulnerability (OID:
1.3.6.1.4.1.25623.1.0.805096)
References
Other: https://w w w .exploit-db.com/exploits/37808
Log (CVSS: 0.0)
NVT: OS fingerprinting (OID: 1.3.6.1.4.1.25623.1.0.102002)
general/tcp
Summary
This script performs ICMP based OS fingerprinting (as described by Ofir Arkin and Fyodor Yarochkin in
Phrack #57). It can be used to determine remote operating system version.
ICMP based OS fingerprint results: (91% confidence)
Linux Kernel
Log Method
Details: OS fingerprinting (OID: 1.3.6.1.4.1.25623.1.0.102002)
References
Other: http://w w w .phrack.org/issues.html?issue=57&id=7#article
Log (CVSS: 0.0)
NVT: DIRB (NASL w rapper) (OID: 1.3.6.1.4.1.25623.1.0.103079)
Summary
This script uses DIRB to find directories and files on w eb applications via brute forcing.
DIRB could not be found in your system path.
OpenVAS was unable to execute DIRB and to perform the scan you
requested.
Please make sure that DIRB is installed and is
available in the PATH variable defined for your environment.
general/tcp
Log Method
Details: DIRB (NASL w rapper) (OID: 1.3.6.1.4.1.25623.1.0.103079)
Log (CVSS: 0.0)
NVT: arachni (NASL w rapper) (OID: 1.3.6.1.4.1.25623.1.0.110001)
general/tcp
Summary
This plugin uses arachni ruby command line to find w eb security issues.
See the preferences section for arachni options.
Note that OpenVAS is using limited set of arachni options. Therefore, for more complete w eb assessment,
you should use standalone arachni tool for deeper/customized checks.
Arachni could not be found in your system path.
OpenVAS was unable to execute Arachni and to perform the scan you
requested.
Please make sure that Arachni is installed and that arachni is
Log Method
Details: arachni (NASL w rapper) (OID: 1.3.6.1.4.1.25623.1.0.110001)
Log (CVSS: 0.0)
NVT: IP protocols scan (OID: 1.3.6.1.4.1.25623.1.0.14788)
general/tcp
Summary
This plugin detects the protocols understood by the remote IP stack.
The following IP protocols are accepted on this host:
1 ICMP
2 IGMP
6 TCP
17 UDP
103 PIM
136 UDPLite
Log Method
Details: IP protocols scan (OID: 1.3.6.1.4.1.25623.1.0.14788)
References
Other: http://w w w .iana.org/assignments/protocol-numbers
Log (CVSS: 0.0)
NVT: Traceroute (OID: 1.3.6.1.4.1.25623.1.0.51662)
general/tcp
Summary
A traceroute from the scanning server to the target system w as conducted. This traceroute is provided
primarily for informational value only. In the vast majority of cases, it does not represent a vulnerability.
How ever, if the displayed traceroute contains any private addresses that should not have been publicly
visible, then you have an issue you need to correct.
Here is the route from 172.29.99.21 to 172.29.99.33:
172.29.99.21
172.29.99.33
Solution
Block unw anted packets from escaping your netw ork.
Log Method
Details: Traceroute (OID: 1.3.6.1.4.1.25623.1.0.51662)
Log (CVSS: 0.0)
NVT: FTP Banner Detection (OID: 1.3.6.1.4.1.25623.1.0.10092)
Summary
21/tcp
This Plugin detects the FTP Server Banner

Remote FTP server banner :
220 My FTP Server
Log Method
Details: FTP Banner Detection (OID: 1.3.6.1.4.1.25623.1.0.10092)
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
21/tcp
Summary
This plugin attempts to guess w hich service is running on the remote ports. For instance, it searches for a
w eb server w hich could listen on another port than 80 and set the results in the plugins know ledge base.
An FTP server is running on this port.
Here is its banner :
220 My FTP Server
Log Method
Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
Log (CVSS: 0.0)
NVT: SSH Protocol Versions Supported (OID: 1.3.6.1.4.1.25623.1.0.100259)
22/tcp
Summary
Identification of SSH protocol versions supported by the remote SSH Server. Also reads the corresponding
fingerprints from the service.
The follow ing versions are tried: 1.33, 1.5, 1.99 and 2.0
The remote SSH Server supports the following SSH Protocol Versions:
1.99
2.0
Log Method
Details: SSH Protocol Versions Supported (OID: 1.3.6.1.4.1.25623.1.0.100259)
Log (CVSS: 0.0)
NVT: SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267)
22/tcp
Summary
This detects the SSH Server's type and version by connecting to the server and processing the buffer
received.
This information gives potential attackers additional information about the system they are attacking.
Versions and Types should be omitted w here possible.
Detected SSH server version: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
Remote SSH supported authentication: password,publickey
Remote SSH banner:
(not available)
CPE: cpe:/a:openbsd:openssh:6.6.1p1
Concluded from remote connection attempt with credentials:
Login: OpenVAS
Password: OpenVAS
Log Method
Details: SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267)
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
22/tcp
Summary

