Sample DRDIS

Dradis
Community Edition v3.11.0

Project notes
In this section you'll find any notes assigned to the Report category.
Project issues
In this section you'll find your project's Issues.
Title
Development configuration file
Severity
medium
Type
informationdisclosure
Impact
These files may disclose sensitive information. This information can be used to launch further attacks.
Description
A configuration file (e.g. Vagrantfile, Gemfile, Rakefile, …) was found in this directory. This file may expose sensitive information that
could help a malicious user to prepare more advanced attacks. It's recommended to remove or restrict access to this type of files
from production systems.
DetailedInformation
n/a
Recommendation
Remove or restrict access to all configuration files acessible from internet.
CVSSVector
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSScore
5.0
CVSS3Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS3Score
3.1
CVSS3TempScore
n/a
CVSS3EnvScore
n/a
CVEList
unimplemented
References
plugin
acunetix
plugin_id
/Scripts/PerFolder/Development_Files.script/Development configuration file
Assets affected by this issue

create_node() invoked by Dradis::Plugins::Acunetix without a :label parameter (1 instance)
Details
Not available in the free trial
Affects
Location Parameter / n/a
AOP
File Line Additional n/a n/a n/a
FalsePositive
n/a
Title
Directory listing
Severity
medium
Type
configuration
Impact
A user can view a list of all files from this directory possibly exposing sensitive information.
Description
The web server is configured to display the list of files contained in this directory. This is not recommended because the directory
may contain files that are not normally exposed through links on the web site.
DetailedInformation
<h5>How to disable directory listings</h5>
The easiest way to disable directory listing is to create an index file. The name of the index file depends on the web server
configuration. On Apache is called index.htm, index.html. On IIS is named default.asp, default.aspx, default.htm.
On IIS directory listings are disabled by default. <li>For Apache you need to edit the Apache configuration file (usually named
httpd.conf) or create an .htaccess file. In the configuration file you will have the definition of the directory. Something like
<code><Directory /directoryname/subdirectory> Options Indexes FollowSymLinks ... </Directory></code>
To disable directory listing for that directory you need to remove the 'Indexes' option. </li>
Recommendation
You should make sure the directory does not contain sensitive information or you may want to restrict directory listings from the web
server configuration.
CVSSVector
CVSSScore
5.0
CVSS3Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS3Score
7.5
CVSS3TempScore
n/a
CVSS3EnvScore
n/a
CVEList
unimplemented
References
Directory Listing and Information Disclosure
http://www.acunetix.com/blog/web-security-zone/directory-listing-information-disclosure/ (http://www.acunetix.com/blog/web-
security-zone/directory-listing-information-disclosure/)
plugin
acunetix
plugin_id
/Scripts/PerFolder/Directory_Listing.script/Directory listing

create_node() invoked by Dradis::Plugins::Acunetix without a :label parameter (41 instances)
Instance 0 Instance 1 Instance 2 Instance 3 Instance 4 Instance 5 Instance 6 Instance 7 Instance 8
Instance 9 Instance 10 Instance 11 Instance 12 Instance 13 Instance 14 Instance 15 Instance 16
Details
Affects
AOP
FalsePositive
n/a
Title
HTML form without CSRF protection
Severity
medium
Type
csrf
Impact
An attacker could use CSRF to trick a victim into accessing a website hosted by the attacker, or clicking a URL containing malicious
or unauthorized requests.
CSRF is a type of 'confused deputy' attack which leverages the authentication and authorization of the victim when the forged
request is being sent to the web server. Therefore, if a CSRF vulnerability could affect highly privileged users such as administrators
full application compromise may be possible.
Description
<div class="bb-coolbox">This alert requires manual confirmation
</div>
Cross-Site Request Forgery (CSRF, or XSRF) is a vulnerability wherein an attacker tricks a victim into making a request the victim did
not intend to make. Therefore, with CSRF, an attacker abuses the trust a web application has with a victim's browser.
Acunetix found an HTML form with no apparent anti-CSRF protection implemented. Consult the 'Attack details' section for more
information about the affected HTML form.
DetailedInformation
During a CSRF attack, the browser is tricked into sending HTTP requests to the web application as intended by the attacker. This
could include submitting forms to alter various forms of data.
Upon sending an HTTP request (legitimate or otherwise), the victim's browser will include the Cookie header. Cookies are typically
used to store a user's session identifier in order to prevent the user from authenticating for each request, which would obviously be
impractical. To such an extent, if the victim's authentication session is stored in a Cookie, and is still valid (a browser window/tab
does not necessarily need to be open), if the application is vulnerable to CSRF, an attacker can leverage CSRF to launch any desired
requests against the website, without the website being able to distinguish whether the requests are legitimate or not. <h5>CSRF in
GET requests</h5> The following is a simple example of how CSRF can be abused in GET requests through the use of the <code>
<img></code> tag.
<img src="http://example.com/changePassword/?newPassword=attackerPassword">
(http://example.com/changePassword/?newPassword=attackerPassword">)
The above is a CSRF attack using an HTTP GET request. If a victim visits a web page controlled by an attacker with the following
payload, the browser will send a request containing the Cookie to the attacker crafted URL. <h5>CSRF in GET requests</h5> GET
requests, however are not the only HTTP method an attacker can abuse. POST requests are equally susceptible to CSRF, however, an
attacker will need to make use of a little bit of JavaScript to submit the POST request. The following is a simple example of how CSRF
can be abused POST requests through the use of an <code><iframe></code> tag. This code would be loaded in an iFrame which is
made invisible to the victim. iFrame
<iframe src="http://attacker.com/csrfAttack" (http://attacker.com/csrfAttack")

