SummaryThis document reports on the results of an automatic security scan. The report first summarises the results found. Then, for each host, the report describes every issue found. Please consider the advice given in each description, in order to rectify the issue. Vendor security updates are not trusted. Overrides are on. When a result has an override, this report uses the threat of the override. Notes are included in the report. This report might not show details of all issues that were found. It only lists hosts that produced issues. Issues with the threat level "Debug" are not shown. Issues with the threat level "False Positive" are not shown. This report contains all 46 results selected by the filtering described above. Before filtering there were 46 results.
Host Summary
Results per HostHost 192.168.0.102
Port Summary for Host 192.168.0.102
Security Issues for Host 192.168.0.102135/tcp
Medium
(CVSS: 5.0)
NVT:
DCE Services Enumeration
(OID: 1.3.6.1.4.1.25623.1.0.10736)
Summary
Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
filter incoming traffic to this port.
Vulnerability Detection Method
Details: DCE Services Enumeration (OID: 1.3.6.1.4.1.25623.1.0.10736) Version used: $Revision: 41 $ 135/tcp
Medium
(CVSS: 5.0)
NVT:
DCE Services Enumeration
(OID: 1.3.6.1.4.1.25623.1.0.10736)
Summary
Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host.
Vulnerability Detection Result
Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host. Here is the list of DCE services running on this host: Port: 1025/tcp UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1 Endpoint: ncacn_ip_tcp:192.168.0.102[1025] Port: 1026/tcp UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1 Endpoint: ncacn_ip_tcp:192.168.0.102[1026] Annotation: Event log TCPIP UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1 Endpoint: ncacn_ip_tcp:192.168.0.102[1026] Annotation: DHCPv6 Client LRPC Endpoint UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1 Endpoint: ncacn_ip_tcp:192.168.0.102[1026] Annotation: DHCP Client LRPC Endpoint UUID: 06bba54a-be05-49f9-b0a0-30f790261023, version 1 Endpoint: ncacn_ip_tcp:192.168.0.102[1026] Annotation: Security Center UUID: 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1 Endpoint: ncacn_ip_tcp:192.168.0.102[1026] Annotation: NRP server endpoint Port: 1027/tcp UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1 Endpoint: ncacn_ip_tcp:192.168.0.102[1027] UUID: a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1 Endpoint: ncacn_ip_tcp:192.168.0.102[1027] Annotation: IKE/Authip API UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1 Endpoint: ncacn_ip_tcp:192.168.0.102[1027] Annotation: IP Transition Configuration endpoint UUID: 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1 Endpoint: ncacn_ip_tcp:192.168.0.102[1027] Annotation: XactSrv service Port: 1028/tcp UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1 Endpoint: ncacn_ip_tcp:192.168.0.102[1028] Named pipe : lsass Win32 service or process : lsass.exe Description : SAM access Port: 1031/tcp UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2 Endpoint: ncacn_ip_tcp:192.168.0.102[1031] Solution : filter incoming traffic to this port(s).
Solution
filter incoming traffic to this port.
Vulnerability Detection Method
Details: DCE Services Enumeration (OID: 1.3.6.1.4.1.25623.1.0.10736) Version used: $Revision: 41 $ general/tcp
Medium
(CVSS: 4.4)
NVT:
Foxit Reader Cloud Plugin Windows Search Path Vulnerability
(OID: 1.3.6.1.4.1.25623.1.0.805364)
Summary
The host is installed with Foxit Reader Cloud Plugin and is prone to windows search path Vulnerability.
Vulnerability Detection Result
Installed version: 7.0.6.1126 Fixed version: 7.1
Impact
Successful exploitation will allow local attackers to gain privileges and execute malicious files. Impact Level: System/Application
Solution
Upgrade to Foxit Reader version 7.1 or later, For updates refer to http://www.foxitsoftware.com
Vulnerability Insight
The flaw is due to SYSTEMDRIVE folder, local users can gain privileges via a Trojan horse.
Vulnerability Detection Method
Get the installed version with the help of detect NVT and check the version is vulnerable or not. Details: Foxit Reader Cloud Plugin Windows Search Path Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.805364) Version used: $Revision: 1160 $
References
general/tcp
Medium
(CVSS: 4.3)
NVT:
Foxit Reader Denial of Service Vulnerability
(OID: 1.3.6.1.4.1.25623.1.0.805361)
Summary
The host is installed with Foxit Reader and is prone to Denial of Service Vulnerability.
