Summary

This document reports on the results of an automatic security scan. The report first summarises the results found. Then, for each host, the report describes every issue found. Please consider the advice given in each description, in order to rectify the issue.

Vendor security updates are not trusted.

Overrides are on. When a result has an override, this report uses the threat of the override.

Notes are included in the report.

This report might not show details of all issues that were found. It only lists hosts that produced issues. Issues with the threat level "Debug" are not shown. Issues with the threat level "False Positive" are not shown.

This report contains all 46 results selected by the filtering described above. Before filtering there were 46 results.

Scan started: Mon Apr 20 20:31:02 2015
Scan ended: Mon Apr 20 21:13:00 2015

Host Summary

Host Start End High Medium Low Log False Positive
192.168.0.102 (TOMAS-PC ) Apr 20, 20:31:08 Apr 20, 21:13:00 0 4 0 42 0
Total: 1 0 4 0 42 0

Results per Host

Host 192.168.0.102

Scanning of this host started at: 2015-04-20T20:31:08Z
Number of results: 46

Port Summary for Host 192.168.0.102

Service (Port) Threat Level
135/tcp Medium
general/tcp Medium
general/CPE-T Log
912/tcp Log
902/tcp Log
5357/tcp Log
445/tcp Log
3780/tcp Log
2869/tcp Log
22/tcp Log
1900/udp Log
139/tcp Log
137/udp Log

Security Issues for Host 192.168.0.102

135/tcp
Medium (CVSS: 5.0)
NVT: DCE Services Enumeration (OID: 1.3.6.1.4.1.25623.1.0.10736)
Summary

Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.

An attacker may use this fact to gain more knowledge about the remote host.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Solution

filter incoming traffic to this port.

Vulnerability Detection Method

Details: DCE Services Enumeration (OID: 1.3.6.1.4.1.25623.1.0.10736)

Version used: $Revision: 41 $

135/tcp
Medium (CVSS: 5.0)
NVT: DCE Services Enumeration (OID: 1.3.6.1.4.1.25623.1.0.10736)
Summary

Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.

An attacker may use this fact to gain more knowledge about the remote host.

Vulnerability Detection Result
Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Here is the list of DCE services running on this host:
Port: 1025/tcp
     UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
     Endpoint: ncacn_ip_tcp:192.168.0.102[1025]
Port: 1026/tcp
     UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
     Endpoint: ncacn_ip_tcp:192.168.0.102[1026]
     Annotation: Event log TCPIP
     UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1
     Endpoint: ncacn_ip_tcp:192.168.0.102[1026]
     Annotation: DHCPv6 Client LRPC Endpoint
     UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1
     Endpoint: ncacn_ip_tcp:192.168.0.102[1026]
     Annotation: DHCP Client LRPC Endpoint
     UUID: 06bba54a-be05-49f9-b0a0-30f790261023, version 1
     Endpoint: ncacn_ip_tcp:192.168.0.102[1026]
     Annotation: Security Center
     UUID: 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1
     Endpoint: ncacn_ip_tcp:192.168.0.102[1026]
     Annotation: NRP server endpoint
Port: 1027/tcp
     UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
     Endpoint: ncacn_ip_tcp:192.168.0.102[1027]
     UUID: a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1
     Endpoint: ncacn_ip_tcp:192.168.0.102[1027]
     Annotation: IKE/Authip API
     UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1
     Endpoint: ncacn_ip_tcp:192.168.0.102[1027]
     Annotation: IP Transition Configuration endpoint
     UUID: 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1
     Endpoint: ncacn_ip_tcp:192.168.0.102[1027]
     Annotation: XactSrv service
Port: 1028/tcp
     UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
     Endpoint: ncacn_ip_tcp:192.168.0.102[1028]
     Named pipe : lsass
     Win32 service or process : lsass.exe
     Description : SAM access
Port: 1031/tcp
     UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
     Endpoint: ncacn_ip_tcp:192.168.0.102[1031]
Solution : filter incoming traffic to this port(s).
Solution

filter incoming traffic to this port.