style="width:0;height:0;border:0;border:none;"></iframe>
iFrame Contents
<body onload="document.getElementById('csrf').submit()"> <form id="csrf" action="ht

tp://example.com/changePassword" (http://example.com/changePassword") method="POST"> <input name=
"newPassword" value="attackerPassword" /> </form> </body>
Recommendation
Verify if this form requires anti-CSRF protection and implement CSRF countermeasures if necessary.
The recommended and the most widely used technique for preventing CSRF attacks is know as an anti-CSRF token, also sometimes
referred to as a synchronizer token. The characteristics of a well designed anti-CSRF system involve the following attributes.
The anti-CSRF token should be unique for each user session
The session should automatically expire after a suitable amount of time
The anti-CSRF token should be a cryptographically random value of significant length
The anti-CSRF token should be cryptographically secure, that is, generated by a strong Pseudo-Random Number Generator
(PRNG) algorithm
The anti-CSRF token is added as a hidden field for forms, or within URLs (only necessary if GET requests cause state changes,
that is, GET requests are not idempotent)
The server should reject the requested action if the anti-CSRF token fails validation
When a user submits a form or makes some other authenticated request that requires a Cookie, the anti-CSRF token should be
included in the request. Then, the web application will then verify the existence and correctness of this token before processing the
request. If the token is missing or incorrect, the request can be rejected.
CVSSVector
AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSSScore
2.6
CVSS3Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS3Score
4.3
CVSS3TempScore
n/a
CVSS3EnvScore
n/a
CVEList
unimplemented
References
What is Cross Site Reference Forgery (CSRF)?
https://www.acunetix.com/websitesecurity/csrf-attacks/ (https://www.acunetix.com/websitesecurity/csrf-attacks/)
Cross-Site Request Forgery (CSRF) Prevention Cheatsheet

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
(https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet)
The Cross-Site Request Forgery (CSRF/XSRF) FAQ

http://www.cgisecurity.com/csrf-faq.html (http://www.cgisecurity.com/csrf-faq.html)
Cross-site Request Forgery

https://en.wikipedia.org/wiki/Cross-site_request_forgery (https://en.wikipedia.org/wiki/Cross-site_request_forgery)
plugin
acunetix
plugin_id
/Crawler/12-Crawler_Form_NO_CSRF.js/HTML form without CSRF protection

