Show report for host:

Scan Results
Hostname 203.162.27.86
Scan date 2009-07-07
Vulnerability Score
0.16 (F)
Vulnerability Summary
High
  16    mod_ssl Hook Functions Format String Vulnerability
Vulnerabilities in Custom Web Code
Vulnerabilities in Custom Web Code
Vulnerabilities in Custom Web Code
Vulnerabilities in Custom Web Code
Vulnerabilities in Custom Web Code
Vulnerabilities in Custom Web Code
Vulnerabilities in Custom Web Code
Vulnerabilities in Custom Web Code
Vulnerabilities in Custom Web Code
Vulnerabilities in Custom Web Code
Vulnerabilities in Custom Web Code
Vulnerabilities in Custom Web Code
Vulnerabilities in Custom Web Code
Vulnerabilities in Custom Web Code
Vulnerabilities in Custom Web Code
Medium
  5    Apache mod_proxy Content-Length Buffer Overflow
Apache Connection Blocking DoS
mod_ssl SSL_Util_UUEncode_Binary Overflow
Multiple OpenSSL DoS
Apache Version Older than 1.3.29 (mod_alias, mod_rewrite)
Low
  13    Deprecated SSL Protocol Usage
SSL Verification Test
SSL Verification Test
SSL Verification Test
SSL Verification Test
SSL Verification Test
SSL Verification Test
404 check
404 check
404 check
404 check
Telnet Detection
ICMP Timestamp Request
Total 34 
Vulnerability by Risk Level Vulnerability by Service Vulnerability Count
(Displays High and Medium risk vulnerabilities)


High risk vulnerabilities results for: 203.162.27.86
1. Vulnerabilities in Custom Web Code (High)
Port: http (80/tcp)
Summary:
SQL Injection - http://203.162.27.86/bios/page.php?lastname='Doe

In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information: See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html

For IIS source and path disclosure issues, see:
* IIS 5.0 and below: http://support.microsoft.com/kb/302570
* IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID: 2062
2. Vulnerabilities in Custom Web Code (High)
Port: http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/bios/page.php?lastname=<script>alert('foo');</script>

In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information: See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html

For IIS source and path disclosure issues, see:
* IIS 5.0 and below: http://support.microsoft.com/kb/302570
* IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID: 2062
3. Vulnerabilities in Custom Web Code (High)
Port: http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/references/refs.cgi?long=<script>alert(document.cookie)</script>

In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information: See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html

For IIS source and path disclosure issues, see:
* IIS 5.0 and below: http://support.microsoft.com/kb/302570
* IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID: 2062
4. Vulnerabilities in Custom Web Code (High)
Port: http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/references/refs.cgi?%22+onmouseover%3D%22javascript:alert%28%27foo%27%29%22+%22

In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information: See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html

For IIS source and path disclosure issues, see:
* IIS 5.0 and below: http://support.microsoft.com/kb/302570
* IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID: 2062
5. Vulnerabilities in Custom Web Code (High)
Port: http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/data/search.php?Comment=<script>alert('foo');</script>&Number=100

In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information: See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html

For IIS source and path disclosure issues, see:
* IIS 5.0 and below: http://support.microsoft.com/kb/302570
* IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID: 2062
6. Vulnerabilities in Custom Web Code (High)
Port: http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/data/search.php [Discoverer=<script>alert(document.cookie)</script>&Number=0&OnList=yes&Style=HTML&all=This Person's Current Data]

In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information: See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html

For IIS source and path disclosure issues, see:
* IIS 5.0 and below: http://support.microsoft.com/kb/302570
* IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID: 2062
7. Vulnerabilities in Custom Web Code (High)
Port: http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/data/search.php [Discoverer=G&Number=0&OnList=yes"><script>alert("foo");</script><"&Style=HTML&all=This Person's Current Data]

In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information: See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html