Vulnerability Detection Method

Details: DCE Services Enumeration (OID: 1.3.6.1.4.1.25623.1.0.10736)

Version used: $Revision: 41 $

general/tcp
Medium (CVSS: 4.4)
NVT: Foxit Reader Cloud Plugin Windows Search Path Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.805364)
Summary

The host is installed with Foxit Reader Cloud Plugin and is prone to windows search path Vulnerability.

Vulnerability Detection Result
Installed version: 7.0.6.1126
Fixed version:     7.1
Impact

Successful exploitation will allow local attackers to gain privileges and execute malicious files.

Impact Level: System/Application

Solution

Upgrade to Foxit Reader version 7.1 or later, For updates refer to http://www.foxitsoftware.com

Vulnerability Insight

The flaw is due to SYSTEMDRIVE folder, local users can gain privileges via a Trojan horse.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Foxit Reader Cloud Plugin Windows Search Path Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.805364)

Version used: $Revision: 1160 $

References

CVE: CVE-2015-2789
Other: http://www.securitytracker.com/id/1031879
http://www.foxitsoftware.com/support/security_bulletins.php#FRD-25

general/tcp
Medium (CVSS: 4.3)
NVT: Foxit Reader Denial of Service Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.805361)
Summary

The host is installed with Foxit Reader and is prone to Denial of Service Vulnerability.

Vulnerability Detection Result
Installed version: 7.0.6.1126
Fixed version:     7.1
Impact

Successful exploitation will allow remote attackers to cause a denial-of-service attacks.

Impact Level: System/Application

Solution

Upgrade to Foxit Reader version 7.1 or later, For updates refer to http://www.foxitsoftware.com

Vulnerability Insight

The flaw is due to Ubyte Size in a DataSubBlock structure or LZWMinimumCodeSize in a GIF image.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Foxit Reader Denial of Service Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.805361)

Version used: $Revision: 1160 $

References

CVE: CVE-2015-2790
Other: http://www.securitytracker.com/id/1031877
http://www.foxitsoftware.com/support/security_bulletins.php#FRD-23

general/CPE-T
Log (CVSS: 0.0)
NVT: CPE Inventory (OID: 1.3.6.1.4.1.25623.1.0.810002)
Summary

This routine uses information collected by other routines about CPE identities (http://cpe.mitre.org/) of operating systems, services and applications detected during the scan.

Vulnerability Detection Result
192.168.0.102|cpe:/a:oracle:jre:1.8.0_40
192.168.0.102|cpe:/a:oracle:jre:x64
192.168.0.102|cpe:/a:microsoft:onenote:15.0.4701.1000
192.168.0.102|cpe:/a:microsoft:onenote:x64:15.0.4701.1000
192.168.0.102|cpe:/a:oracle:vm_virtualbox:4.3.26
192.168.0.102|cpe:/a:microsoft:office_word:2013
192.168.0.102|cpe:/a:microsoft:office_excel:2013
192.168.0.102|cpe:/a:microsoft:access:2013
192.168.0.102|cpe:/a:microsoft:office_powerpoint:2013
192.168.0.102|cpe:/a:microsoft:office_publisher:2013
192.168.0.102|cpe:/a:microsoft:outlook:2013
192.168.0.102|cpe:/a:microsoft:ie:11.0.9600.17728
192.168.0.102|cpe:/a:vmware:player:7.1.0
192.168.0.102|cpe:/a:microsoft:windows_media_player:12.0.7601.18741
192.168.0.102|cpe:/a:google:chrome:42.0.2311.90
192.168.0.102|cpe:/a:foxitsoftware:reader:7.0.6.1126
192.168.0.102|cpe:/o:microsoft:windows_7::sp1
Log Method

Details: CPE Inventory (OID: 1.3.6.1.4.1.25623.1.0.810002)

Version used: $Revision: 314 $

general/tcp
Log (CVSS: 0.0)
NVT: OS fingerprinting (OID: 1.3.6.1.4.1.25623.1.0.102002)
Summary

This script performs ICMP based OS fingerprinting (as described by Ofir Arkin and Fyodor Yarochkin in Phrack #57). It can be used to determine remote operating system version.