An ssh server is running on this port
Log Method
Log (CVSS: 0.0)
NVT: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)
80/tcp
Summary
This detects the HTTP Server's type and version.
The remote web server type is :
Apache/2.4.7 (Ubuntu)
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
Solution
Configure your server to use an alternate name like 'W intendo httpD w /Dotmatrix display' Be sure to
remove common logos like apache_pb.gif. W ith Apache, you can set the directive 'ServerTokens Prod' to
limit the information emanating from the server in its response headers.
Log Method
Details: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)
Log (CVSS: 0.0)
NVT: robot(s).txt exists on the W eb Server (OID: 1.3.6.1.4.1.25623.1.0.10302)
80/tcp
Summary
W eb Servers can use a file called /robot(s).txt to ask search engines to ignore certain files and directories.
By nature this file can not be used to protect private files from public read access.
The file 'robots.txt' contains the following:
User-agent: *
Disallow: /
User-agent: Googlebot
Allow: /ical_server.php
Solution
Review the content of the robots file and consider removing the files from the server or protect them in
other w ays in case you actually intended non-public availability.
Any serious w eb search engine w ill honor the /robot(s).txt file and not scan the files and directories listed
there.
Any entries listed in this file are not even hidden anymore.
Log Method
Details: robot(s).txt exists on the W eb Server (OID: 1.3.6.1.4.1.25623.1.0.10302)
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
80/tcp
Summary
A web server is running on this port
Log Method
Log (CVSS: 0.0)
NVT: W eb mirroring (OID: 1.3.6.1.4.1.25623.1.0.10662)
80/tcp
Summary
This script makes a mirror of the remote w eb site and extracts the list of CGIs that are used by the remote
host.
It is suggested you allow a long-enough timeout value for this test routine and also adjust the setting on
the number of pages to mirror.
The following CGI have been discovered :
Syntax : cginame (arguments [default value])
/index.php (module [Users] action [Login] )
Log Method
Details: W eb mirroring (OID: 1.3.6.1.4.1.25623.1.0.10662)
Log (CVSS: 0.0)
NVT: Directory Scanner (OID: 1.3.6.1.4.1.25623.1.0.11032)
80/tcp
Summary
This plugin attempts to determine the presence of various common dirs on the remote w eb server
The following directories were discovered:
/include, /data, /examples, /icons, /install, /javascript, /restricted, /service, /soap, /
upload
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
Log Method
Details: Directory Scanner (OID: 1.3.6.1.4.1.25623.1.0.11032)
References
Other: OW ASP:OW ASP-CM-006
Log (CVSS: 0.0)
NVT: Directories used for CGI Scanning (OID: 1.3.6.1.4.1.25623.1.0.111038)
80/tcp
Summary
The script prints out the directories w hich are used w hen CGI scanning is enabled.
The following directories are used for CGI scanning:
/scripts
/cgi-bin
/upload
/soap
/service
/restricted
/javascript
/install
/icons
/examples
/data
/include
/
Log Method
Details: Directories used for CGI Scanning (OID: 1.3.6.1.4.1.25623.1.0.111038)
Log (CVSS: 0.0)
NVT: Nikto (NASL w rapper) (OID: 1.3.6.1.4.1.25623.1.0.14260)
80/tcp
Summary
This plugin uses nikto(1) to find w eak CGI scripts and other know n issues regarding w eb server security.
See the preferences section for configuration options.
Here is the Nikto report:
- Nikto v2.1.5
--------------------------------------------------------------------------+ Target IP:
172.29.99.33
+ Target Hostname:
172.29.99.33
+ Target Port:
80
+ Start Time:
2015-11-13 08:53:29 (GMT0)
--------------------------------------------------------------------------+ Server: Apache/2.4.7 (Ubuntu)
+ Cookie PHPSESSID created without the httponly flag
+ Retrieved x-powered-by header: PHP/5.5.9-1ubuntu4.14
+ The anti-clickjacking X-Frame-Options header is not present.
+ Root page / redirects to: index.php?action=Login&module=Users
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Server leaks inodes via ETags, header found with file /crossdomain.xml, fields: 0x8c5 0x
4fc73e1e28500
+ /crossdomain.xml contains 0 line which should be manually viewed for improper domains or
wildcards.
+ File/dir '/' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Uncommon header 'x-webdav-status' found, with contents: 401 not authorized
+ "robots.txt" contains 2 entries which should be manually viewed.
+ /config.php: PHP Config file may contain database IDs and passwords.
+ OSVDB-3268: /data/: Directory indexing found.
+ OSVDB-3092: /data/: This might be interesting...
+ OSVDB-3268: /install/: Directory indexing found.
+ OSVDB-3092: /install/: This might be interesting...
+ Cookie phpMyAdmin created without the httponly flag
+ Uncommon header 'x-frame-options' found, with contents: DENY
+ Uncommon header 'x-content-security-policy' found, with contents: default-src 'self' ;op
tions inline-script eval-script;img-src 'self' data: *.tile.openstreetmap.org *.tile.open
cyclemap.org;
+ Uncommon header 'x-ob_mode' found, with contents: 0
+ Uncommon header 'x-webkit-csp' found, with contents: default-src 'self' ;script-src 'sel
f' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: *
.tile.openstreetmap.org *.tile.opencyclemap.org;
+ OSVDB-3268: /restricted/: Directory indexing found.
+ OSVDB-3092: /restricted/: This might be interesting...
+ OSVDB-3268: /service/: Directory indexing found.
+ OSVDB-3092: /service/: This might be interesting...
+ OSVDB-3268: /examples/: Directory indexing found.
+ OSVDB-3092: /install.php: install.php file found.
+ OSVDB-3092: /LICENSE.txt: License file found may identify site software.
+ OSVDB-3233: /icons/README: Apache default file found.
+ /phpmyadmin/: phpMyAdmin directory found
+ 6544 items checked: 0 error(s) and 27 item(s) reported on remote host
+ End Time:
2015-11-13 08:53:52 (GMT0) (23 seconds)
--------------------------------------------------------------------------+ 1 host(s) tested
Log Method
Details: Nikto (NASL w rapper) (OID: 1.3.6.1.4.1.25623.1.0.14260)
Log (CVSS: 0.0)
NVT: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)
80/tcp
Summary
Detection of installed version of PHP.
This script sends HTTP GET request and try to get the version from the responce, and sets the result in KB.
Detected PHP
Version: 5.5.9
Location: tcp/80
CPE: cpe:/a:php:php:5.5.9
Concluded from version identification result:
X-Powered-By: PHP/5.5.9-1ubuntu4.14
Log Method
Details: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)
Log (CVSS: 0.0)
NVT: w apiti (NASL w rapper) (OID: 1.3.6.1.4.1.25623.1.0.80110)
80/tcp
Summary
This plugin uses w apiti to find w eb security issues.
Make sure to have w apiti 2.x as w apiti 1.x is not supported.
See the preferences section for w apiti options.
Note that OpenVAS is using limited set of w apiti options. Therefore, for more complete w eb assessment,
you should use standalone w apiti tool for deeper/customized checks.
wapiti could not be found in your system path.
OpenVAS was unable to execute wapiti and to perform the scan you
requested.
Please make sure that wapiti is installed and that wapiti is