Vulnerability Detection Result
Installed version: 7.0.6.1126 Fixed version: 7.1
Impact
Successful exploitation will allow remote attackers to cause a denial-of-service attacks. Impact Level: System/Application
Solution
Upgrade to Foxit Reader version 7.1 or later, For updates refer to http://www.foxitsoftware.com
Vulnerability Insight
The flaw is due to Ubyte Size in a DataSubBlock structure or LZWMinimumCodeSize in a GIF image.
Vulnerability Detection Method
Get the installed version with the help of detect NVT and check the version is vulnerable or not. Details: Foxit Reader Denial of Service Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.805361) Version used: $Revision: 1160 $
References
general/CPE-T
Log
(CVSS: 0.0)
NVT:
CPE Inventory
(OID: 1.3.6.1.4.1.25623.1.0.810002)
Summary
This routine uses information collected by other routines about CPE identities (http://cpe.mitre.org/) of operating systems, services and applications detected during the scan.
Vulnerability Detection Result
192.168.0.102|cpe:/a:oracle:jre:1.8.0_40 192.168.0.102|cpe:/a:oracle:jre:x64 192.168.0.102|cpe:/a:microsoft:onenote:15.0.4701.1000 192.168.0.102|cpe:/a:microsoft:onenote:x64:15.0.4701.1000 192.168.0.102|cpe:/a:oracle:vm_virtualbox:4.3.26 192.168.0.102|cpe:/a:microsoft:office_word:2013 192.168.0.102|cpe:/a:microsoft:office_excel:2013 192.168.0.102|cpe:/a:microsoft:access:2013 192.168.0.102|cpe:/a:microsoft:office_powerpoint:2013 192.168.0.102|cpe:/a:microsoft:office_publisher:2013 192.168.0.102|cpe:/a:microsoft:outlook:2013 192.168.0.102|cpe:/a:microsoft:ie:11.0.9600.17728 192.168.0.102|cpe:/a:vmware:player:7.1.0 192.168.0.102|cpe:/a:microsoft:windows_media_player:12.0.7601.18741 192.168.0.102|cpe:/a:google:chrome:42.0.2311.90 192.168.0.102|cpe:/a:foxitsoftware:reader:7.0.6.1126 192.168.0.102|cpe:/o:microsoft:windows_7::sp1
Log Method
Details: CPE Inventory (OID: 1.3.6.1.4.1.25623.1.0.810002) Version used: $Revision: 314 $ general/tcp
Log
(CVSS: 0.0)
NVT:
OS fingerprinting
(OID: 1.3.6.1.4.1.25623.1.0.102002)
Summary
This script performs ICMP based OS fingerprinting (as described by Ofir Arkin and Fyodor Yarochkin in Phrack #57). It can be used to determine remote operating system version.
Vulnerability Detection Result
ICMP based OS fingerprint results: (80% confidence) HP JetDirect
Log Method
Details: OS fingerprinting (OID: 1.3.6.1.4.1.25623.1.0.102002) Version used: $Revision: 43 $
References
general/tcp
Log
(CVSS: 0.0)
NVT:
SMB Registry : Windows Service Pack version
(OID: 1.3.6.1.4.1.25623.1.0.10401)
Summary
Detection of installed Windows Service Pack version. The script logs in via SMB, and reads the registry key to retrieve Windows Service Pack Version and sets KnowledgeBase.
Vulnerability Detection Result
The Windows 7 Professional 6.1 is installed with Service Pack 1
Log Method
Details: SMB Registry : Windows Service Pack version (OID: 1.3.6.1.4.1.25623.1.0.10401) Version used: $Revision: 549 $ general/tcp
Log
(CVSS: 0.0)
NVT:
Traceroute
(OID: 1.3.6.1.4.1.25623.1.0.51662)
Summary
A traceroute from the scanning server to the target system was conducted. This traceroute is provided primarily for informational value only. In the vast majority of cases, it does not represent a vulnerability. However, if the displayed traceroute contains any private addresses that should not have been publicly visible, then you have an issue you need to correct.
Vulnerability Detection Result
Here is the route from 192.168.237.130 to 192.168.0.102: 192.168.237.130 192.168.0.102
Solution
Block unwanted packets from escaping your network.
Log Method
Details: Traceroute (OID: 1.3.6.1.4.1.25623.1.0.51662) Version used: $Revision: 975 $ general/tcp
Log
(CVSS: 0.0)
NVT:
VMWare products version detection (Windows)
(OID: 1.3.6.1.4.1.25623.1.0.800000)
Summary
This script retrieves all VMWare Products version from registry and saves those in KB.