Vulnerability Detection Result
ICMP based OS fingerprint results: (80% confidence)
HP JetDirect
Log Method

Details: OS fingerprinting (OID: 1.3.6.1.4.1.25623.1.0.102002)

Version used: $Revision: 43 $

References

Other: http://www.phrack.org/issues.html?issue=57&id=7#article

general/tcp
Log (CVSS: 0.0)
NVT: SMB Registry : Windows Service Pack version (OID: 1.3.6.1.4.1.25623.1.0.10401)
Summary

Detection of installed Windows Service Pack version.

The script logs in via SMB, and reads the registry key to retrieve Windows Service Pack Version and sets KnowledgeBase.

Vulnerability Detection Result
The Windows 7 Professional 6.1 is installed with Service Pack 1
Log Method

Details: SMB Registry : Windows Service Pack version (OID: 1.3.6.1.4.1.25623.1.0.10401)

Version used: $Revision: 549 $

general/tcp
Log (CVSS: 0.0)
NVT: Traceroute (OID: 1.3.6.1.4.1.25623.1.0.51662)
Summary

A traceroute from the scanning server to the target system was conducted. This traceroute is provided primarily for informational value only. In the vast majority of cases, it does not represent a vulnerability. However, if the displayed traceroute contains any private addresses that should not have been publicly visible, then you have an issue you need to correct.

Vulnerability Detection Result
Here is the route from 192.168.237.130 to 192.168.0.102:
192.168.237.130
192.168.0.102
Solution

Block unwanted packets from escaping your network.

Log Method

Details: Traceroute (OID: 1.3.6.1.4.1.25623.1.0.51662)

Version used: $Revision: 975 $

general/tcp
Log (CVSS: 0.0)
NVT: VMWare products version detection (Windows) (OID: 1.3.6.1.4.1.25623.1.0.800000)
Summary

This script retrieves all VMWare Products version from registry and saves those in KB.

Vulnerability Detection Result
Detected VMware
Version: 7.1.0
Location: G:\\Instalace\\vmware\\
CPE: cpe:/a:vmware:player:7.1.0
Concluded from version identification result:
7.1.0
Log Method

Details: VMWare products version detection (Windows) (OID: 1.3.6.1.4.1.25623.1.0.800000)

Version used: $Revision: 1128 $

general/tcp
Log (CVSS: 0.0)
NVT: Google Chrome Version Detection (Windows) (OID: 1.3.6.1.4.1.25623.1.0.800120)
Summary

Detection of installed version of Google Chrome on Windows.

The script logs in via smb, searches for Google Chrome in the registry and gets the version from registry.

Vulnerability Detection Result
Detected Google Chrome
Version: 42.0.2311.90
Location: C:\\Program Files (x86)\\Google\\Chrome\\Application
CPE: cpe:/a:google:chrome:42.0.2311.90
Concluded from version identification result:
42.0.2311.90
Log Method

Details: Google Chrome Version Detection (Windows) (OID: 1.3.6.1.4.1.25623.1.0.800120)

Version used: $Revision: 372 $

general/tcp
Log (CVSS: 0.0)
NVT: Microsoft Internet Explorer Version Detection (Win) (OID: 1.3.6.1.4.1.25623.1.0.800209)
Summary

Detection of installed version of Microsoft Internet Explorer.

The script logs in via smb, detects the version of Microsoft Internet Explorer on remote host and sets the KB.

Vulnerability Detection Result
Detected Microsoft Internet Explorer
Version: 11.0.9600.17728
Location: C:\\Program Files\\Internet Explorer
CPE: cpe:/a:microsoft:ie:11.0.9600.17728
Concluded from version identification result:
11.0.9600.17728
Log Method

Details: Microsoft Internet Explorer Version Detection (Win) (OID: 1.3.6.1.4.1.25623.1.0.800209)

Version used: $Revision: 42 $

general/tcp
Log (CVSS: 0.0)
NVT: Sun Java Products Version Detection (Win) (OID: 1.3.6.1.4.1.25623.1.0.800383)
Summary

Detection of installed version of Java Products.

