Show report for host: 203.162.27.86 (H:16, M:5, L:13) 211.227.87.235 (H:0, M:0, L:4) 211.228.155.6 (H:0, M:0, L:4) 217.199.184.64 (H:1, M:1, L:6) 217.219.128.69 (H:0, M:0, L:1) 218.54.138.94 (H:0, M:0, L:1) 218.98.195.19 (H:0, M:0, L:9) 219.239.110.9 (H:0, M:0, L:1) 222.233.220.216 (H:0, M:0, L:1) 66.185.85.76 (H:0, M:0, L:0) 68.37.72.199 (H:2, M:2, L:17) 70.28.37.237 (H:0, M:0, L:1)

Scan Results
Hostname	203.162.27.86
Scan date	2009-07-07
Vulnerability Score	0.16 (F)
Vulnerability Summary
High	16 mod_ssl Hook Functions Format String Vulnerability Vulnerabilities in Custom Web Code Vulnerabilities in Custom Web Code Vulnerabilities in Custom Web Code Vulnerabilities in Custom Web Code Vulnerabilities in Custom Web Code Vulnerabilities in Custom Web Code Vulnerabilities in Custom Web Code Vulnerabilities in Custom Web Code Vulnerabilities in Custom Web Code Vulnerabilities in Custom Web Code Vulnerabilities in Custom Web Code Vulnerabilities in Custom Web Code Vulnerabilities in Custom Web Code Vulnerabilities in Custom Web Code Vulnerabilities in Custom Web Code
Medium	5 Apache mod_proxy Content-Length Buffer Overflow Apache Connection Blocking DoS mod_ssl SSL_Util_UUEncode_Binary Overflow Multiple OpenSSL DoS Apache Version Older than 1.3.29 (mod_alias, mod_rewrite)
Low	13 Deprecated SSL Protocol Usage SSL Verification Test SSL Verification Test SSL Verification Test SSL Verification Test SSL Verification Test SSL Verification Test 404 check 404 check 404 check 404 check Telnet Detection ICMP Timestamp Request
Total	34

Vulnerability by Risk Level	Vulnerability by Service	Vulnerability Count
	(Displays High and Medium risk vulnerabilities)

High risk vulnerabilities results for: 203.162.27.86
1. Vulnerabilities in Custom Web Code (High) back
Port:	http (80/tcp)
Summary:
SQL Injection - http://203.162.27.86/bios/page.php?lastname='Doe In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information:	See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html For IIS source and path disclosure issues, see: * IIS 5.0 and below: http://support.microsoft.com/kb/302570 * IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID:	2062
2. Vulnerabilities in Custom Web Code (High) back
Port:	http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/bios/page.php?lastname=<script>alert('foo');</script> In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information:	See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html For IIS source and path disclosure issues, see: * IIS 5.0 and below: http://support.microsoft.com/kb/302570 * IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID:	2062
3. Vulnerabilities in Custom Web Code (High) back
Port:	http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/references/refs.cgi?long=<script>alert(document.cookie)</script> In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information:	See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html For IIS source and path disclosure issues, see: * IIS 5.0 and below: http://support.microsoft.com/kb/302570 * IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID:	2062
4. Vulnerabilities in Custom Web Code (High) back
Port:	http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/references/refs.cgi?%22+onmouseover%3D%22javascript:alert%28%27foo%27%29%22+%22 In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information:	See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html For IIS source and path disclosure issues, see: * IIS 5.0 and below: http://support.microsoft.com/kb/302570 * IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID:	2062
5. Vulnerabilities in Custom Web Code (High) back
Port:	http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/data/search.php?Comment=<script>alert('foo');</script>&Number=100 In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information:	See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html For IIS source and path disclosure issues, see: * IIS 5.0 and below: http://support.microsoft.com/kb/302570 * IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID:	2062
6. Vulnerabilities in Custom Web Code (High) back
Port:	http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/data/search.php [Discoverer=<script>alert(document.cookie)</script>&Number=0&OnList=yes&Style=HTML&all=This Person's Current Data] In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information:	See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html For IIS source and path disclosure issues, see: * IIS 5.0 and below: http://support.microsoft.com/kb/302570 * IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID:	2062
7. Vulnerabilities in Custom Web Code (High) back
Port:	http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/data/search.php [Discoverer=G&Number=0&OnList=yes"><script>alert("foo");</script><"&Style=HTML&all=This Person's Current Data] In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information:	See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html For IIS source and path disclosure issues, see: * IIS 5.0 and below: http://support.microsoft.com/kb/302570 * IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID:	2062