Details
Affects
AOP
FalsePositive
n/a
Title
PHPinfo page found
Severity
medium
Type
Impact
This file may expose sensitive information that may help an malicious user to prepare more advanced attacks.
Description
This script is using phpinfo() function. This function outputs a large amount of information about the current state of PHP. This
includes information about PHP compilation options and extensions, the PHP version, server information and environment (if
compiled as a module), the PHP environment, OS version information, paths, master and local values of configuration options, HTTP
headers, and the PHP License.
DetailedInformation
n/a
Recommendation
Remove the file from production systems.
CVSSVector
CVSSScore
5.0
CVSS3Vector
CVSS3Score
7.5
CVSS3TempScore
n/a
CVSS3EnvScore
n/a
CVEList
unimplemented
References
PHP phpinfo
http://www.php.net/manual/en/function.phpinfo.php (http://www.php.net/manual/en/function.phpinfo.php)
plugin
acunetix
plugin_id
/Scripts/PerFile/Text_Search_File.script/PHPinfo page found

Details
Affects
AOP
FalsePositive
n/a
Title
User credentials are sent in clear text
Severity
medium
Type
sensitivedatanotoverssl
Impact
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.
Description
User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted
channel (HTTPS) to avoid being intercepted by malicious users.
DetailedInformation
n/a
Recommendation
Because user credentials are considered sensitive information, should always be transferred to the server over an encrypted
connection (HTTPS).
CVSSVector
AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:W/RC:C
CVSSScore
5.0
CVSS3Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS3Score
9.1
CVSS3TempScore
n/a
CVSS3EnvScore
n/a
CVEList
unimplemented
References
plugin
acunetix
plugin_id
/Crawler/12-Crawler_User_Credentials_Plain_Text.js/User credentials are sent in clear text

Instance 0 Instance 1 Instance 2
Details
Affects
AOP
FalsePositive
n/a
Title
Vulnerable Javascript library
Severity
medium
Type
n/a
Impact
Consult References for more information.
Description
You are using a vulnerable Javascript library. One or more vulnerabilities were reported for this version of the Javascript library.
Consult Attack details and Web References for more information about the affected library and the vulnerabilities that were reported.
DetailedInformation
n/a
Recommendation
Upgrade to the latest version.
CVSSVector
AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSScore
6.4
CVSS3Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS3Score
6.5
CVSS3TempScore
n/a
CVSS3EnvScore
n/a
CVEList
unimplemented
References
plugin
acunetix
plugin_id
/Scripts/PerFile/Javascript_Libraries_Audit.script/Vulnerable Javascript library

Instance 0 Instance 1 Instance 2
Details
Affects
AOP
FalsePositive
n/a
Title
Clickjacking: X-Frame-Options header missing
Severity
low
Type
abuseoffunctionality
Impact
The impact depends on the affected web application.
Description
Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into
clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information
or taking control of their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-
Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page inside a
frame or iframe. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.
DetailedInformation
n/a
Recommendation
Configure your web server to include an X-Frame-Options header. Consult Web references for more information about the possible
values for this header.
CVSSVector
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSScore
6.8
CVSS3Vector
n/a
CVSS3Score
n/a
CVSS3TempScore
n/a
CVSS3EnvScore
n/a
CVEList
unimplemented
References
The X-Frame-Options response header
https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options (https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options)
Clickjacking
http://en.wikipedia.org/wiki/Clickjacking (http://en.wikipedia.org/wiki/Clickjacking)
OWASP Clickjacking
https://www.owasp.org/index.php/Clickjacking (https://www.owasp.org/index.php/Clickjacking)
Defending with Content Security Policy frame-ancestors directive

https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet#Defending_with_Content_Security_Policy_frame-
ancestors_directive
(https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet#Defending_with_Content_Security_Policy_frame-
ancestors_directive)
Frame Buster Buster

http://stackoverflow.com/questions/958997/frame-buster-buster-buster-code-needed
(http://stackoverflow.com/questions/958997/frame-buster-buster-buster-code-needed)
plugin
acunetix
plugin_id
/Scripts/PerServer/Clickjacking_X_Frame_Options.script/Clickjacking: X-Frame-Options header missing

Details
Affects
AOP
FalsePositive
n/a
Title
OPTIONS method is enabled
Severity
low
Type
configuration
Impact
The OPTIONS method may expose sensitive information that may help an malicious user to prepare more advanced attacks.
Description
HTTP OPTIONS method is enabled on this web server. The OPTIONS method provides a list of the methods that are supported by the
web server, it represents a request for information about the communication options available on the request/response chain
identified by the Request-URI.
DetailedInformation
n/a
Recommendation
It's recommended to disable OPTIONS Method on the web server.
CVSSVector
CVSSScore
5.0
CVSS3Vector
CVSS3Score
7.5
CVSS3TempScore
n/a
CVSS3EnvScore
n/a
CVEList
unimplemented
References
Testing for HTTP Methods and XST (OWASP-CM-008)
https://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_(OWASP-CM-008)
(https://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_(OWASP-CM-008))
plugin
acunetix
plugin_id
/Scripts/PerServer/Options_Server_Method.script/OPTIONS method is enabled