The script logs in via smb, searches for Java Products in the registry and gets the version from 'Version' string in registry

Vulnerability Detection Result
Detected Oracle Java JRE 
Version: 1.8.0_40
Location: C:\\Program Files\\Java\\jre1.8.0_40
CPE: cpe:/a:oracle:jre:1.8.0_40
Concluded from version identification result:
1.8.0_40
Log Method

Details: Sun Java Products Version Detection (Win) (OID: 1.3.6.1.4.1.25623.1.0.800383)

Version used: $Revision: 368 $

general/tcp
Log (CVSS: 0.0)
NVT: Sun Java Products Version Detection (Win) (OID: 1.3.6.1.4.1.25623.1.0.800383)
Summary

Detection of installed version of Java Products.

The script logs in via smb, searches for Java Products in the registry and gets the version from 'Version' string in registry

Vulnerability Detection Result
Detected Oracle Java JRE 
Version: 1.8.0_40
Location: C:\\Program Files\\Java\\jre1.8.0_40
CPE: cpe:/a:oracle:jre:x64
Concluded from version identification result:
1.8.0_40
Log Method

Details: Sun Java Products Version Detection (Win) (OID: 1.3.6.1.4.1.25623.1.0.800383)

Version used: $Revision: 368 $

general/tcp
Log (CVSS: 0.0)
NVT: Sun Java Products Version Detection (Win) (OID: 1.3.6.1.4.1.25623.1.0.800383)
Summary

Detection of installed version of Java Products.

The script logs in via smb, searches for Java Products in the registry and gets the version from 'Version' string in registry

Vulnerability Detection Result
Detected Oracle Java JRE 
Version: 1.8.0_40
Location: G:\\Instalace\\Java
CPE: cpe:/a:oracle:jre:1.8.0_40
Concluded from version identification result:
1.8.0_40
Log Method

Details: Sun Java Products Version Detection (Win) (OID: 1.3.6.1.4.1.25623.1.0.800383)

Version used: $Revision: 368 $

general/tcp
Log (CVSS: 0.0)
NVT: Foxit Reader Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800536)
Summary

Detection of installed version of Foxit Reader.

The script logs in via smb, searches for Foxit Reader in the registry and gets the version from registry.

Vulnerability Detection Result
Detected Foxit Reader
Version: 7.0.6.1126
Location: C:\\Program Files (x86)\\Foxit Software\\Foxit Reader
CPE: cpe:/a:foxitsoftware:reader:7.0.6.1126
Concluded from version identification result:
7.0.6.1126
Log Method

Details: Foxit Reader Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800536)

Version used: $Revision: 1160 $

general/tcp
Log (CVSS: 0.0)
NVT: Microsoft OneNote Version Detection (Windows) (OID: 1.3.6.1.4.1.25623.1.0.803436)
Summary

Detection of installed version of Microsoft OneNote.

The script logs in via smb, and detect the version of Microsoft OneNote on remote host and sets the KB

Vulnerability Detection Result
Detected Microsoft OneNote
Version: 15.0.4701.1000
Location: C:\\Program Files\\Microsoft Office 15\\Root\\Office15\\
CPE: cpe:/a:microsoft:onenote:15.0.4701.1000
Concluded from version identification result:
15.0.4701.1000
Log Method

Details: Microsoft OneNote Version Detection (Windows) (OID: 1.3.6.1.4.1.25623.1.0.803436)

Version used: $Revision: 1128 $

general/tcp
Log (CVSS: 0.0)
NVT: Microsoft OneNote Version Detection (Windows) (OID: 1.3.6.1.4.1.25623.1.0.803436)
Summary

Detection of installed version of Microsoft OneNote.