Log Method
Details: w apiti (NASL w rapper) (OID: 1.3.6.1.4.1.25623.1.0.80110)
Log (CVSS: 0.0)
NVT: phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)
80/tcp
Summary
Detection of phpMyAdmin.
The script sends a connection request to the server and attempts to extract the version number from the
reply.
Detected phpMyAdmin
Version: unknown
Location: /phpmyadmin
CPE: cpe:/a:phpmyadmin:phpmyadmin
Log Method
Details: phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)
Log (CVSS: 0.0)
NVT: Apache W eb Server Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900498)
80/tcp
Summary
Detection of installed version of Apache W eb Server
The script detects the version of Apache HTTP Server on remote host and sets the KB.
Detected Apache
Version: 2.4.7
Location: 80/tcp
CPE: cpe:/a:apache:http_server:2.4.7
Concluded from version identification result:
Server: Apache/2.4.7
Log Method
Details: Apache W eb Server Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900498)
Log (CVSS: 0.0)
NVT: Identify unknow n services w ith nmap (OID: 1.3.6.1.4.1.25623.1.0.66286)
111/tcp
Summary
This plugin performs service detection by launching nmap's service probe against ports running unidentified
services.
Description :
This plugin is a complement of find_service.nasl. It launches nmap -sV (probe requests) against ports that
are running unidentified services.
Nmap service detection result for this port: rpcbind
Log Method
Details: Identify unknow n services w ith nmap (OID: 1.3.6.1.4.1.25623.1.0.66286)
Log (CVSS: 0.0)
NVT: Microsoft Remote Desktop Protocol Detection (OID: 1.3.6.1.4.1.25623.1.0.100062)
3389/tcp
Summary
The Microsoft Remote Desktop Protocol (RDP) is running at this host. Remote Desktop Services, formerly
know n as Terminal Services, is one of the components of Microsoft W indow s (both server and client
versions) that allow s a user to access applications and data on a remote computer over a netw ork.
Log Method
Details: Microsoft Remote Desktop Protocol Detection (OID: 1.3.6.1.4.1.25623.1.0.100062)
Log (CVSS: 0.0)
NVT: Identify unknow n services w ith nmap (OID: 1.3.6.1.4.1.25623.1.0.66286)
3389/tcp
Summary
This plugin performs service detection by launching nmap's service probe against ports running unidentified
services.
Description :
This plugin is a complement of find_service.nasl. It launches nmap -sV (probe requests) against ports that
are running unidentified services.
Nmap service detection result for this port: ms-wbt-server
Log Method
Details: Identify unknow n services w ith nmap (OID: 1.3.6.1.4.1.25623.1.0.66286)
This file w as automatically generated.