Vulnerability Detection Result
Detected VMware Version: 7.1.0 Location: G:\\Instalace\\vmware\\ CPE: cpe:/a:vmware:player:7.1.0 Concluded from version identification result: 7.1.0
Log Method
Details: VMWare products version detection (Windows) (OID: 1.3.6.1.4.1.25623.1.0.800000) Version used: $Revision: 1128 $ general/tcp
Log
(CVSS: 0.0)
NVT:
Google Chrome Version Detection (Windows)
(OID: 1.3.6.1.4.1.25623.1.0.800120)
Summary
Detection of installed version of Google Chrome on Windows. The script logs in via smb, searches for Google Chrome in the registry and gets the version from registry.
Vulnerability Detection Result
Detected Google Chrome Version: 42.0.2311.90 Location: C:\\Program Files (x86)\\Google\\Chrome\\Application CPE: cpe:/a:google:chrome:42.0.2311.90 Concluded from version identification result: 42.0.2311.90
Log Method
Details: Google Chrome Version Detection (Windows) (OID: 1.3.6.1.4.1.25623.1.0.800120) Version used: $Revision: 372 $ general/tcp
Log
(CVSS: 0.0)
NVT:
Microsoft Internet Explorer Version Detection (Win)
(OID: 1.3.6.1.4.1.25623.1.0.800209)
Summary
Detection of installed version of Microsoft Internet Explorer. The script logs in via smb, detects the version of Microsoft Internet Explorer on remote host and sets the KB.
Vulnerability Detection Result
Detected Microsoft Internet Explorer Version: 11.0.9600.17728 Location: C:\\Program Files\\Internet Explorer CPE: cpe:/a:microsoft:ie:11.0.9600.17728 Concluded from version identification result: 11.0.9600.17728
Log Method
Details: Microsoft Internet Explorer Version Detection (Win) (OID: 1.3.6.1.4.1.25623.1.0.800209) Version used: $Revision: 42 $ general/tcp
Log
(CVSS: 0.0)
NVT:
Sun Java Products Version Detection (Win)
(OID: 1.3.6.1.4.1.25623.1.0.800383)
Summary
Detection of installed version of Java Products. The script logs in via smb, searches for Java Products in the registry and gets the version from 'Version' string in registry
Vulnerability Detection Result
Detected Oracle Java JRE Version: 1.8.0_40 Location: C:\\Program Files\\Java\\jre1.8.0_40 CPE: cpe:/a:oracle:jre:1.8.0_40 Concluded from version identification result: 1.8.0_40
Log Method
Details: Sun Java Products Version Detection (Win) (OID: 1.3.6.1.4.1.25623.1.0.800383) Version used: $Revision: 368 $ general/tcp
Log
(CVSS: 0.0)
NVT:
Sun Java Products Version Detection (Win)
(OID: 1.3.6.1.4.1.25623.1.0.800383)
Summary
Detection of installed version of Java Products. The script logs in via smb, searches for Java Products in the registry and gets the version from 'Version' string in registry
Vulnerability Detection Result
Detected Oracle Java JRE Version: 1.8.0_40 Location: C:\\Program Files\\Java\\jre1.8.0_40 CPE: cpe:/a:oracle:jre:x64 Concluded from version identification result: 1.8.0_40
Log Method
Details: Sun Java Products Version Detection (Win) (OID: 1.3.6.1.4.1.25623.1.0.800383) Version used: $Revision: 368 $ general/tcp
Log
(CVSS: 0.0)
NVT:
Sun Java Products Version Detection (Win)
(OID: 1.3.6.1.4.1.25623.1.0.800383)
Summary
Detection of installed version of Java Products. The script logs in via smb, searches for Java Products in the registry and gets the version from 'Version' string in registry
Vulnerability Detection Result
Detected Oracle Java JRE Version: 1.8.0_40 Location: G:\\Instalace\\Java CPE: cpe:/a:oracle:jre:1.8.0_40 Concluded from version identification result: 1.8.0_40
Log Method
Details: Sun Java Products Version Detection (Win) (OID: 1.3.6.1.4.1.25623.1.0.800383) Version used: $Revision: 368 $ general/tcp
Log
(CVSS: 0.0)
NVT:
Foxit Reader Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.800536)
Summary
Detection of installed version of Foxit Reader. The script logs in via smb, searches for Foxit Reader in the registry and gets the version from registry.