The script logs in via smb, and detect the version of Microsoft OneNote on remote host and sets the KB

Vulnerability Detection Result
Detected Microsoft OneNote
Version: 15.0.4701.1000
Location: C:\\Program Files\\Microsoft Office 15\\Root\\Office15\\
CPE: cpe:/a:microsoft:onenote:x64:15.0.4701.1000
Concluded from version identification result:
15.0.4701.1000
Log Method

Details: Microsoft OneNote Version Detection (Windows) (OID: 1.3.6.1.4.1.25623.1.0.803436)

Version used: $Revision: 1128 $

general/tcp
Log (CVSS: 0.0)
NVT: Microsoft Windows Media Player Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900173)
Summary

Detection of installed version of Windows Media Player.

The script logs in via smb, searches for Windows Media Player CLSID in the registry, gets version and set it in the KB item.

Vulnerability Detection Result
Detected Microsoft Windows Media Player
Version: 12.0.7601.18741
Location: ProgramFiles(x86)\\Windows Media Player
CPE: cpe:/a:microsoft:windows_media_player:12.0.7601.18741
Concluded from version identification result:
12.0.7601.18741
Log Method

Details: Microsoft Windows Media Player Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900173)

Version used: $Revision: 1128 $

general/tcp
Log (CVSS: 0.0)
NVT: Sun VirtualBox Version Detection (Win) (OID: 1.3.6.1.4.1.25623.1.0.901053)
Summary

Detection of installed version of Sun/Oracle VirtualBox.

The script logs in via smb, searches for Sun/Oracle VirtualBox in the registry and gets the version from 'Version' string in registry

Vulnerability Detection Result
Detected Sun/Oracle VirtualBox
Version: 4.3.26
Location: I:\\INSTALACE\\virtualbox\\
CPE: cpe:/a:oracle:vm_virtualbox:4.3.26
Concluded from version identification result:
4.3.26
Log Method

Details: Sun VirtualBox Version Detection (Win) (OID: 1.3.6.1.4.1.25623.1.0.901053)

Version used: $Revision: 222 $

22/tcp
Log (CVSS: 0.0)
NVT: SSH Login Failed For Authenticated Checks (OID: 1.3.6.1.4.1.25623.1.0.105936)
Summary

It was NOT possible to login using the provided SSH credentials. Hence authenticated checks are not enabled.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Solution

Recheck the SSH credentials for authenticated checks.

Log Method

Details: SSH Login Failed For Authenticated Checks (OID: 1.3.6.1.4.1.25623.1.0.105936)

Version used: $Revision: 971 $

22/tcp
Log (CVSS: 0.0)
NVT: SSH Authorization Check (OID: 1.3.6.1.4.1.25623.1.0.90022)
Summary

This script tries to login with provided credentials.

If the login was successful, it marks this port as available for any authenticated tests.

Vulnerability Detection Result
It was not possible to login using the provided SSH credentials.
Hence authenticated checks are not enabled.
Log Method

Details: SSH Authorization Check (OID: 1.3.6.1.4.1.25623.1.0.90022)

Version used: $Revision: 948 $

137/udp
Log (CVSS: 0.0)
NVT: Using NetBIOS to retrieve information from a Windows host (OID: 1.3.6.1.4.1.25623.1.0.10150)
Summary

The NetBIOS port is open (UDP:137). A remote attacker may use this to gain access to sensitive information such as computer name, workgroup/domain name, currently logged on user name, etc.

Vulnerability Detection Result
The following 3 NetBIOS names have been gathered :
 TOMAS-PC        = This is the computer name registered for workstation services by a WINS↵
 client.
 WORKGROUP       = Workgroup / Domain name
 TOMAS-PC        = Computer name
The remote host has the following MAC address on its adapter :
   e8:de:27:10:72:5e
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Solution

Block those ports from outside communication

Log Method

Details: Using NetBIOS to retrieve information from a Windows host (OID: 1.3.6.1.4.1.25623.1.0.10150)

Version used: $Revision: 41 $

139/tcp
Log (CVSS: 0.0)
NVT: SMB on port 445 (OID: 1.3.6.1.4.1.25623.1.0.11011)
Summary

This script detects wether port 445 and 139 are open and if thet are running SMB servers.