8. Vulnerabilities in Custom Web Code (High) back
Port:	http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/data/includes/mail.php [mail_from=<script>alert(document.cookie)</script>&recaptcha_challenge_field=&recaptcha_response_field=manual_challenge&sendmail=Send Mail&mail_text=] In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information:	See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html For IIS source and path disclosure issues, see: * IIS 5.0 and below: http://support.microsoft.com/kb/302570 * IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID:	2062
9. Vulnerabilities in Custom Web Code (High) back
Port:	http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/references/refs.cgi?%22+onmouseover%3D%22javascript:alert%28%27foo%27%29%22+%22 In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information:	See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html For IIS source and path disclosure issues, see: * IIS 5.0 and below: http://support.microsoft.com/kb/302570 * IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID:	2062
10. Vulnerabilities in Custom Web Code (High) back
Port:	http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/cgi-bin/links/jump.cgi?ID=<script>alert('foo');</script> In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information:	See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html For IIS source and path disclosure issues, see: * IIS 5.0 and below: http://support.microsoft.com/kb/302570 * IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID:	2062
11. Vulnerabilities in Custom Web Code (High) back
Port:	http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/references/refs.cgi?raw=%22+onmouseover%3D%22javascript:alert%28%27foo%27%29%22+%22 In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information:	See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html For IIS source and path disclosure issues, see: * IIS 5.0 and below: http://support.microsoft.com/kb/302570 * IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID:	2062
12. Vulnerabilities in Custom Web Code (High) back
Port:	http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/references/refs.cgi?author=%22+onmouseover%3D%22javascript:alert%28%27foo%27%29%22+%22 In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information:	See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html For IIS source and path disclosure issues, see: * IIS 5.0 and below: http://support.microsoft.com/kb/302570 * IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID:	2062
13. Vulnerabilities in Custom Web Code (High) back
Port:	http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/data/submit.php [xx_person_id=<script>alert('foo');</script>&code_str= G ] In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information:	See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html For IIS source and path disclosure issues, see: * IIS 5.0 and below: http://support.microsoft.com/kb/302570 * IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID:	2062
14. Vulnerabilities in Custom Web Code (High) back
Port:	http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/bios/newcode.php [xx_person_id=<script>alert('foo');</script>] In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information:	See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html For IIS source and path disclosure issues, see: * IIS 5.0 and below: http://support.microsoft.com/kb/302570 * IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID:	2062
15. Vulnerabilities in Custom Web Code (High) back
Port:	http (80/tcp)
Summary:
Cross Site Scripting - http://203.162.27.86/bios/edit.php [xx_person_id=<script>alert('foo');</script>&xx_action=Edit Prover-Account] In those cases where the method used was POST, a proper HTTP POST request must be used. In those cases where the method used was GET, a simple HTTP URL can be used to verify the vulnerability.
Recommended Solution:
Filter out any user provided data from inappropriate data (especially ' ) | , etc).
Impact:
Attackers can take control over your database, and in some cases over the operating system (using master..xp_cmdshell, CREATE LIBRARY, etc).
More information:	See http://www.securiteam.com/securityreviews/5DP0N1P76E.html, http://www.securiteam.com/securityreviews/5UP010A6AA.html, http://www.securiteam.com/securityreviews/5IP030K8AA.html, and http://www.securiteam.com/securityreviews/5GP0E2K7FO.html For IIS source and path disclosure issues, see: * IIS 5.0 and below: http://support.microsoft.com/kb/302570 * IIS 6.0: http://support.microsoft.com/kb/814869/en-us
Test ID:	2062
16. mod_ssl Hook Functions Format String Vulnerability (High) back
Port:	https (443/tcp)
Summary:
The remote host is using a version vulnerable of mod_ssl that is older than 2.8.19. There is a format string condition in the log functions of the remote module that allows an attacker to execute arbitrary code on the remote host.
