Documente Academic
Documente Profesional
Documente Cultură
Table Of Contents
Vulnerabilities By Host......................................................................................................... 4
151.2.10.191................................................................................................................................................................ 5
Vulnerabilities By Plugin.....................................................................................................30
41028 (1) - SNMP Agent Default Community Name (public)...................................................................................31 58089 (1) - Oracle GlassFish Server 2.1.1 < 2.1.1.14 / 3.0.1 < 3.0.1.4 / 3.1.1 < 3.1.1.1 Web Container Component
Unspecified Vulnerability............................................................................................................................................. 32
11213 (1) - HTTP TRACE / TRACK Methods Allowed............................................................................................ 33 12218 (1) - mDNS Detection.................................................................................................................................... 35 58090 (1) - Oracle GlassFish Server 2.1.1 < 2.1.1.15 / 3.0.1 < 3.0.1.5 / 3.1.1 < 3.1.1.2 Hash Collision Denial of
Service......................................................................................................................................................................... 36
10407 (1) - X Server Detection................................................................................................................................ 37 57803 (1) - Oracle GlassFish Server 2.1.1 < 2.1.1 Patch15 Administration Component Unspecified
Vulnerability................................................................................................................................................................. 38
11219 (11) - Nessus SYN scanner...........................................................................................................................39 22964 (6) - Service Detection...................................................................................................................................40 11111 (4) - RPC Services Enumeration................................................................................................................... 41 10107 (2) - HTTP Server Type and Version............................................................................................................ 42 24260 (2) - HyperText Transfer Protocol (HTTP) Information.................................................................................. 43 10114 (1) - ICMP Timestamp Request Remote Date Disclosure.............................................................................44 10223 (1) - RPC portmapper Service Detection.......................................................................................................45 10267 (1) - SSH Server Type and Version Information........................................................................................... 46 10287 (1) - Traceroute Information...........................................................................................................................47 10342 (1) - VNC Software Detection........................................................................................................................48 10386 (1) - Web Server No 404 Error Code Check.................................................................................................49 10550 (1) - SNMP Query Running Process List Disclosure.....................................................................................50 10551 (1) - SNMP Request Network Interfaces Enumeration..................................................................................51 10758 (1) - VNC HTTP Server Detection.................................................................................................................52 10800 (1) - SNMP Query System Information Disclosure........................................................................................53 10881 (1) - SSH Protocol Versions Supported.........................................................................................................54 11936 (1) - OS Identification.....................................................................................................................................55 14773 (1) - Service Detection: 3 ASCII Digit Code Responses............................................................................... 56 19288 (1) - VNC Server Security Type Detection.................................................................................................... 57 19506 (1) - Nessus Scan Information.......................................................................................................................58 19763 (1) - SNMP Query Installed Software Disclosure.......................................................................................... 59 20094 (1) - VMware Virtual Machine Detection........................................................................................................60 25220 (1) - TCP/IP Timestamps Supported............................................................................................................. 61 34022 (1) - SNMP Query Routing Information Disclosure....................................................................................... 62 35296 (1) - SNMP Protocol Version Detection.........................................................................................................63 35716 (1) - Ethernet Card Manufacturer Detection.................................................................................................. 64 39520 (1) - Backported Security Patch Detection (SSH)......................................................................................... 65 40448 (1) - SNMP Supported Protocols Detection...................................................................................................66 43111 (1) - HTTP Methods Allowed (per directory)................................................................................................. 67 45590 (1) - Common Platform Enumeration (CPE)..................................................................................................68 53335 (1) - RPC portmapper (TCP)......................................................................................................................... 69 54615 (1) - Device Type........................................................................................................................................... 70
151.2.10.191.............................................................................................................................................................. 73
Vulnerabilities By Host
Host Information
IP: MAC Address: OS: 151.2.10.191 00:50:56:b5:66:30 00:0c:29:b2:08:6f Linux Kernel 2.6.18-164.el5
Results Summary
Critical 0 High 2 Medium 3 Low 2 Info 53 Total 60
Results Details 0/icmp 10114 - ICMP Timestamp Request Remote Date Disclosure Synopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine. This may help an attacker to defeat all time-based authentication protocols.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
References
CVE XREF XREF CVE-1999-0524 OSVDB:94 CWE:200
Ports icmp/0
The difference between the local and remote clocks is -65 seconds.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Description
According to the MAC address of its network adapter, the remote host is a VMware virtual machine. Since it is physically accessible through the network, ensure that its configuration matches your organization's security policy.
Solution
n/a
Risk Factor
None
Description
Each ethernet MAC address starts with a 24-bit 'Organizationally Unique Identifier'. These OUI are registered by IEEE.