For IIS source and path disclosure issues, see:
* IIS 5.0 and below: http://support.microsoft.com/kb/302570
* IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID: 2062
8. Vulnerabilities in Custom Web Code (High)
Port: http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/data/includes/mail.php [mail_from=<script>alert(document.cookie)</script>&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge&sendmail=Send Mail&mail_text=]

In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information: See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html

For IIS source and path disclosure issues, see:
* IIS 5.0 and below: http://support.microsoft.com/kb/302570
* IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID: 2062
9. Vulnerabilities in Custom Web Code (High)
Port: http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/references/refs.cgi?%22+onmouseover%3D%22javascript:alert%28%27foo%27%29%22+%22

In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information: See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html

For IIS source and path disclosure issues, see:
* IIS 5.0 and below: http://support.microsoft.com/kb/302570
* IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID: 2062
10. Vulnerabilities in Custom Web Code (High)
Port: http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/cgi-bin/links/jump.cgi?ID=<script>alert('foo');</script>

In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information: See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html

For IIS source and path disclosure issues, see:
* IIS 5.0 and below: http://support.microsoft.com/kb/302570
* IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID: 2062
11. Vulnerabilities in Custom Web Code (High)
Port: http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/references/refs.cgi?raw=%22+onmouseover%3D%22javascript:alert%28%27foo%27%29%22+%22

In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information: See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html

For IIS source and path disclosure issues, see:
* IIS 5.0 and below: http://support.microsoft.com/kb/302570
* IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID: 2062
12. Vulnerabilities in Custom Web Code (High)
Port: http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/references/refs.cgi?author=%22+onmouseover%3D%22javascript:alert%28%27foo%27%29%22+%22

In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information: See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html

For IIS source and path disclosure issues, see:
* IIS 5.0 and below: http://support.microsoft.com/kb/302570
* IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID: 2062
13. Vulnerabilities in Custom Web Code (High)
Port: http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/data/submit.php [xx_person_id=<script>alert('foo');</script>&code_str= G ]

In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information: See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html

For IIS source and path disclosure issues, see:
* IIS 5.0 and below: http://support.microsoft.com/kb/302570
* IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID: 2062
14. Vulnerabilities in Custom Web Code (High)
Port: http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/bios/newcode.php [xx_person_id=<script>alert('foo');</script>]

In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information: See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html

For IIS source and path disclosure issues, see:
* IIS 5.0 and below: http://support.microsoft.com/kb/302570
* IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID: 2062
15. Vulnerabilities in Custom Web Code (High)
Port: http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/bios/edit.php [xx_person_id=<script>alert('foo');</script>&xx_action=Edit Prover-Account]

In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information: See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html

For IIS source and path disclosure issues, see:
* IIS 5.0 and below: http://support.microsoft.com/kb/302570
* IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID: 2062
16. mod_ssl Hook Functions Format String Vulnerability (High)
Port: https (443/tcp)
Summary:
The remote host is using a version vulnerable of mod_ssl that is older than 2.8.19. There is a format string condition in the log functions of the remote module that allows an attacker to execute arbitrary code on the remote host.
Recommended Solution:
Upgrade to mod_ssl version 2.8.19 or newer
CVE: CVE-2004-0700
Test ID: 4511


Medium risk vulnerabilities results for: 203.162.27.86
1. Apache mod_proxy Content-Length Buffer Overflow (Medium)
Port: https (443/tcp)
Summary:
The remote web server appears to be running a version of Apache that is older than version 1.3.32.