Recommended Solution:
Upgrade to mod_ssl version 2.8.19 or newer
CVE:	CVE-2004-0700
Test ID:	4511

Medium risk vulnerabilities results for: 203.162.27.86
1. Apache mod_proxy Content-Length Buffer Overflow (Medium) back
Port:	https (443/tcp)
Summary:
The remote web server appears to be running a version of Apache that is older than version 1.3.32. This version is vulnerable to a heap based buffer overflow in proxy_util.c for mod_proxy. This issue may lead remote attackers to cause a denial of service and possibly execute arbitrary code on the server.
Recommended Solution:
Disable mod_proxy until a patch is available.
CVE:	CVE-2004-0492
Test ID:	5788
2. Apache Connection Blocking DoS (Medium) back
Port:	https (443/tcp)
Summary:
The remote web server appears to be running a version of Apache that is less that 2.0.49 or 1.3.31. These versions are vulnerable to a denial of service attack where a remote attacker can block new connections to the server by connecting to a listening socket on a rarely accessed port.
Recommended Solution:
Upgrade to Apache version 2.0.49, version 1.3.31 or newer.
CVE:	CVE-2004-0174
Test ID:	3035
3. mod_ssl SSL_Util_UUEncode_Binary Overflow (Medium) back
Port:	https (443/tcp)
Summary:
The remote host is using a version of mod_ssl that is older than version 2.8.18. This version is vulnerable to a flaw that allows an attacker to disable the remote web site remotely.
Recommended Solution:
Upgrade to mod_ssl version 2.8.18 or newer.
CVE:	CVE-2004-0488
Test ID:	3027
4. Multiple OpenSSL DoS (Medium) back
Port:	https (443/tcp)
Summary:
The remote host is using a version of OpenSSL which is older than 0.9.6m or 0.9.7d. There are several bug in this version of OpenSSL that allows an attacker to cause a denial of service against the remote host. More specifically: * The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. * OpenSSL 0.9.6 before 0.9.6d does not peroperly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. * The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
Recommended Solution:
Upgrade to OpenSSL version 0.9.6m (0.9.7d) or newer.
CVE:	CVE-2004-0079
CVE:	CVE-2004-0081
CVE:	CVE-2004-0112
Test ID:	2959
5. Apache Version Older than 1.3.29 (mod_alias, mod_rewrite) (Medium) back
Port:	https (443/tcp)
Summary:
The remote host appears to be running a version of Apache which is older than 1.3.29. There are several flaws in this version, which allows an attacker to possibly execute arbitrary code through mod_alias and mod_rewrite.
Recommended Solution:
Upgrade to version 1.3.29.
More information:	http://www.apache.org/dist/httpd/Announcement.html
CVE:	CVE-2003-0542
Test ID:	2715

Low risk vulnerabilities results for: 203.162.27.86
1. Deprecated SSL Protocol Usage (Low) back
Port:	unknown (8003/tcp)
Summary:
The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.
Recommended Solution:
Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. For Microsoft's IIS server, see: * http://support.microsoft.com/kb/187498
More information:	http://www.schneier.com/paper-ssl.pdf
Test ID:	9329
2. SSL Verification Test (Low) back
Port:	https (443/tcp)
Summary:
This test connects to a SSL server, and checks its certificate and the available (shared) SSLv2 ciphers. Weak (export version) ciphers are reported as problematic. This TLSv1 server does not accept SSLv2 connections. This TLSv1 server also accepts SSLv3 connections.
Recommended Solution:
Usage of weak ciphers should be avoided.