See Also
http://standards.ieee.org/faqs/OUI.html http://standards.ieee.org/regauth/oui/index.shtml
Solution
n/a
Risk Factor
None
Ports tcp/0
The following card manufacturers were identified : 00:50:56:b5:66:30 : VMware, Inc. 00:0c:29:b2:08:6f : VMware, Inc.
Description
Using a combination of remote probes, (TCP/IP, SMB, HTTP, NTP, SNMP, etc...) it is possible to guess the name of the remote operating system in use, and sometimes its version.
Solution
n/a
Risk Factor
None
Ports tcp/0
Remote operating system : Linux Kernel 2.6.18-164.el5
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Ports tcp/0
Remote device type : general-purpose Confidence level : 98
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host. Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
http://cpe.mitre.org/
Solution
n/a
Risk Factor
None
Ports tcp/0
The remote operating system matched the following CPE : cpe:/o:linux:linux_kernel:2.6.18.164 Following application CPE matched on the remote system : cpe:/a:openbsd:openssh:4.3 -> OpenBSD OpenSSH 4.3
Description
This script displays, for each tested host, information about the scan itself : - The version of the plugin set - The type of plugin feed (HomeFeed or ProfessionalFeed) - The version of the Nessus Engine - The port scanner(s) used - The port range scanned - Whether credentialed or third-party patch management checks are possible
- The date of the scan - The duration of the scan - The number of hosts scanned in parallel - The number of checks done in parallel
Solution
n/a
Risk Factor
None
Ports tcp/0
Information about this scan : Nessus version : 5.0.0 Plugin feed version : 201203180336 Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 10.20.84.74 Port scanner(s) : nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : no Patch management checks : None CGI scanning : disabled Web application tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : Detected Scan Start Date : 2012/3/21 16:20 Scan duration : 126 sec
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Ports udp/0
For your information, here is the traceroute from 10.20.84.74 to 151.2.10.191 : 10.20.84.74 10.20.84.1 151.2.10.191
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scanners are less intrusive than TCP (full connect) scanners against broken services, but they might kill lame misconfigured firewalls. They might also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Ports tcp/22
Port 22/tcp was found to be open
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Ports tcp/22
An SSH server is running on this port.
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication request.
Solution
n/a
Risk Factor
None
Ports tcp/22
SSH version : SSH-2.0-OpenSSH_4.3 SSH supported authentication : publickey,gssapi-with-mic,password
Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Solution
n/a
Risk Factor
None
Ports tcp/22
The remote SSH daemon supports the following versions of the SSH protocol : - 1.99 - 2.0
Description
Security patches may have been 'backported' to the remote SSH server without changing its version number. Banner-based checks have been disabled to avoid false positives. Note that this test is informational only and does not denote any security problem.
See Also
http://www.nessus.org/u?d636c8c7
Solution
N/A
Risk Factor
None
Ports tcp/22
Give Nessus credentials to perform local checks.
Description
The RPC portmapper is running on this port. The portmapper allows someone to get the port number of each RPC service running on the remote host by sending either multiple lookup requests or a DUMP request.
Solution
n/a
Risk Factor
None
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scanners are less intrusive than TCP (full connect) scanners against broken services, but they might kill lame misconfigured firewalls. They might also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Ports 10
tcp/111
Port 111/tcp was found to be open
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
Ports tcp/111
The following RPC services are available on TCP port 111 : - program: 100000 (portmapper), version: 2
Description
The RPC portmapper is running on this port. The portmapper allows someone to get the port number of each RPC service running on the remote host by sending either multiple lookup requests or a DUMP request.
Solution
n/a
Risk Factor
None
References
CVE CVE-1999-0632
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
Ports udp/111
The following RPC services are available on UDP port 111 :
11
Description
It is possible to obtain the default community name of the remote SNMP server. An attacker may use this information to gain more knowledge about the remote host, or to change the configuration of the remote system (if the default community allows such modifications).
Solution
Disable the SNMP service on the remote host if you do not use it. Either filter incoming UDP packets going to this port, or change the default community string.
Risk Factor
High
References
BID CVE XREF 2112 CVE-1999-0517 OSVDB:209
Ports udp/161
The remote SNMP server replies to the following default community string : public
Description
By sending an SNMP 'get-next-request', it is possible to determine the protocol version of the remote SNMP agent.
See Also
http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port.
Risk Factor
None
Ports udp/161
Nessus has negotiated SNMP communications at SNMPv2c.
Description
12
Extend the SNMP settings data already gathered by testing for\ SNMP versions other than the highest negotiated.
Solution
n/a
Risk Factor
None
Ports udp/161
This host supports SNMP version SNMPv1. This host supports SNMP version SNMPv2c.