Details
Affects
AOP
FalsePositive
n/a
Title
Possible sensitive directories
Severity
low
Type
Impact
This directory may expose sensitive information that could help a malicious user to prepare more advanced attacks.
Description
A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks for common
sensitive resources like backup directories, database dumps, administration pages, temporary directories. Each one of these
directories could help an attacker to learn more about his target.
DetailedInformation
n/a
Recommendation
Restrict access to this directory or remove it from the website.
CVSSVector
CVSSScore
5.0
CVSS3Vector
CVSS3Score
7.5
CVSS3TempScore
n/a
CVSS3EnvScore
n/a
CVEList
unimplemented
References
Web Server Security and Database Server Security
http://www.acunetix.com/websitesecurity/webserver-security/ (http://www.acunetix.com/websitesecurity/webserver-security/)
plugin
acunetix
plugin_id
/Scripts/PerFolder/Possible_Sensitive_Directories.script/Possible sensitive directories

Instance 0 Instance 1 Instance 2 Instance 3 Instance 4 Instance 5 Instance 6 Instance 7 Instance 8
Instance 9 Instance 10 Instance 11 Instance 12 Instance 13 Instance 14 Instance 15
Details
Affects
AOP
FalsePositive
n/a
Title
TRACE method is enabled
Severity
low
Type
configuration
Impact
Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication
data.
Description
HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive
header information could be read from any domains that support the HTTP TRACE method.
DetailedInformation
n/a
Recommendation
Disable TRACE Method on the web server.
CVSSVector
AV:N/AC:L/Au:N/C:N/I:N/A:N
CVSSScore
0.0
CVSS3Vector
n/a
CVSS3Score
n/a
CVSS3TempScore
n/a
CVSS3EnvScore
n/a
CVEList
unimplemented
References
W3C – RFC 2616
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html (http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html)
US-CERT VU#867593
http://www.kb.cert.org/vuls/id/867593 (http://www.kb.cert.org/vuls/id/867593)
Cross-site tracing (XST)

http://www.cgisecurity.com/lib/WH-WhitePaper_XST_ebook.pdf (http://www.cgisecurity.com/lib/WH-WhitePaper_XST_ebook.pdf)
plugin
acunetix
plugin_id
/Scripts/PerServer/Track_Trace_Server_Methods.script/TRACE method is enabled

Details
Affects
AOP
FalsePositive
n/a
Title
Content Security Policy (CSP) not implemented
Severity
informational
Type
configuration
Impact
CSP can be used to prevent and/or mitigate attacks that involve content/code injection, such as cross-site scripting/XSS attacks,
attacks that require embedding a malicious resource, attacks that involve malicious use of iframes, such as clickjacking attacks, and
others.
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross
Site Scripting (XSS) and data injection attacks.
Content Security Policy (CSP) can be implemented by adding a Content-Security-Policy header. The value of this header is a string
containing the policy directives describing your Content Security Policy. To implement CSP, you should define lists of allowed origins
for the all of the types of resources that your site utilizes. For example, if you have a simple site that needs to load scripts,
stylesheets, and images hosted locally, as well as from the jQuery library from their CDN, the CSP header could look like the
following:
<code>
Content-Security-Policy:
default-src 'self';
script-src 'self' https://code.jquery.com; (https://code.jquery.com;/)
</code>
It was detected that your web application doesn't implement Content Security Policy (CSP) as the CSP header is missing from the
response. It's recommended to implement Content Security Policy (CSP) into your web application.
DetailedInformation
n/a
Recommendation
It's recommended to implement Content Security Policy (CSP) into your web application. Configuring Content Security Policy involves
adding the Content-Security-Policy HTTP header to a web page and giving it values to control resources the user agent is allowed
to load for that page.
CVSSVector
CVSSScore
0.0
CVSS3Vector
n/a
CVSS3Score
n/a
CVSS3TempScore
n/a
CVSS3EnvScore
n/a
CVEList
unimplemented
References
Content Security Policy (CSP)
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP (https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)
Implementing Content Security Policy

https://hacks.mozilla.org/2016/02/implementing-content-security-policy/ (https://hacks.mozilla.org/2016/02/implementing-content-
security-policy/)
plugin
acunetix
plugin_id
/httpdata/CSP_not_implemented.js/Content Security Policy (CSP) not implemented