Scan Report CRM

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Scan Report CRM

Încărcat de

Drepturi de autor:

Formate disponibile

Summary

secu crm mobile

High Medium Low Log False Positive

172.29.99.33 Nov 13, 08:50:31 Nov 13, 09:07:34 7

Results per Host

Port Summary for Host 172.29.99.33

Security Issues for Host 172.29.99.33

CVE-2015-6564, CVE-2015-6563, CVE-2015-5600

Product detection result: cpe:/a:php:php:5.5.9 by PHP Version Detection (OID:

CVE-2015-4148, CVE-2015-4147, CVE-2015-2787, CVE-2015-2348, CVE-2015-2331

73357, 73431, 73434

Product detection result: cpe:/a:php:php:5.5.9 by PHP Version Detection (OID:

CVE-2015-3329, CVE-2015-3307, CVE-2015-2783, CVE-2015-1352

74240, 74239, 74703

Product detection result: cpe:/a:php:php:5.5.9 by PHP Version Detection (OID:

Impact Level: Application

CVE-2015-4026, CVE-2015-4025, CVE-2015-4024, CVE-2015-4022, CVE-2015-4021

75056, 74904, 74903, 74902, 74700

Product detection result: cpe:/a:php:php:5.5.9 by PHP Version Detection (OID:

Product Detection Result

Product detection result: cpe:/a:php:php:5.5.9 by PHP Version Detection (OID:

CERT: DFN-CERT-2015-1514 , DFN-CERT-2015-0794 , DFN-CERT-2015-0579 , DFN-CERT-2015-0487 , DFNCERT-2015-0212

Vulnerability Detection Method

CERT: DFN-CERT-2015-1679 , DFN-CERT-2015-1406 , DFN-CERT-2015-1263 , DFN-CERT-2015-0987

This Plugin detects the FTP Server Banner

Vulnerability Detection Result

available in the PATH variable defined for your environment.

S-ar putea să vă placă și