Description
It is possible to obtain the list of the network interfaces installed on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.2.1.0 An attacker may use this information to gain more knowledge about the target host.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port.
Risk Factor
None
Ports udp/161
Interface 1 information : ifIndex : 1 ifDescr : lo ifPhysAddress :
Description
It is possible to obtain the routing information on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.4.21 An attacker may use this information to gain more knowledge about the network topology.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port.
Risk Factor
13
None
Ports udp/161
80.0.0.0/255.255.0.0 151.2.0.0/255.255.0.0 169.254.0.0/255.255.0.0
Description
It is possible to obtain the list of installed software on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.25.6.3.1.2 An attacker may use this information to gain more knowledge about the target host.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port.
Risk Factor
None
Ports udp/161
tzdata-2009k-1.el5 xkeyboard-config-0.8-9.el5 man-pages-2.39-12.el5 mktemp-1.5-23.2.2 libusb-0.1.12-5.1 ncurses-5.5-24.20060715 freetype-2.2.1-21.el5_3 popt-1.10.2.3-18.el5 libogg-1.1.3-3.el5 libidn-0.6.5-1.1 tcl-8.4.13-4.el5 less-394-6.el5 gstreamer-tools-0.10.20-3.el5 mailx-8.1.1-44.2.2 libSM-1.0.1-3.1 tcl-8.4.13-4.el5 bzip2-1.0.3-4.el5_2 pcsc-lite-libs-1.4.4-0.1.el5 vim-common-7.0.109-6.el5 cdparanoia-libs-alpha9.8-27.2 libieee1284-0.2.9-4.el5 libdrm-2.0.2-1.1 cyrus-sasl-plain-2.1.22-5.el5 libxslt-1.1.17-2.el5_2.2 libtheora-1.0alpha7-1 udftools-1.0.0b3-0.1.el5 cpuspeed-1.2.1-8.el5 libaio-0.3.106-3.2 tree-1.5.0-4 setserial-2.17-19.2.2 aspell-0.60.3-7.1 mozldap-6.0.5-1.el5 numactl-0.9.8-8.el5 gdbm-1.8.0-26.2.1 libXext-1.0.1-2.1 libXaw-1.0.2-8.1 xorg-x11-xauth-1.0.1-2.1 xorg-x11-server-utils-7.1-4.fc6 tclx-8.4.0-5.fc6 giflib-4.1.3-7.1.el5_3.1 libXrender-0.9.1-3.1 libXinerama-1.0.1-2.1 libXevie-1.0.1-3.1 psmisc-22.2-7
14
Description
It is possible to obtain the list of running processes on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.25.4.2.1.2 An attacker may use this information to gain more knowledge about the target host.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port.
Risk Factor
None
Ports udp/161
PID CPU 1 7 2 6 3 0 4 4 5 0 6 223 7 0 8 0 25 0 30 0 31 0 32 0 194 0 195 0 198 0 200 0 274 0 275 5 276 0 277 0 278 0 484 0 527 0 528 0 532 0 533 0 534 0 544 0 5 [...] MEM 692 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 COMMAND init migration/0 ksoftirqd/0 migration/1 ksoftirqd/1 events/0 events/1 khelper kthread kblockd/0 kblockd/1 kacpid cqueue/0 cqueue/1 khubd kseriod pdflush pdflush kswapd0 aio/0 aio/1 kpsmoused mpt_poll_0 scsi_eh_0 ata/0 ata/1 ata_aux kstriped ARGS
Description
It is possible to obtain the system information about the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.1.1. An attacker may use this information to gain more knowledge about the target host.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port.
Risk Factor
None
Ports
15
udp/161
System information : sysDescr : Linux intranet.hclinsys.com 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64 sysObjectID : 1.3.6.1.4.1.8072.3.2.10 sysUptime : 6d 1h 56m 35s sysContact : Root <root@localhost> (configure /etc/snmp/snmp.local.conf) sysName : intranet.hclinsys.com sysLocation : Unknown (edit /etc/snmp/snmpd.conf) sysServices :
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
Ports udp/679
The following RPC services are available on UDP port 679 : - program: 100024 (status), version: 1
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scanners are less intrusive than TCP (full connect) scanners against broken services, but they might kill lame misconfigured firewalls. They might also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Ports tcp/682
Port 682/tcp was found to be open
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port.
Solution
16
n/a
Risk Factor
None
Ports tcp/682
The following RPC services are available on TCP port 682 : - program: 100024 (status), version: 1
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scanners are less intrusive than TCP (full connect) scanners against broken services, but they might kill lame misconfigured firewalls. They might also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Ports tcp/3700
Port 3700/tcp was found to be open
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Ports tcp/3700
A GIOP-enabled service is running on this port.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scanners are less intrusive than TCP (full connect) scanners against broken services, but they might kill lame misconfigured firewalls. They might also leave unclosed connections on the remote target, if the network is loaded.