Vulnerability Detection Result
Detected Foxit Reader Version: 7.0.6.1126 Location: C:\\Program Files (x86)\\Foxit Software\\Foxit Reader CPE: cpe:/a:foxitsoftware:reader:7.0.6.1126 Concluded from version identification result: 7.0.6.1126
Log Method
Details: Foxit Reader Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800536) Version used: $Revision: 1160 $ general/tcp
Log
(CVSS: 0.0)
NVT:
Microsoft OneNote Version Detection (Windows)
(OID: 1.3.6.1.4.1.25623.1.0.803436)
Summary
Detection of installed version of Microsoft OneNote. The script logs in via smb, and detect the version of Microsoft OneNote on remote host and sets the KB
Vulnerability Detection Result
Detected Microsoft OneNote Version: 15.0.4701.1000 Location: C:\\Program Files\\Microsoft Office 15\\Root\\Office15\\ CPE: cpe:/a:microsoft:onenote:15.0.4701.1000 Concluded from version identification result: 15.0.4701.1000
Log Method
Details: Microsoft OneNote Version Detection (Windows) (OID: 1.3.6.1.4.1.25623.1.0.803436) Version used: $Revision: 1128 $ general/tcp
Log
(CVSS: 0.0)
NVT:
Microsoft OneNote Version Detection (Windows)
(OID: 1.3.6.1.4.1.25623.1.0.803436)
Summary
Detection of installed version of Microsoft OneNote. The script logs in via smb, and detect the version of Microsoft OneNote on remote host and sets the KB
Vulnerability Detection Result
Detected Microsoft OneNote Version: 15.0.4701.1000 Location: C:\\Program Files\\Microsoft Office 15\\Root\\Office15\\ CPE: cpe:/a:microsoft:onenote:x64:15.0.4701.1000 Concluded from version identification result: 15.0.4701.1000
Log Method
Details: Microsoft OneNote Version Detection (Windows) (OID: 1.3.6.1.4.1.25623.1.0.803436) Version used: $Revision: 1128 $ general/tcp
Log
(CVSS: 0.0)
NVT:
Microsoft Windows Media Player Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.900173)
Summary
Detection of installed version of Windows Media Player. The script logs in via smb, searches for Windows Media Player CLSID in the registry, gets version and set it in the KB item.
Vulnerability Detection Result
Detected Microsoft Windows Media Player Version: 12.0.7601.18741 Location: ProgramFiles(x86)\\Windows Media Player CPE: cpe:/a:microsoft:windows_media_player:12.0.7601.18741 Concluded from version identification result: 12.0.7601.18741
Log Method
Details: Microsoft Windows Media Player Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900173) Version used: $Revision: 1128 $ general/tcp
Log
(CVSS: 0.0)
NVT:
Sun VirtualBox Version Detection (Win)
(OID: 1.3.6.1.4.1.25623.1.0.901053)
Summary
Detection of installed version of Sun/Oracle VirtualBox. The script logs in via smb, searches for Sun/Oracle VirtualBox in the registry and gets the version from 'Version' string in registry
Vulnerability Detection Result
Detected Sun/Oracle VirtualBox Version: 4.3.26 Location: I:\\INSTALACE\\virtualbox\\ CPE: cpe:/a:oracle:vm_virtualbox:4.3.26 Concluded from version identification result: 4.3.26
Log Method
Details: Sun VirtualBox Version Detection (Win) (OID: 1.3.6.1.4.1.25623.1.0.901053) Version used: $Revision: 222 $ 22/tcp
Log
(CVSS: 0.0)
NVT:
SSH Login Failed For Authenticated Checks
(OID: 1.3.6.1.4.1.25623.1.0.105936)
Summary
It was NOT possible to login using the provided SSH credentials. Hence authenticated checks are not enabled.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
Recheck the SSH credentials for authenticated checks.
Log Method
Details: SSH Login Failed For Authenticated Checks (OID: 1.3.6.1.4.1.25623.1.0.105936) Version used: $Revision: 971 $ 22/tcp
Log
(CVSS: 0.0)
NVT:
SSH Authorization Check
(OID: 1.3.6.1.4.1.25623.1.0.90022)
Summary
This script tries to login with provided credentials. If the login was successful, it marks this port as available for any authenticated tests.
Vulnerability Detection Result
It was not possible to login using the provided SSH credentials. Hence authenticated checks are not enabled.