Vulnerability Detection Result
An SMB server is running on this port
Log Method

Details: SMB on port 445 (OID: 1.3.6.1.4.1.25623.1.0.11011)

Version used: $Revision: 41 $

445/tcp
Log (CVSS: 0.0)
NVT: SMB NativeLanMan (OID: 1.3.6.1.4.1.25623.1.0.102011)
Summary

It is possible to extract OS, domain and SMB server information from the Session Setup AndX Response packet which is generated during NTLM authentication.

Vulnerability Detection Result
 Summary:
 It is possible to extract OS, domain and SMB server information
from the Session Setup AndX Response packet which is generated
during NTLM authentication.Detected SMB workgroup: WORKGROUP
Detected SMB server: Windows 7 Professional 6.1
Detected OS: Windows 7 Professional 7601 Service Pack 1
Log Method

Details: SMB NativeLanMan (OID: 1.3.6.1.4.1.25623.1.0.102011)

Version used: $Revision: 43 $

445/tcp
Log (CVSS: 0.0)
NVT: SMB log in (OID: 1.3.6.1.4.1.25623.1.0.10394)
Summary

This script attempts to logon into the remote host using login/password credentials.

Vulnerability Detection Result
It was possible to log into the remote host using the SMB protocol.
Log Method

Details: SMB log in (OID: 1.3.6.1.4.1.25623.1.0.10394)

Version used: $Revision: 1032 $

445/tcp
Log (CVSS: 0.0)
NVT: SMB on port 445 (OID: 1.3.6.1.4.1.25623.1.0.11011)
Summary

This script detects wether port 445 and 139 are open and if thet are running SMB servers.

Vulnerability Detection Result
A CIFS server is running on this port
Log Method

Details: SMB on port 445 (OID: 1.3.6.1.4.1.25623.1.0.11011)

Version used: $Revision: 41 $

902/tcp
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
Summary

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

Vulnerability Detection Result
A VMWare authentication daemon is running on this port:
220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MK↵
SDisplayProtocol:VNC , , NFCSSL supported/t
Log Method

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

912/tcp
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
Summary

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

Vulnerability Detection Result
A VMWare authentication daemon is running on this port:
220 VMware Authentication Daemon Version 1.0, ServerDaemonProtocol:SOAP, MKSDisplayProtoco↵
l:VNC , , 
Log Method

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

1900/udp
Log (CVSS: 0.0)
NVT: MiniUPnPd Detection (OID: 1.3.6.1.4.1.25623.1.0.103652)
Summary

Detection of the UPnP protocol.

The script sends a UPnP discovery request and attempts to determine if the remote host supports the UPnP protocol

Vulnerability Detection Result
The remote Host supports the UPnP protocol. You should restrict access
to port 1900/udp. The remote Host answers the following to a SSDP M-SEARCH request
HTTP/1.1 200 OK
ST:uuid:80763aa9-40dc-49c7-953c-8fa7cb5e525a
USN:uuid:80763aa9-40dc-49c7-953c-8fa7cb5e525a
Location:http://192.168.0.102:2869/upnphost/udhisapi.dll?content=uuid:80763aa9-40dc-49c7-9↵
53c-8fa7cb5e525a
OPT:\"http://schemas.upnp.org/upnp/1/0/\"; ns=01
01-NLS:66f0430594ce321ba4d075e6f9cdda97
Cache-Control:max-age=1800
Server:Microsoft-Windows-NT/5.1 UPnP/1.0 UPnP-Device-Host/1.0
Ext:
Log Method

Details: MiniUPnPd Detection (OID: 1.3.6.1.4.1.25623.1.0.103652)

Version used: $Revision: 18 $

2869/tcp
Log (CVSS: 0.0)
NVT: DIRB (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.103079)
Summary

This script uses DIRB to find directories and files on web applications via brute forcing.