Solution
17
Risk Factor
None
Ports tcp/4848
Port 4848/tcp was found to be open
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Ports tcp/4848
A web server is running on this port.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page. Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Ports tcp/4848
CGI scanning will be disabled for this host because the host responds to requests for non-existent URLs with HTTP code 302 rather than 404. The requested URL was : http://151.2.10.191:4848/DpMhOlB0lzyb.html
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
18
None
Ports tcp/4848
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : (Not implemented) Headers : Location: https://151.2.10.191:4848/ Connection:close Cache-control: private
Description
The remote service understands the Bonjour (also known as ZeroConf or mDNS) protocol, which allows anyone to uncover information from the remote host such as its operating system type and exact version, its hostname, and the list of services it is running.
Solution
Filter incoming traffic to UDP port 5353 if desired.
Risk Factor
Medium
Ports udp/5353
Nessus was able to extract the following information : - mDNS hostname - Advertised services o Service name Port number o Service name Port number - CPU type - OS : intranet-2.local. : : : : :
: X86_64 : LINUX
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scanners are less intrusive than TCP (full connect) scanners against broken services, but they might kill lame misconfigured firewalls. They might also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
19
Ports tcp/5801
Port 5801/tcp was found to be open
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Ports tcp/5801
A web server is running on this port.
Description
The remote host is running VNC (Virtual Network Computing), which uses the RFB (Remote Framebuffer) protocol to provide remote access to graphical user interfaces and thus permits a console on the remote host to be displayed on another.
See Also
http://en.wikipedia.org/wiki/Vnc
Solution
Make sure use of this software is done in accordance with your organization's security policy and filter incoming traffic to this port.
Risk Factor
None
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
Ports tcp/5801
The remote web server type is : RealVNC/4.0
20
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scanners are less intrusive than TCP (full connect) scanners against broken services, but they might kill lame misconfigured firewalls. They might also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Ports tcp/5901
Port 5901/tcp was found to be open
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Ports tcp/5901
A vnc server is running on this port.
Description
The remote host is running VNC (Virtual Network Computing), which uses the RFB (Remote Framebuffer) protocol to provide remote access to graphical user interfaces and thus permits a console on the remote host to be displayed on another.
See Also
http://en.wikipedia.org/wiki/Vnc
Solution
Make sure use of this software is done in accordance with your organization's security policy and filter incoming traffic to this port.
Risk Factor
None
Ports tcp/5901
The highest RFB protocol version supported by the server is : 3.8
21
Description
This script checks the remote VNC server protocol version and the available 'security types'.
Solution
n/a
Risk Factor
None
Ports tcp/5901
The remote VNC server supports the following security type : + 2 (VNC authentication)
Description
The remote host is running an X11 server. X11 is a client-server protocol that can be used to display graphical applications running on a given host on a remote client. Since the X11 traffic is not ciphered, it is possible for an attacker to eavesdrop on the connection.
Solution
Restrict access to this port. If the X11 client/server facility is not used, disable TCP entirely.
Risk Factor
Low
Ports tcp/6001
X11 Version : 11.0
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scanners are less intrusive than TCP (full connect) scanners against broken services, but they might kill lame misconfigured firewalls. They might also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Ports tcp/6001
Port 6001/tcp was found to be open
22
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scanners are less intrusive than TCP (full connect) scanners against broken services, but they might kill lame misconfigured firewalls. They might also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Ports tcp/7676
Port 7676/tcp was found to be open
Description
This plugin is a complement of find_service1.nasl. It attempts to identify services that return 3 ASCII digits codes (ie: FTP, SMTP, NNTP, ...)
Solution
n/a
Risk Factor
None
Ports tcp/7676 8080/tcp 58089 - Oracle GlassFish Server 2.1.1 < 2.1.1.14 / 3.0.1 < 3.0.1.4 / 3.1.1 < 3.1.1.1 Web Container Component Unspecified Vulnerability Synopsis
The remote web server has an unspecified vulnerability that could affect availability.
Description
The version of GlassFish Server running on the remote host is affected by an unspecified vulnerability related to the Web Container component that could affect availability.
See Also
http://www.nessus.org/u?3de5c231
Solution
Upgrade to GlassFish Server 2.1.1.14 / 3.0.1.4 / 3.1.1.1 or later.
Risk Factor
High
References
BID CVE 50204 CVE-2011-3559
23
XREF XREF
IAVA:2011-A-0144 OSVDB:76476
Ports tcp/8080
Version source : GlassFish Enterprise Server v2.1.1 Installed version : 2.1.1 Fixed version : 2.1.1.14
Description
The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections.