This version is vulnerable to a heap based buffer overflow in proxy_util.c for mod_proxy. This issue may lead remote attackers to cause a denial of service and possibly execute arbitrary code on the server.
Recommended Solution:
Disable mod_proxy until a patch is available.
CVE: CVE-2004-0492
Test ID: 5788
2. Apache Connection Blocking DoS (Medium)
Port: https (443/tcp)
Summary:
The remote web server appears to be running a version of Apache that is less that 2.0.49 or 1.3.31. These versions are vulnerable to a denial of service attack where a remote attacker can block new connections to the server by connecting to a listening socket on a rarely accessed port.
Recommended Solution:
Upgrade to Apache version 2.0.49, version 1.3.31 or newer.
CVE: CVE-2004-0174
Test ID: 3035
3. mod_ssl SSL_Util_UUEncode_Binary Overflow (Medium)
Port: https (443/tcp)
Summary:
The remote host is using a version of mod_ssl that is older than version 2.8.18. This version is vulnerable to a flaw that allows an attacker to disable the remote web site remotely.
Recommended Solution:
Upgrade to mod_ssl version 2.8.18 or newer.
CVE: CVE-2004-0488
Test ID: 3027
4. Multiple OpenSSL DoS (Medium)
Port: https (443/tcp)
Summary:
The remote host is using a version of OpenSSL which is older than 0.9.6m or 0.9.7d. There are several bug in this version of OpenSSL that allows an attacker to cause a denial of service against the remote host.

More specifically:
* The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

* OpenSSL 0.9.6 before 0.9.6d does not peroperly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

* The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
Recommended Solution:
Upgrade to OpenSSL version 0.9.6m (0.9.7d) or newer.
CVE: CVE-2004-0079
CVE: CVE-2004-0081
CVE: CVE-2004-0112
Test ID: 2959
5. Apache Version Older than 1.3.29 (mod_alias, mod_rewrite) (Medium)
Port: https (443/tcp)
Summary:
The remote host appears to be running a version of Apache which is older than 1.3.29. There are several flaws in this version, which allows an attacker to possibly execute arbitrary code through mod_alias and mod_rewrite.
Recommended Solution:
Upgrade to version 1.3.29.
More information: http://www.apache.org/dist/httpd/Announcement.html
CVE: CVE-2003-0542
Test ID: 2715


Low risk vulnerabilities results for: 203.162.27.86
1. Deprecated SSL Protocol Usage (Low)
Port: unknown (8003/tcp)
Summary:
The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.
Recommended Solution:
Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead.

For Microsoft's IIS server, see:
* http://support.microsoft.com/kb/187498
More information: http://www.schneier.com/paper-ssl.pdf
Test ID: 9329
2. SSL Verification Test (Low)
Port: https (443/tcp)
Summary:
This test connects to a SSL server, and checks its certificate and the available (shared) SSLv2 ciphers. Weak (export version) ciphers are reported as problematic.

This TLSv1 server does not accept SSLv2 connections.
This TLSv1 server also accepts SSLv3 connections.
Recommended Solution:
Usage of weak ciphers should be avoided.
Test ID: 2804
3. SSL Verification Test (Low)
Port: https (443/tcp)
Summary:
This test connects to a SSL server, and checks its certificate and the available (shared) SSLv2 ciphers. Weak (export version) ciphers are reported as problematic.