Test ID:	2804
3. SSL Verification Test (Low) back
Port:	https (443/tcp)
Summary:
This test connects to a SSL server, and checks its certificate and the available (shared) SSLv2 ciphers. Weak (export version) ciphers are reported as problematic. Here is the SSLv3 server certificate: Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=California, L=San Jose, OU=CNBU, O=Cisco Systems, Inc, CN=CE7305-4/Email=tac@cisco.com Validity Not Before: Nov 24 02:31:03 2005 GMT Not After : Nov 23 02:31:03 2010 GMT Subject: C=US, ST=California, L=San Jose, OU=CNBU, O=Cisco Systems, Inc, CN=CE7305-4/Email=tac@cisco.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:94:94:fd:3f:78:37:e9:b1:c1:d3:aa:96:59:ae: 8a:0a:5f:4b:25:1a:f2:86:9f:b0:41:11:76:d6:b0: bc:e6:ff:74:90:5f:2c:5d:c0:c2:25:c5:18:b6:45: 46:52:c3:8b:0f:32:db:be:03:85:15:70:59:6e:57: 7d:75:bc:de:e7:9f:fb:af:0a:d1:bb:b7:81:bc:e1: 81:fd:3c:24:5c:9e:9c:54:9b:1f:53:cf:64:e7:3b: 9c:42:34:b0:77:62:53:fb:ef:8a:4d:84:8b:2f:af: 84:d9:b7:02:4c:b1:ec:42:ff:f6:3f:c9:9c:76:72: 9a:bc:3f:e0:92:18:1b:d8:37 Exponent: 65537 (0x10001) Signature Algorithm: sha1WithRSAEncryption 64:65:a6:79:83:5b:aa:75:7e:f6:6d:46:a0:62:b8:7a:af:dd: 18:50:d0:c9:71:c4:26:93:ae:a9:66:a2:1c:49:bb:60:5b:2c: 69:d1:e9:1b:83:a6:70:97:aa:a8:54:12:1f:00:90:51:c1:8e: cc:d1:0a:c3:c3:75:52:73:83:98:23:fa:d1:35:61:66:17:86: af:27:eb:fa:ab:fb:77:30:d8:fd:cc:dd:74:42:ec:21:70:4b: e4:bc:6c:9d:a0:06:5a:a0:8e:50:03:f9:d9:af:ca:8c:e5:e7: 7c:19:95:3d:8e:e1:0a:a2:9d:2a:81:e4:d2:55:5a:7c:9f:13: 68:5c
Recommended Solution:
Usage of weak ciphers should be avoided.
Test ID:	2804
4. SSL Verification Test (Low) back
Port:	unknown (8003/tcp)
Summary:
This test connects to a SSL server, and checks its certificate and the available (shared) SSLv2 ciphers. Weak (export version) ciphers are reported as problematic. This TLSv1 server also accepts SSLv2 connections. This TLSv1 server also accepts SSLv3 connections.
Recommended Solution:
Usage of weak ciphers should be avoided.
Test ID:	2804
5. SSL Verification Test (Low) back
Port:	unknown (8003/tcp)
Summary:
This test connects to a SSL server, and checks its certificate and the available (shared) SSLv2 ciphers. Weak (export version) ciphers are reported as problematic. The SSLv2 server offers 5 strong ciphers, but also 0 medium strength and 2 weak "export class" ciphers. The weak/medium ciphers may be chosen by an export-grade or badly configured client software. They only offer a limited protection against a brute force attack Solution: disable those ciphers and upgrade your client software if necessary
Recommended Solution:
Usage of weak ciphers should be avoided.
Test ID:	2804
6. SSL Verification Test (Low) back
Port:	unknown (8003/tcp)
Summary:
This test connects to a SSL server, and checks its certificate and the available (shared) SSLv2 ciphers. Weak (export version) ciphers are reported as problematic. Here is the list of available SSLv2 ciphers: RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5 EXP-RC2-CBC-MD5 DES-CBC-MD5 DES-CBC3-MD5 RC4-64-MD5
Recommended Solution:
Usage of weak ciphers should be avoided.