See Also
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf http://www.apacheweek.com/issues/03-01-24 http://www.kb.cert.org/vuls/id/288308 http://www.kb.cert.org/vuls/id/867593 http://download.oracle.com/sunalerts/1000718.1.html
Solution
Disable these methods. Refer to the plugin output for more information.
Risk Factor
Medium
References
BID BID BID BID BID CVE CVE CVE XREF XREF XREF 9506 9561 11604 33374 37995 CVE-2003-1567 CVE-2004-2320 CVE-2010-0386 OSVDB:877 OSVDB:3726 OSVDB:5648
24
XREF XREF
OSVDB:50485 CWE:16
Ports tcp/8080
Nessus sent the following TRACE request : ------------------------------ snip -----------------------------TRACE /Nessus1405398146.html HTTP/1.1 Connection: Close Host: 151.2.10.191 Pragma: no-cache User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8 ------------------------------ snip -----------------------------and received the following response from the remote server : ------------------------------ snip -----------------------------HTTP/1.1 200 OK X-Powered-By: Servlet/2.5 Server: Sun GlassFish Enterprise Server v2.1.1 Content-Type: message/http Content-Length: 307 Date: Wed, 21 Mar 2012 10:53:18 GMT Connection: close
TRACE /Nessus1405398146.html HTTP/1.1 connection: Close host: 151.2.10.191 pragma: no-cache user-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) accept: image/gif, image/x-xbitmap, image/jpeg, image/pj [...]
58090 - Oracle GlassFish Server 2.1.1 < 2.1.1.15 / 3.0.1 < 3.0.1.5 / 3.1.1 < 3.1.1.2 Hash Collision Denial of Service Synopsis
The remote web server is affected by a denial of service vulnerability.
Description
The version of GlassFish Server running on the remote host is affected by a denial of service vulnerability which can be triggered by specially crafted requests containing parameter values that cause hash collisions when computing the hash values for storage in a hash table.
See Also
http://www.nessus.org/u?11da589e
Solution
Upgrade to GlassFish Server 2.1.1.15 / 3.0.1.5 / 3.1.1.2 or later.
Risk Factor
Medium
References
BID 51194
25
Ports tcp/8080
Version source : GlassFish Enterprise Server v2.1.1 Installed version : 2.1.1 Fixed version : 2.1.1.15
57803 - Oracle GlassFish Server 2.1.1 < 2.1.1 Patch15 Administration Component Unspecified Vulnerability Synopsis
The remote web server has an unspecified vulnerability that may affect confidentiality.
Description
The version of GlassFish Server running on the remote host is affected by an unspecified vulnerability related to the Administration component that could allow local users to affect confidentiality in some way.
See Also
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html http://www.nessus.org/u?55ab74fa
Solution
Upgrade to GlassFish Server 2.1.1 Patch15 or later.
Risk Factor
Low
References
BID CVE XREF XREF 51497 CVE-2011-3564 IAVA:2012-A-0010 OSVDB:78414
Ports tcp/8080
Version source : GlassFish Enterprise Server v2.1.1 Installed version : 2.1.1 Fixed version : 2.1.1 Patch15
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
26
Note that SYN scanners are less intrusive than TCP (full connect) scanners against broken services, but they might kill lame misconfigured firewalls. They might also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Ports tcp/8080
Port 8080/tcp was found to be open
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Ports tcp/8080
A web server is running on this port.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.
Solution
n/a
Risk Factor
None
Ports tcp/8080
Based on the response to an OPTIONS request : - HTTP methods DELETE are allowed on : / HEAD OPTIONS POST PUT TRACE GET
Description
27
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
Ports tcp/8080
The remote web server type is : Sun GlassFish Enterprise Server v2.1.1
Description
The remote host is running the Oracle GlassFish HTTP Server, which is a Java EE application server. It is possible to read the version number from the HTTP response headers.
Solution
n/a
Risk Factor
None
Ports tcp/8080
Oracle Glassfish version 2.1.1 is running on port 8080.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Ports tcp/8080
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS Headers : X-Powered-By: Servlet/2.5 Server: Sun GlassFish Enterprise Server v2.1.1 ETag: W/"4864-1300775757000" Last-Modified: Tue, 22 Mar 2011 06:35:57 GMT Content-Type: text/html Content-Length: 4864 Date: Wed, 21 Mar 2012 10:53:24 GMT Connection: close
8181/tcp
28
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scanners are less intrusive than TCP (full connect) scanners against broken services, but they might kill lame misconfigured firewalls. They might also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Ports tcp/8181
Port 8181/tcp was found to be open
29
Vulnerabilities By Plugin
Description
It is possible to obtain the default community name of the remote SNMP server. An attacker may use this information to gain more knowledge about the remote host, or to change the configuration of the remote system (if the default community allows such modifications).