Here is the SSLv3 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=San Jose, OU=CNBU, O=Cisco Systems, Inc, CN=CE7305-4/Email=tac@cisco.com
Validity
Not Before: Nov 24 02:31:03 2005 GMT
Not After : Nov 23 02:31:03 2010 GMT
Subject: C=US, ST=California, L=San Jose, OU=CNBU, O=Cisco Systems, Inc, CN=CE7305-4/Email=tac@cisco.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:94:94:fd:3f:78:37:e9:b1:c1:d3:aa:96:59:ae:
8a:0a:5f:4b:25:1a:f2:86:9f:b0:41:11:76:d6:b0:
bc:e6:ff:74:90:5f:2c:5d:c0:c2:25:c5:18:b6:45:
46:52:c3:8b:0f:32:db:be:03:85:15:70:59:6e:57:
7d:75:bc:de:e7:9f:fb:af:0a:d1:bb:b7:81:bc:e1:
81:fd:3c:24:5c:9e:9c:54:9b:1f:53:cf:64:e7:3b:
9c:42:34:b0:77:62:53:fb:ef:8a:4d:84:8b:2f:af:
84:d9:b7:02:4c:b1:ec:42:ff:f6:3f:c9:9c:76:72:
9a:bc:3f:e0:92:18:1b:d8:37
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
64:65:a6:79:83:5b:aa:75:7e:f6:6d:46:a0:62:b8:7a:af:dd:
18:50:d0:c9:71:c4:26:93:ae:a9:66:a2:1c:49:bb:60:5b:2c:
69:d1:e9:1b:83:a6:70:97:aa:a8:54:12:1f:00:90:51:c1:8e:
cc:d1:0a:c3:c3:75:52:73:83:98:23:fa:d1:35:61:66:17:86:
af:27:eb:fa:ab:fb:77:30:d8:fd:cc:dd:74:42:ec:21:70:4b:
e4:bc:6c:9d:a0:06:5a:a0:8e:50:03:f9:d9:af:ca:8c:e5:e7:
7c:19:95:3d:8e:e1:0a:a2:9d:2a:81:e4:d2:55:5a:7c:9f:13:
68:5c
Recommended Solution:
Usage of weak ciphers should be avoided.
Test ID: 2804
4. SSL Verification Test (Low)
Port: unknown (8003/tcp)
Summary:
This test connects to a SSL server, and checks its certificate and the available (shared) SSLv2 ciphers. Weak (export version) ciphers are reported as problematic.

This TLSv1 server also accepts SSLv2 connections.
This TLSv1 server also accepts SSLv3 connections.
Recommended Solution:
Usage of weak ciphers should be avoided.
Test ID: 2804
5. SSL Verification Test (Low)
Port: unknown (8003/tcp)
Summary:
This test connects to a SSL server, and checks its certificate and the available (shared) SSLv2 ciphers. Weak (export version) ciphers are reported as problematic.

The SSLv2 server offers 5 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary
Recommended Solution:
Usage of weak ciphers should be avoided.
Test ID: 2804
6. SSL Verification Test (Low)
Port: unknown (8003/tcp)
Summary:
This test connects to a SSL server, and checks its certificate and the available (shared) SSLv2 ciphers. Weak (export version) ciphers are reported as problematic.

Here is the list of available SSLv2 ciphers:
RC4-MD5
EXP-RC4-MD5
RC2-CBC-MD5
EXP-RC2-CBC-MD5
DES-CBC-MD5
DES-CBC3-MD5
RC4-64-MD5
Recommended Solution:
Usage of weak ciphers should be avoided.
Test ID: 2804
7. SSL Verification Test (Low)
Port: unknown (8003/tcp)
Summary:
This test connects to a SSL server, and checks its certificate and the available (shared) SSLv2 ciphers. Weak (export version) ciphers are reported as problematic.