Details
Affects
AOP
FalsePositive
n/a
Title
Password type input with auto-complete enabled
Severity
informational
Type
Impact
Possible sensitive information disclosure.
Description
When a new name and password is entered in a form and the form is submitted, the browser asks if the password should be
saved.Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the name is
entered. An attacker with local access could obtain the cleartext password from the browser cache.
DetailedInformation
n/a
Recommendation
The password auto-complete should be disabled in sensitive applications.
To disable auto-complete, you may use a code similar to:
<code><INPUT TYPE="password" AUTOCOMPLETE="off"></code>
CVSSVector
CVSSScore
0.0
CVSS3Vector
CVSS3Score
7.5
CVSS3TempScore
n/a
CVSS3EnvScore
n/a
CVEList
unimplemented
References
plugin
acunetix
plugin_id
/Crawler/12-Crawler_Password_Input_Autocomplete.js/Password type input with auto-complete enabled

Details
Affects
AOP
FalsePositive
n/a
Title
Possible internal IP address disclosure
Severity
informational
Type
Impact
Description
A string matching an internal IPv4 address was found on this page. This may disclose information about the IP addressing scheme of
the internal network. This information can be used to conduct further attacks.
<div class="bb-coolbox">This alert may be a false positive, manual confirmation is required.

</div>
DetailedInformation
n/a
Recommendation
Prevent this information from being displayed to the user.
CVSSVector
CVSSScore
5.0
CVSS3Vector
CVSS3Score
7.5
CVSS3TempScore
n/a
CVSS3EnvScore
n/a
CVEList
unimplemented
References
plugin
acunetix
plugin_id
/Scripts/PerFile/Text_Search_File.script/Possible internal IP address disclosure

Instance 0 Instance 1
Details
Affects
AOP
FalsePositive
n/a
Title
Possible internal IP address disclosure
Severity
informational
Type
Impact
Description
A string matching an internal IPv4 address was found on this page. This may disclose information about the IP addressing scheme of
the internal network. This information can be used to conduct further attacks.

</div>
DetailedInformation
n/a
Recommendation
CVSSVector
CVSSScore
5.0
CVSS3Vector
CVSS3Score
7.5
CVSS3TempScore
n/a
CVSS3EnvScore
n/a
CVEList
unimplemented
References
plugin
acunetix
plugin_id
/Scripts/PerFolder/Text_Search_Dir.script/Possible internal IP address disclosure

Details
Affects
AOP
FalsePositive
n/a
Title
Possible server path disclosure (Unix)
Severity
informational
Type
Impact
Description
One or more fully qualified path names were found on this page. From this information the attacker may learn the file system
structure from the web server. This information can be used to conduct further attacks.

</div>
DetailedInformation
n/a
Recommendation
CVSSVector
CVSSScore
5.0
CVSS3Vector
CVSS3Score
7.5
CVSS3TempScore
n/a
CVSS3EnvScore
n/a
CVEList
unimplemented
References
Full Path Disclosure
https://www.owasp.org/index.php/Full_Path_Disclosure (https://www.owasp.org/index.php/Full_Path_Disclosure)
plugin
acunetix
plugin_id
/Scripts/PerFile/Text_Search_File.script/Possible server path disclosure (Unix)

Details
Affects
AOP
FalsePositive
n/a
Title
OS End Of Life Detection
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
CVSS Vector: Field cvss_base_vector not recognized by the plugin
BID:
Other:
RawDescription
(note that some of the information below can change from instance to instance of this problem)
The "FreeBSD" Operating System on the remote host has reached the end of life.
CPE: cpe:/o:freebsd:freebsd:11.1
Installed version,
build or SP: 11.1
EOL date: 2018-09-30
EOL info: https://www.freebsd.org/security/unsupported.html (https://www.freebsd.org/security/unsupported.html)
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.103674