Solution
Disable the SNMP service on the remote host if you do not use it. Either filter incoming UDP packets going to this port, or change the default community string.
Risk Factor
High
References
BID CVE XREF 2112 CVE-1999-0517 OSVDB:209
31
58089 (1) - Oracle GlassFish Server 2.1.1 < 2.1.1.14 / 3.0.1 < 3.0.1.4 / 3.1.1 < 3.1.1.1 Web Container Component Unspecified Vulnerability Synopsis
The remote web server has an unspecified vulnerability that could affect availability.
Description
The version of GlassFish Server running on the remote host is affected by an unspecified vulnerability related to the Web Container component that could affect availability.
See Also
http://www.nessus.org/u?3de5c231
Solution
Upgrade to GlassFish Server 2.1.1.14 / 3.0.1.4 / 3.1.1.1 or later.
Risk Factor
High
References
BID CVE XREF XREF 50204 CVE-2011-3559 IAVA:2011-A-0144 OSVDB:76476
32
Description
The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections.
See Also
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf http://www.apacheweek.com/issues/03-01-24 http://www.kb.cert.org/vuls/id/288308 http://www.kb.cert.org/vuls/id/867593 http://download.oracle.com/sunalerts/1000718.1.html
Solution
Disable these methods. Refer to the plugin output for more information.
Risk Factor
Medium
References
BID BID BID BID BID CVE CVE CVE XREF XREF XREF XREF XREF 9506 9561 11604 33374 37995 CVE-2003-1567 CVE-2004-2320 CVE-2010-0386 OSVDB:877 OSVDB:3726 OSVDB:5648 OSVDB:50485 CWE:16
33
------------------------------ snip -----------------------------TRACE /Nessus1405398146.html HTTP/1.1 Connection: Close Host: 151.2.10.191 Pragma: no-cache User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8 ------------------------------ snip -----------------------------and received the following response from the remote server : ------------------------------ snip -----------------------------HTTP/1.1 200 OK X-Powered-By: Servlet/2.5 Server: Sun GlassFish Enterprise Server v2.1.1 Content-Type: message/http Content-Length: 307 Date: Wed, 21 Mar 2012 10:53:18 GMT Connection: close
TRACE /Nessus1405398146.html HTTP/1.1 connection: Close host: 151.2.10.191 pragma: no-cache user-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) accept: image/gif, image/x-xbitmap, image/jpeg, image/pj [...]
34
Description
The remote service understands the Bonjour (also known as ZeroConf or mDNS) protocol, which allows anyone to uncover information from the remote host such as its operating system type and exact version, its hostname, and the list of services it is running.
Solution
Filter incoming traffic to UDP port 5353 if desired.
Risk Factor
Medium
: X86_64 : LINUX
35
58090 (1) - Oracle GlassFish Server 2.1.1 < 2.1.1.15 / 3.0.1 < 3.0.1.5 / 3.1.1 < 3.1.1.2 Hash Collision Denial of Service Synopsis
The remote web server is affected by a denial of service vulnerability.
Description
The version of GlassFish Server running on the remote host is affected by a denial of service vulnerability which can be triggered by specially crafted requests containing parameter values that cause hash collisions when computing the hash values for storage in a hash table.
See Also
http://www.nessus.org/u?11da589e
Solution
Upgrade to GlassFish Server 2.1.1.15 / 3.0.1.5 / 3.1.1.2 or later.
Risk Factor
Medium
References
BID CVE XREF XREF XREF 51194 CVE-2011-5035 IAVA:2012-A-0010 IAVA:2012-A-0028 OSVDB:78114
36
Description
The remote host is running an X11 server. X11 is a client-server protocol that can be used to display graphical applications running on a given host on a remote client. Since the X11 traffic is not ciphered, it is possible for an attacker to eavesdrop on the connection.
Solution
Restrict access to this port. If the X11 client/server facility is not used, disable TCP entirely.
Risk Factor
Low
37
57803 (1) - Oracle GlassFish Server 2.1.1 < 2.1.1 Patch15 Administration Component Unspecified Vulnerability Synopsis
The remote web server has an unspecified vulnerability that may affect confidentiality.
Description
The version of GlassFish Server running on the remote host is affected by an unspecified vulnerability related to the Administration component that could allow local users to affect confidentiality in some way.
See Also
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html http://www.nessus.org/u?55ab74fa
Solution
Upgrade to GlassFish Server 2.1.1 Patch15 or later.