Vulnerability Detection Result
This are the directories/files found with brute force:
http://192.168.0.102:2869/
Log Method

Details: DIRB (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.103079)

Version used: $Revision: 13 $

2869/tcp
Log (CVSS: 0.0)
NVT: Identify unknown services with 'HELP' (OID: 1.3.6.1.4.1.25623.1.0.11153)
Summary

This plugin performs service detection.

Description :

This plugin is a complement of find_service.nasl. It sends a HELP request to the remaining unknown services and tries to identify them.

Vulnerability Detection Result
A (non-RFC compliant) web server seems to be running on this port
Log Method

Details: Identify unknown services with 'HELP' (OID: 1.3.6.1.4.1.25623.1.0.11153)

Version used: $Revision: 1085 $

2869/tcp
Log (CVSS: 0.0)
NVT: Hidden WWW server name (OID: 1.3.6.1.4.1.25623.1.0.11239)
Summary

It seems that your web server tries to hide its version or name, which is a good thing. However, using a special crafted request, OpenVAS was able to discover it.

Vulnerability Detection Result
It seems that your web server tries to hide its version 
or name, which is a good thing.
However, using a special crafted request, OpenVAS was able 
to determine that is is running : 
 Microsoft-HTTPAPI/2.0
Solution: Fix your configuration.
Solution

Fix your configuration.

Log Method

Details: Hidden WWW server name (OID: 1.3.6.1.4.1.25623.1.0.11239)

Version used: $Revision: 673 $

2869/tcp
Log (CVSS: 0.0)
NVT: Nikto (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.14260)
Summary

This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web server security. See the preferences section for configuration options.

Vulnerability Detection Result
Here is the Nikto report:
- Nikto v2.1.6
---------------------------------------------------------------------------
+ No web server found on 192.168.0.102:2869
---------------------------------------------------------------------------
+ 0 host(s) tested
Log Method

Details: Nikto (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.14260)

Version used: $Revision: 995 $

3780/tcp
Log (CVSS: 0.0)
NVT: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)
Summary

This detects the HTTP Server's type and version.

Vulnerability Detection Result
The remote web server type is :
NSC/0.6.4 (JVM)
Solution

Configure your server to use an alternate name like 'Wintendo httpD w/Dotmatrix display' Be sure to remove common logos like apache_pb.gif. With Apache, you can set the directive 'ServerTokens Prod' to limit the information emanating from the server in its response headers.

Log Method

Details: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)

Version used: $Revision: 229 $

3780/tcp
Log (CVSS: 0.0)
NVT: DIRB (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.103079)
Summary

This script uses DIRB to find directories and files on web applications via brute forcing.

Vulnerability Detection Result
This are the directories/files found with brute force:
https://192.168.0.102:3780/
Log Method

Details: DIRB (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.103079)

Version used: $Revision: 13 $

3780/tcp
Log (CVSS: 0.0)
NVT: SSL Certificate - Self-Signed Certificate Detection (OID: 1.3.6.1.4.1.25623.1.0.103140)
Summary

The SSL certificate on this port is self-signed.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Log Method

Details: SSL Certificate - Self-Signed Certificate Detection (OID: 1.3.6.1.4.1.25623.1.0.103140)

Version used: $Revision: 651 $

References

Other: http://en.wikipedia.org/wiki/Self-signed_certificate

3780/tcp
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
Summary

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

Vulnerability Detection Result
A TLScustom server answered on this port
Log Method

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

3780/tcp
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
Summary

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

Vulnerability Detection Result
A web server is running on this port through SSL
Log Method

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

3780/tcp
Log (CVSS: 0.0)
NVT: Check for supported SSL Ciphers (OID: 1.3.6.1.4.1.25623.1.0.103441)
Summary

This Plugin report about supported SSL Ciphers.