Here is the SSLv2 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=California, L=San Jose, O=Cisco Systems Inc., OU=CNBU, CN=Secure Webserver/Email=tac@cisco.com
Validity
Not Before: May 22 11:32:36 2003 GMT
Not After : May 19 11:32:36 2013 GMT
Subject: C=US, ST=California, L=San Jose, O=Cisco Systems Inc., OU=CNBU, CN=Secure Webserver/Email=tac@cisco.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:cf:6f:b0:03:83:ae:ea:6e:24:a1:79:f3:0b:3a:
21:48:95:b8:97:06:c6:5f:f4:07:83:de:bd:e1:2a:
1e:cc:a2:4a:7e:47:9c:d6:07:ec:bc:fd:61:64:48:
e3:31:bf:5b:51:6c:d1:85:d6:04:d3:37:af:c9:d6:
fb:b5:c8:c4:c0:86:8f:50:7d:63:a6:a6:f6:d9:ad:
19:c0:79:55:37:60:15:aa:f3:54:5d:16:b6:04:d0:
8a:57:ac:49:83:fe:e7:cf:43:39:21:cd:0d:26:68:
5b:23:f0:85:c2:fc:69:d8:61:54:f9:4f:1d:34:77:
c6:d8:4f:0c:44:fc:46:84:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:37:7F:24:5D:DB:CB:A7:B4:C0:6C:21:E1:07:AA:05:BE:B2:92:CA
X509v3 Authority Key Identifier:
keyid:13:37:7F:24:5D:DB:CB:A7:B4:C0:6C:21:E1:07:AA:05:BE:B2:92:CA
DirName:/C=US/ST=California/L=San Jose/O=Cisco Systems Inc./OU=CNBU/CN=Secure Webserver/Email=tac@cisco.com
serial:00
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
9b:bd:93:32:d4:ea:9c:f0:13:2e:8b:f7:77:60:dc:2d:0c:05:
a2:6f:13:90:93:72:78:f9:db:83:15:04:c7:54:17:e8:67:bb:
85:36:ca:0c:12:cd:1c:df:9d:4d:13:d7:c7:1f:9d:21:a0:5d:
83:5c:78:41:35:0a:f1:7a:8b:6f:c8:1a:a0:68:12:27:4b:31:
48:68:4b:06:c5:dc:56:4e:d7:45:2a:98:aa:63:29:b5:64:c8:
7e:21:3d:af:fd:99:06:db:27:ff:9f:e4:6b:05:01:65:d6:a0:
1b:5e:73:a8:0c:91:53:38:be:64:a4:ed:0a:ba:4e:ee:02:44:
5e:ce
Recommended Solution:
Usage of weak ciphers should be avoided.
Test ID: 2804
8. 404 check (Low)
Port: http (80/tcp)
Summary:
This test tries to determine the best method to detect whether the remote server hosts a certain file.

The following string was used to determine that a file is not found on the server:
[HTTP
]
Test ID: 1147
9. 404 check (Low)
Port: unknown (8003/tcp)
Summary:
This test tries to determine the best method to detect whether the remote server hosts a certain file.

The following string was used to determine that a file is not found on the server:
[HTTP
]
Test ID: 1147
10. 404 check (Low)
Port: unknown (8001/tcp)
Summary:
This test tries to determine the best method to detect whether the remote server hosts a certain file.

The following string was used to determine that a file is not found on the server:
[HTTP
]
Test ID: 1147
11. 404 check (Low)
Port: https (443/tcp)
Summary:
This test tries to determine the best method to detect whether the remote server hosts a certain file.

The following string was used to determine that a file is not found on the server:
[HTTP
]
Test ID: 1147
12. Telnet Detection (Low)
Port: telnet (23/tcp)
Summary:
The Telnet service is running. This service is dangerous since it is not encrypted - everyone on your local network can sniff the data that passes between the telnet client and the server. This includes logins and passwords.
Recommended Solution:
Stop using the telnet service - use SSH instead. For Cisco-based routers, see:
http://www.cisco.com/warp/public/707/ssh.shtml
Impact:
Hosts on your local network can easily obtain usernames and passwords of users that connect to your telnet server.
More information: http://www.securiteam.com/unixfocus/2EUQ8QAQME.html
CVE: CVE-1999-0619
Test ID: 950
13. ICMP Timestamp Request (Low)
Port: general/icmp
Summary:
The remote host answers to an ICMP timestamp request. This allows an attacker to know the time and date on your host.
Recommended Solution:
Filter out the ICMP timestamp requests (type 13) and replies (type 14).
Impact:
This may help attackers to defeat time based authentications schemes.
CVE: CVE-1999-0524
Test ID: 811
DISCLAIMER: This report is not meant as an exhaustive analysis of the level of security now present on the tested host, and the data shown here should not be used exclusively to judge the security level of any computer system. This scan was performed automatically, and unlike a manual penetration test it does not reveal all the possible security holes present in the system. Some vulnerabilities that were found might be 'false alarms'.
The information in this report is provided "as is" and no liability for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages will be accepted.


Review our Privacy Policy, Terms of Use © Copyright 1998-2009 Beyond Security. All rights reserved.