Risk Factor
Low
References
BID CVE XREF XREF 51497 CVE-2011-3564 IAVA:2012-A-0010 OSVDB:78414
38
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scanners are less intrusive than TCP (full connect) scanners against broken services, but they might kill lame misconfigured firewalls. They might also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
151.2.10.191 (tcp/111)
Port 111/tcp was found to be open
151.2.10.191 (tcp/682)
Port 682/tcp was found to be open
151.2.10.191 (tcp/3700)
Port 3700/tcp was found to be open
151.2.10.191 (tcp/4848)
Port 4848/tcp was found to be open
151.2.10.191 (tcp/5801)
Port 5801/tcp was found to be open
151.2.10.191 (tcp/5901)
Port 5901/tcp was found to be open
151.2.10.191 (tcp/6001)
Port 6001/tcp was found to be open
151.2.10.191 (tcp/7676)
Port 7676/tcp was found to be open
151.2.10.191 (tcp/8080)
Port 8080/tcp was found to be open
151.2.10.191 (tcp/8181)
Port 8181/tcp was found to be open
39
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
151.2.10.191 (tcp/3700)
A GIOP-enabled service is running on this port.
151.2.10.191 (tcp/4848)
A web server is running on this port.
151.2.10.191 (tcp/5801)
A web server is running on this port.
151.2.10.191 (tcp/5901)
A vnc server is running on this port.
151.2.10.191 (tcp/8080)
A web server is running on this port.
40
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
151.2.10.191 (udp/111)
The following RPC services are available on UDP port 111 : - program: 100000 (portmapper), version: 2
151.2.10.191 (udp/679)
The following RPC services are available on UDP port 679 : - program: 100024 (status), version: 1
151.2.10.191 (tcp/682)
The following RPC services are available on TCP port 682 : - program: 100024 (status), version: 1
41
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
151.2.10.191 (tcp/8080)
The remote web server type is : Sun GlassFish Enterprise Server v2.1.1
42
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
151.2.10.191 (tcp/8080)
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS Headers : X-Powered-By: Servlet/2.5 Server: Sun GlassFish Enterprise Server v2.1.1 ETag: W/"4864-1300775757000" Last-Modified: Tue, 22 Mar 2011 06:35:57 GMT Content-Type: text/html Content-Length: 4864 Date: Wed, 21 Mar 2012 10:53:24 GMT Connection: close
43
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine. This may help an attacker to defeat all time-based authentication protocols.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
References
CVE XREF XREF CVE-1999-0524 OSVDB:94 CWE:200
44
Description
The RPC portmapper is running on this port. The portmapper allows someone to get the port number of each RPC service running on the remote host by sending either multiple lookup requests or a DUMP request.
Solution
n/a
Risk Factor
None
References
CVE CVE-1999-0632
45
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication request.
Solution
n/a
Risk Factor
None
46
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
47
Description
The remote host is running VNC (Virtual Network Computing), which uses the RFB (Remote Framebuffer) protocol to provide remote access to graphical user interfaces and thus permits a console on the remote host to be displayed on another.
See Also
http://en.wikipedia.org/wiki/Vnc
Solution
Make sure use of this software is done in accordance with your organization's security policy and filter incoming traffic to this port.
Risk Factor
None
48
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page. Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
CGI scanning will be disabled for this host because the host responds to requests for non-existent URLs with HTTP code 302 rather than 404. The requested URL was : http://151.2.10.191:4848/DpMhOlB0lzyb.html
49
Description
It is possible to obtain the list of running processes on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.25.4.2.1.2 An attacker may use this information to gain more knowledge about the target host.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port.
Risk Factor
None
50
Description
It is possible to obtain the list of the network interfaces installed on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.2.1.0 An attacker may use this information to gain more knowledge about the target host.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port.
Risk Factor
None
51
Description
The remote host is running VNC (Virtual Network Computing), which uses the RFB (Remote Framebuffer) protocol to provide remote access to graphical user interfaces and thus permits a console on the remote host to be displayed on another.
See Also
http://en.wikipedia.org/wiki/Vnc
Solution
Make sure use of this software is done in accordance with your organization's security policy and filter incoming traffic to this port.
Risk Factor
None
52
Description
It is possible to obtain the system information about the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.1.1. An attacker may use this information to gain more knowledge about the target host.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port.
Risk Factor
None
53
Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Solution
n/a
Risk Factor
None
54
Description
Using a combination of remote probes, (TCP/IP, SMB, HTTP, NTP, SNMP, etc...) it is possible to guess the name of the remote operating system in use, and sometimes its version.
Solution
n/a
Risk Factor
None
55
Description
This plugin is a complement of find_service1.nasl. It attempts to identify services that return 3 ASCII digits codes (ie: FTP, SMTP, NNTP, ...)
Solution
n/a
Risk Factor
None
56
Description
This script checks the remote VNC server protocol version and the available 'security types'.