Vulnerability Detection Result
Service does not support SSLv2 ciphers.
Service does not support SSLv3 ciphers.
Service does not support TLSv1 ciphers.
No medium ciphers are supported by this service
No weak ciphers are supported by this service
No non-ciphers are supported by this service
Log Method

Details: Check for supported SSL Ciphers (OID: 1.3.6.1.4.1.25623.1.0.103441)

Version used: $Revision: 12 $

3780/tcp
Log (CVSS: 0.0)
NVT: No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)
Summary

Remote web server does not reply with 404 error code.

Vulnerability Detection Result
This web server is [mis]configured in that it does not return '404 Not Found' 
error codes when a non-existent file is requested, perhaps returning
a site map, search page or authentication page instead.
CGI scanning will be disabled for this host.
Vulnerability Insight

This web server is [mis]configured in that it does not return '404 Not Found' error codes when a non-existent file is requested, perhaps returning a site map, search page or authentication page instead. OpenVAS enabled some counter measures for that, however they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate

Log Method

Details: No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)

Version used: $Revision: 1048 $

3780/tcp
Log (CVSS: 0.0)
NVT: Web mirroring (OID: 1.3.6.1.4.1.25623.1.0.10662)
Summary

This script makes a mirror of the remote web site and extracts the list of CGIs that are used by the remote host.

It is suggested you allow a long-enough timeout value for this test routine and also adjust the setting on the number of pages to mirror.

Vulnerability Detection Result
The following CGI have been discovered :
Syntax : cginame (arguments [default value])
/login.html (loginRedir [/20150414/style] )
Log Method

Details: Web mirroring (OID: 1.3.6.1.4.1.25623.1.0.10662)

Version used: $Revision: 1048 $

3780/tcp
Log (CVSS: 0.0)
NVT: Directory Scanner (OID: 1.3.6.1.4.1.25623.1.0.11032)
Summary

This plugin attempts to determine the presence of various common dirs on the remote web server

Vulnerability Detection Result
The following directories were discovered:
/News, /help, /images, /scripts, /style
While this is not, in and of itself, a bug, you should manually inspect 
these directories to ensure that they are in compliance with company
security standards
Log Method

Details: Directory Scanner (OID: 1.3.6.1.4.1.25623.1.0.11032)

Version used: $Revision: 1048 $

References

Other: OWASP:OWASP-CM-006

3780/tcp
Log (CVSS: 0.0)
NVT: Nikto (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.14260)
Summary

This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web server security. See the preferences section for configuration options.

Vulnerability Detection Result
The target server did not return 404 on requests for non-existent pages.
This scan has not been executed since Nikto is prone to reporting many false positives in ↵
this case.
If you wish to force this scan, you can enable it in the Nikto preferences in your client.
Log Method

Details: Nikto (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.14260)

Version used: $Revision: 995 $

3780/tcp
Log (CVSS: 0.0)
NVT: Check for SSL Ciphers (OID: 1.3.6.1.4.1.25623.1.0.802067)
Summary

This routine search for SSL ciphers offered by a service.

Vulnerability Detection Result
Service does not support SSLv2 ciphers.
Service does not support SSLv3 ciphers.
Service does not support TLSv1 ciphers.
No medium ciphers are supported by this service
No weak ciphers are supported by this service
No non-ciphers are supported by this service
Log Method

Details: Check for SSL Ciphers (OID: 1.3.6.1.4.1.25623.1.0.802067)

Version used: $Revision: 312 $

5357/tcp
Log (CVSS: 0.0)
NVT: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)
Summary

This detects the HTTP Server's type and version.

Vulnerability Detection Result
The remote web server type is :
Microsoft-HTTPAPI/2.0
Solution

Configure your server to use an alternate name like 'Wintendo httpD w/Dotmatrix display' Be sure to remove common logos like apache_pb.gif. With Apache, you can set the directive 'ServerTokens Prod' to limit the information emanating from the server in its response headers.

Log Method

Details: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)

Version used: $Revision: 229 $

5357/tcp
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
Summary

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

Vulnerability Detection Result
A web server is running on this port
Log Method

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

This file was automatically generated.