192.168.13.105 (1 instance)
Port
general/tcp
Description
The "FreeBSD" Operating System on the remote host has reached the end of life.
CPE: cpe:/o:freebsd:freebsd:11.1
Installed version,
build or SP: 11.1
EOL date: 2018-09-30
EOL info: https://www.freebsd.org/security/unsupported.html (https://www.freebsd.org/security/unsupported.html)
Title
PHP Multiple Vulnerabilities – Dec18 (Linux)
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
Installed version: 7.1.24
Fixed version: 7.1.25
Installation
path / port: 80/tcp
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.108507

192.168.13.105 (1 instance)
Port
80/tcp
Description
Installation
path / port: 80/tcp
Title
OpenSSH Denial of Service And User Enumeration Vulnerabilities (Linux)
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
Installed version: 7.2
Fixed version: 7.3
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.809154

192.168.13.105 (1 instance)
Port
22/tcp
Description
Fixed version: 7.3
Title
OpenSSH Multiple Vulnerabilities Jan17 (Linux)
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
Fixed version: 7.4
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.8103256

192.168.13.105 (1 instance)
Port
22/tcp
Description
Fixed version: 7.4
Title
PHP Multiple Vulnerabilities – Feb19 (Linux)
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
Installation
path / port: 80/tcp
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.142048

192.168.13.105 (1 instance)
Port
80/tcp
Description
Installation
path / port: 80/tcp
Title
Drupal Multiple Vulnerabilities (SA-CORE-2019-001/SA-CORE-2019-002) (Linux)
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
Installed version: 7
Fixed version: 7.62
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.141891

192.168.13.105 (1 instance)
Port
80/tcp
Description
Fixed version: 7.62
Title
Drupal Core Critical Remote Code Execution Vulnerability (SA-CORE-2018-002) (Linux, Version Check)
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
Fixed version: Upgrade to 7.58
Installation
path / port: /drupal
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.812584

192.168.13.105 (1 instance)
Port
80/tcp
Description
Fixed version: Upgrade to 7.58
Installation
path / port: /drupal
Title
OpenSSH Privilege Escalation Vulnerability – May16
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
Fixed version: 7.2p2-3
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.807574

192.168.13.105 (1 instance)
Port
22/tcp
Description
Fixed version: 7.2p2-3
Title
Anonymous FTP Login Reporting
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
It was possible to login to the remote FTP service with the following anonymous account(s):
anonymous:anonymous@example.com (mailto:anonymous@example.com)
Here are the contents of the remote FTP directory listing:
Account "anonymous":
drwxrwxrwx 2 www www 512 Nov 30 09:57 temp
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.900600

192.168.13.105 (1 instance)
Port
21/tcp
Description
It was possible to login to the remote FTP service with the following anonymous account(s):
anonymous:anonymous@example.com (mailto:anonymous@example.com)
Here are the contents of the remote FTP directory listing:
Account "anonymous":
drwxrwxrwx 2 www www 512 Nov 30 09:57 temp
Title
HTTP Debugging Methods (TRACE/TRACK) Enabled
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
The web server has the following HTTP methods enabled: TRACE
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.11213

192.168.13.105 (1 instance)
Port
80/tcp
Description
The web server has the following HTTP methods enabled: TRACE
Title
Oracle MySQL 5.6.x < 5.6.42, 5.7.x < 5.7.24, 8.0.x < 8.0.13 Security Update (2019-5072801) Linux
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
Fixed version: Apply the patch
Installation
path / port: 3306/tcp
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.112488

192.168.13.105 (1 instance)
Port
3306/tcp
Description
Fixed version: Apply the patch
Installation
path / port: 3306/tcp
Title
OpenSSH <= 7.2p1 – Xauth Injection
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
Fixed version: 7.2p2
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.105581

192.168.13.105 (1 instance)
Port
22/tcp
Description
Fixed version: 7.2p2
Title
OpenSSH User Enumeration Vulnerability-Aug18 (Linux)
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
Fixed version: 7.8
Installation
path / port: 22/tcp
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.813864