Test ID:	2804
7. SSL Verification Test (Low) back
Port:	unknown (8003/tcp)
Summary:
This test connects to a SSL server, and checks its certificate and the available (shared) SSLv2 ciphers. Weak (export version) ciphers are reported as problematic. Here is the SSLv2 server certificate: Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, ST=California, L=San Jose, O=Cisco Systems Inc., OU=CNBU, CN=Secure Webserver/Email=tac@cisco.com Validity Not Before: May 22 11:32:36 2003 GMT Not After : May 19 11:32:36 2013 GMT Subject: C=US, ST=California, L=San Jose, O=Cisco Systems Inc., OU=CNBU, CN=Secure Webserver/Email=tac@cisco.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:cf:6f:b0:03:83:ae:ea:6e:24:a1:79:f3:0b:3a: 21:48:95:b8:97:06:c6:5f:f4:07:83:de:bd:e1:2a: 1e:cc:a2:4a:7e:47:9c:d6:07:ec:bc:fd:61:64:48: e3:31:bf:5b:51:6c:d1:85:d6:04:d3:37:af:c9:d6: fb:b5:c8:c4:c0:86:8f:50:7d:63:a6:a6:f6:d9:ad: 19:c0:79:55:37:60:15:aa:f3:54:5d:16:b6:04:d0: 8a:57:ac:49:83:fe:e7:cf:43:39:21:cd:0d:26:68: 5b:23:f0:85:c2:fc:69:d8:61:54:f9:4f:1d:34:77: c6:d8:4f:0c:44:fc:46:84:d7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 13:37:7F:24:5D:DB:CB:A7:B4:C0:6C:21:E1:07:AA:05:BE:B2:92:CA X509v3 Authority Key Identifier: keyid:13:37:7F:24:5D:DB:CB:A7:B4:C0:6C:21:E1:07:AA:05:BE:B2:92:CA DirName:/C=US/ST=California/L=San Jose/O=Cisco Systems Inc./OU=CNBU/CN=Secure Webserver/Email=tac@cisco.com serial:00 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: md5WithRSAEncryption 9b:bd:93:32:d4:ea:9c:f0:13:2e:8b:f7:77:60:dc:2d:0c:05: a2:6f:13:90:93:72:78:f9:db:83:15:04:c7:54:17:e8:67:bb: 85:36:ca:0c:12:cd:1c:df:9d:4d:13:d7:c7:1f:9d:21:a0:5d: 83:5c:78:41:35:0a:f1:7a:8b:6f:c8:1a:a0:68:12:27:4b:31: 48:68:4b:06:c5:dc:56:4e:d7:45:2a:98:aa:63:29:b5:64:c8: 7e:21:3d:af:fd:99:06:db:27:ff:9f:e4:6b:05:01:65:d6:a0: 1b:5e:73:a8:0c:91:53:38:be:64:a4:ed:0a:ba:4e:ee:02:44: 5e:ce
Recommended Solution:
Usage of weak ciphers should be avoided.
Test ID:	2804
8. 404 check (Low) back
Port:	http (80/tcp)
Summary:
This test tries to determine the best method to detect whether the remote server hosts a certain file. The following string was used to determine that a file is not found on the server: [HTTP ]
Test ID:	1147
9. 404 check (Low) back
Port:	unknown (8003/tcp)
Summary:
This test tries to determine the best method to detect whether the remote server hosts a certain file. The following string was used to determine that a file is not found on the server: [HTTP ]
Test ID:	1147
10. 404 check (Low) back
Port:	unknown (8001/tcp)
Summary:
This test tries to determine the best method to detect whether the remote server hosts a certain file. The following string was used to determine that a file is not found on the server: [HTTP ]
Test ID:	1147
11. 404 check (Low) back
Port:	https (443/tcp)
Summary:
This test tries to determine the best method to detect whether the remote server hosts a certain file. The following string was used to determine that a file is not found on the server: [HTTP ]
Test ID:	1147
12. Telnet Detection (Low) back
Port:	telnet (23/tcp)
Summary:
The Telnet service is running. This service is dangerous since it is not encrypted - everyone on your local network can sniff the data that passes between the telnet client and the server. This includes logins and passwords.
Recommended Solution:
Stop using the telnet service - use SSH instead. For Cisco-based routers, see: http://www.cisco.com/warp/public/707/ssh.shtml
Impact:
Hosts on your local network can easily obtain usernames and passwords of users that connect to your telnet server.
More information:	http://www.securiteam.com/unixfocus/2EUQ8QAQME.html
CVE:	CVE-1999-0619
Test ID:	950
13. ICMP Timestamp Request (Low) back
Port:	general/icmp
Summary:
The remote host answers to an ICMP timestamp request. This allows an attacker to know the time and date on your host.
Recommended Solution:
Filter out the ICMP timestamp requests (type 13) and replies (type 14).
Impact:
This may help attackers to defeat time based authentications schemes.
CVE:	CVE-1999-0524
Test ID:	811

DISCLAIMER: This report is not meant as an exhaustive analysis of the level of security now present on the tested host, and the data shown here should not be used exclusively to judge the security level of any computer system. This scan was performed automatically, and unlike a manual penetration test it does not reveal all the possible security holes present in the system. Some vulnerabilities that were found might be 'false alarms'.
The information in this report is provided "as is" and no liability for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages will be accepted.