Solution
n/a
Risk Factor
None
57
Description
This script displays, for each tested host, information about the scan itself : - The version of the plugin set - The type of plugin feed (HomeFeed or ProfessionalFeed) - The version of the Nessus Engine - The port scanner(s) used - The port range scanned - Whether credentialed or third-party patch management checks are possible - The date of the scan - The duration of the scan - The number of hosts scanned in parallel - The number of checks done in parallel
Solution
n/a
Risk Factor
None
58
Description
It is possible to obtain the list of installed software on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.25.6.3.1.2 An attacker may use this information to gain more knowledge about the target host.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port.
Risk Factor
None
59
Description
According to the MAC address of its network adapter, the remote host is a VMware virtual machine. Since it is physically accessible through the network, ensure that its configuration matches your organization's security policy.
Solution
n/a
Risk Factor
None
60
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
61
Description
It is possible to obtain the routing information on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.4.21 An attacker may use this information to gain more knowledge about the network topology.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port.
Risk Factor
None
62
Description
By sending an SNMP 'get-next-request', it is possible to determine the protocol version of the remote SNMP agent.
See Also
http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port.
Risk Factor
None
63
Description
Each ethernet MAC address starts with a 24-bit 'Organizationally Unique Identifier'. These OUI are registered by IEEE.
See Also
http://standards.ieee.org/faqs/OUI.html http://standards.ieee.org/regauth/oui/index.shtml
Solution
n/a
Risk Factor
None
64
Description
Security patches may have been 'backported' to the remote SSH server without changing its version number. Banner-based checks have been disabled to avoid false positives. Note that this test is informational only and does not denote any security problem.
See Also
http://www.nessus.org/u?d636c8c7
Solution
N/A
Risk Factor
None
65
Description
Extend the SNMP settings data already gathered by testing for\ SNMP versions other than the highest negotiated.
Solution
n/a
Risk Factor
None
66
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.
Solution
n/a
Risk Factor
None
67
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host. Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
http://cpe.mitre.org/
Solution
n/a
Risk Factor
None
68
Description
The RPC portmapper is running on this port. The portmapper allows someone to get the port number of each RPC service running on the remote host by sending either multiple lookup requests or a DUMP request.
Solution
n/a
Risk Factor
None
69
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
70
Description
The remote host is running the Oracle GlassFish HTTP Server, which is a Java EE application server. It is possible to read the version number from the HTTP response headers.
Solution
n/a
Risk Factor
None
71
151.2.10.191 Summary
Critical 0 High 2 Medium 3 Low 2 Info 33 Total 40
Details
Severity High (7.8) Plugin Id 58089 Name Oracle GlassFish Server 2.1.1 < 2.1.1.14 / 3.0.1 < 3.0.1.4 / 3.1.1 < 3.1.1.1 Web Container Component Unspecified Vulnerability SNMP Agent Default Community Name (public) mDNS Detection Oracle GlassFish Server 2.1.1 < 2.1.1.15 / 3.0.1 < 3.0.1.5 / 3.1.1 < 3.1.1.2 Hash Collision Denial of Service HTTP TRACE / TRACK Methods Allowed X Server Detection Oracle GlassFish Server 2.1.1 < 2.1.1 Patch15 Administration Component Unspecified Vulnerability HTTP Server Type and Version ICMP Timestamp Request Remote Date Disclosure RPC portmapper Service Detection SSH Server Type and Version Information Traceroute Information VNC Software Detection Web Server No 404 Error Code Check SNMP Query Running Process List Disclosure SNMP Request Network Interfaces Enumeration VNC HTTP Server Detection SNMP Query System Information Disclosure SSH Protocol Versions Supported RPC Services Enumeration Nessus SYN scanner OS Identification Service Detection: 3 ASCII Digit Code Responses VNC Server Security Type Detection Nessus Scan Information
Info Info Info Info Info Info Info Info Info Info Info Info Info Info Info Info Info Info
10107 10114 10223 10267 10287 10342 10386 10550 10551 10758 10800 10881 11111 11219 11936 14773 19288 19506
73
Info Info Info Info Info Info Info Info Info Info Info Info Info Info Info
19763 20094 22964 24260 25220 34022 35296 35716 39520 40448 43111 45590 53335 54615 55930
SNMP Query Installed Software Disclosure VMware Virtual Machine Detection Service Detection HyperText Transfer Protocol (HTTP) Information TCP/IP Timestamps Supported SNMP Query Routing Information Disclosure SNMP Protocol Version Detection Ethernet Card Manufacturer Detection Backported Security Patch Detection (SSH) SNMP Supported Protocols Detection HTTP Methods Allowed (per directory) Common Platform Enumeration (CPE) RPC portmapper (TCP) Device Type Oracle GlassFish HTTP Server Version
74