192.168.13.105 (1 instance)
Port
22/tcp
Description
Fixed version: 7.8
Installation
path / port: 22/tcp
Title
Apache HTTP Server < 2.4.38 HTTP/2 DoS Vulnerability (Linux)
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.141966

192.168.13.105 (1 instance)
Port
general/tcp
Description
Title
PHP Memory Disclosure Vulnerability (Linux)
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
Installation
path / port: 80/tcp
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.142046

192.168.13.105 (1 instance)
Port
80/tcp
Description
Installation
path / port: 80/tcp
Title
PHP 'CVE-2018-19935' – 'imap_mail' Denial of Service Vulnerability (Linux)
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
Installation
path / port: 80/tcp
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.108505

192.168.13.105 (1 instance)
Port
80/tcp
Description
Installation
path / port: 80/tcp
Title
Apache HTTP Server < 2.4.38 mod_session_cookie Vulnerability (Linux)
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.141964

192.168.13.105 (1 instance)
Port
general/tcp
Description
Title
FTP Writeable Directories
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
- /30 09:57 temp
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.19782

192.168.13.105 (1 instance)
Port
21/tcp
Description
- /30 09:57 temp
Title
OpenSSH 'auth2-gss.c' User Enumeration Vulnerability (Linux)
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
Fixed version: NoneAvailable
Installation
path / port: 22/tcp
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.813888

192.168.13.105 (1 instance)
Port
22/tcp
Description
Fixed version: NoneAvailable
Installation
path / port: 22/tcp
Title
Enabled Directory Listing Detection
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
The following directories with an enabled directory listing were identified:
http://192.168.13.105/mail (http://192.168.13.105/mail)
Please review the content manually.
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.111074

192.168.13.105 (1 instance)
Port
80/tcp
Description
The following directories with an enabled directory listing were identified:
http://192.168.13.105/mail (http://192.168.13.105/mail)
Please review the content manually.
Title
OpenSSH 'sftp-server' Security Bypass Vulnerability (Linux)
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
Fixed version: 7.6
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.812051

192.168.13.105 (1 instance)
Port
22/tcp
Description
Fixed version: 7.6
Title
FTP Unencrypted Cleartext Login
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):
Anonymous sessions: 331 Anonymous login ok, send your complete email address as your password
Non-anonymous sessions: 331 Password required for openvas-vt
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.108528

192.168.13.105 (1 instance)
Port
21/tcp
Description
The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):
Anonymous sessions: 331 Anonymous login ok, send your complete email address as your password
Non-anonymous sessions: 331 Password required for openvas-vt
Title
Cleartext Transmission of Sensitive Information via HTTP
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
The following input fields where identified (URL:input name):
http://192.168.13.105/drupal/:pass (http://192.168.13.105/drupal/:pass)
http://192.168.13.105/drupal/?D=A:pass (http://192.168.13.105/drupal/?D=A:pass)
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.108440

192.168.13.105 (1 instance)
Port
80/tcp
Description
The following input fields where identified (URL:input name):
http://192.168.13.105/drupal/:pass (http://192.168.13.105/drupal/:pass)
http://192.168.13.105/drupal/?D=A:pass (http://192.168.13.105/drupal/?D=A:pass)
Title
SSH Weak Encryption Algorithms Supported
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
The following weak client-to-server encryption algorithms are supported by the remote service:
aes128-cbc
aes192-cbc
aes256-cbc
The following weak server-to-client encryption algorithms are supported by the remote service:
aes128-cbc
aes192-cbc
aes256-cbc
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.105611

192.168.13.105 (1 instance)
Port
22/tcp
Description
The following weak client-to-server encryption algorithms are supported by the remote service:
aes128-cbc
aes192-cbc
aes256-cbc
The following weak server-to-client encryption algorithms are supported by the remote service:
aes128-cbc
aes192-cbc
aes256-cbc
Title
Oracle MySQL Backronym Vulnerability June16 (Linux)
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.808064

192.168.13.105 (1 instance)
Port
3306/tcp
Description
Title
TCP timestamps
CVSSv2
AffectedSoftware
n/a
Description
n/a
Recommendation
n/a
References
CVE:
BID:
Other:
RawDescription
It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:

Packet 1: 834118977
Packet 2: 3986748199
plugin
open_vas
plugin_id
1.3.6.1.4.1.25623.1.0.80091

192.168.13.105 (1 instance)
Port
general/tcp
Description
It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:

Packet 1: 834118977
Packet 2: 3986748199
Dradis Community Edition v3.11.0 - http://dradisframework.org (http://dradisframework.org/)

Sample DRDIS

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Sample DRDIS

Încărcat de

Drepturi de autor:

Formate disponibile

Dradis

Community Edition v3.11.0

Assets affected by this issue

&lt;code&gt;&lt;Directory /directoryname/subdirectory&gt; Options Indexes FollowSymLinks ... &lt;/Directory&gt;&lt;/code&gt;

Assets affected by this issue

Instance 0 Instance 1 Instance 2 Instance 3 Instance 4 Instance 5 Instance 6 Instance 7 Instance 8

Instance 9 Instance 10 Instance 11 Instance 12 Instance 13 Instance 14 Instance 15 Instance 16

Instance 17 Instance 18 Instance 19 Instance 20 Instance 21 Instance 22 Instance 23 Instance 24

Instance 25 Instance 26 Instance 27 Instance 28 Instance 29 Instance 30 Instance 31 Instance 32

Instance 33 Instance 34 Instance 35 Instance 36 Instance 37 Instance 38 Instance 39 Instance 40

&lt;iframe src=&quot;http://attacker.com/csrfAttack&quot; (http://attacker.com/csrfAttack&quot;)

&lt;body onload=&quot;document.getElementById(&#39;csrf&#39;).submit()&quot;&gt; &lt;form id=&quot;csrf&quot; action=&quot;ht

The anti-CSRF token should be unique for each user session

The session should automatically expire after a suitable amount of time

The anti-CSRF token should be a cryptographically random value of significant length

Cross-Site Request Forgery (CSRF) Prevention Cheatsheet

The Cross-Site Request Forgery (CSRF/XSRF) FAQ

Cross-site Request Forgery

Assets affected by this issue

Assets affected by this issue

Assets affected by this issue

Instance 0 Instance 1 Instance 2

Assets affected by this issue

Instance 0 Instance 1 Instance 2

Defending with Content Security Policy frame-ancestors directive

Frame Buster Buster

Assets affected by this issue

Assets affected by this issue

Assets affected by this issue

Instance 0 Instance 1 Instance 2 Instance 3 Instance 4 Instance 5 Instance 6 Instance 7 Instance 8

Instance 9 Instance 10 Instance 11 Instance 12 Instance 13 Instance 14 Instance 15

Cross-site tracing (XST)

Assets affected by this issue

Implementing Content Security Policy

Assets affected by this issue

&lt;code&gt;&lt;INPUT TYPE=&quot;password&quot; AUTOCOMPLETE=&quot;off&quot;&gt;&lt;/code&gt;

Assets affected by this issue

<div class="bb-coolbox">This alert may be a false positive, manual confirmation is required.

Assets affected by this issue

<div class="bb-coolbox">This alert may be a false positive, manual confirmation is required.

Assets affected by this issue

<div class="bb-coolbox">This alert may be a false positive, manual confirmation is required.

Assets affected by this issue

Assets affected by this issue

Assets affected by this issue

Assets affected by this issue

Assets affected by this issue

Assets affected by this issue

Assets affected by this issue

Assets affected by this issue

Assets affected by this issue

Here are the contents of the remote FTP directory listing:

drwxrwxrwx 2 www www 512 Nov 30 09:57 temp

Assets affected by this issue

Here are the contents of the remote FTP directory listing:

drwxrwxrwx 2 www www 512 Nov 30 09:57 temp

Assets affected by this issue

Assets affected by this issue

Assets affected by this issue

Assets affected by this issue

Assets affected by this issue

Assets affected by this issue

Assets affected by this issue

<code><Directory /directoryname/subdirectory> Options Indexes FollowSymLinks ... </Directory></code>

<iframe src="http://attacker.com/csrfAttack" (http://attacker.com/csrfAttack")

<body onload="document.getElementById('csrf').submit()"> <form id="csrf" action="ht

<code><INPUT TYPE="password" AUTOCOMPLETE="off"></code>