Log Method
Details: SSH Authorization Check (OID: 1.3.6.1.4.1.25623.1.0.90022) Version used: $Revision: 948 $ 137/udp
Log
(CVSS: 0.0)
NVT:
Using NetBIOS to retrieve information from a Windows host
(OID: 1.3.6.1.4.1.25623.1.0.10150)
Summary
The NetBIOS port is open (UDP:137). A remote attacker may use this to gain access to sensitive information such as computer name, workgroup/domain name, currently logged on user name, etc.
Vulnerability Detection Result
The following 3 NetBIOS names have been gathered : TOMAS-PC = This is the computer name registered for workstation services by a WINS↵ client. WORKGROUP = Workgroup / Domain name TOMAS-PC = Computer name The remote host has the following MAC address on its adapter : e8:de:27:10:72:5e If you do not want to allow everyone to find the NetBios name of your computer, you should filter incoming traffic to this port.
Solution
Block those ports from outside communication
Log Method
Details: Using NetBIOS to retrieve information from a Windows host (OID: 1.3.6.1.4.1.25623.1.0.10150) Version used: $Revision: 41 $ 139/tcp
Log
(CVSS: 0.0)
NVT:
SMB on port 445
(OID: 1.3.6.1.4.1.25623.1.0.11011)
Summary
This script detects wether port 445 and 139 are open and if thet are running SMB servers.
Vulnerability Detection Result
An SMB server is running on this port
Log Method
Details: SMB on port 445 (OID: 1.3.6.1.4.1.25623.1.0.11011) Version used: $Revision: 41 $ 445/tcp
Log
(CVSS: 0.0)
NVT:
SMB NativeLanMan
(OID: 1.3.6.1.4.1.25623.1.0.102011)
Summary
It is possible to extract OS, domain and SMB server information from the Session Setup AndX Response packet which is generated during NTLM authentication.
Vulnerability Detection Result
Summary: It is possible to extract OS, domain and SMB server information from the Session Setup AndX Response packet which is generated during NTLM authentication.Detected SMB workgroup: WORKGROUP Detected SMB server: Windows 7 Professional 6.1 Detected OS: Windows 7 Professional 7601 Service Pack 1
Log Method
Details: SMB NativeLanMan (OID: 1.3.6.1.4.1.25623.1.0.102011) Version used: $Revision: 43 $ 445/tcp
Log
(CVSS: 0.0)
NVT:
SMB log in
(OID: 1.3.6.1.4.1.25623.1.0.10394)
Summary
This script attempts to logon into the remote host using login/password credentials.
Vulnerability Detection Result
It was possible to log into the remote host using the SMB protocol.
Log Method
Details: SMB log in (OID: 1.3.6.1.4.1.25623.1.0.10394) Version used: $Revision: 1032 $ 445/tcp
Log
(CVSS: 0.0)
NVT:
SMB on port 445
(OID: 1.3.6.1.4.1.25623.1.0.11011)
Summary
This script detects wether port 445 and 139 are open and if thet are running SMB servers.
Vulnerability Detection Result
A CIFS server is running on this port
Log Method
Details: SMB on port 445 (OID: 1.3.6.1.4.1.25623.1.0.11011) Version used: $Revision: 41 $ 902/tcp
Log
(CVSS: 0.0)
NVT:
Services
(OID: 1.3.6.1.4.1.25623.1.0.10330)
Summary
This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.
Vulnerability Detection Result
A VMWare authentication daemon is running on this port: 220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MK↵ SDisplayProtocol:VNC , , NFCSSL supported/t
Log Method
Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330) Version used: $Revision: 69 $ 912/tcp
Log
(CVSS: 0.0)
NVT:
Services
(OID: 1.3.6.1.4.1.25623.1.0.10330)
Summary
This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.
Vulnerability Detection Result
A VMWare authentication daemon is running on this port: 220 VMware Authentication Daemon Version 1.0, ServerDaemonProtocol:SOAP, MKSDisplayProtoco↵ l:VNC , ,
Log Method
Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330) Version used: $Revision: 69 $ 1900/udp
Log
(CVSS: 0.0)
NVT:
MiniUPnPd Detection
(OID: 1.3.6.1.4.1.25623.1.0.103652)
Summary
Detection of the UPnP protocol. The script sends a UPnP discovery request and attempts to determine if the remote host supports the UPnP protocol
Vulnerability Detection Result
The remote Host supports the UPnP protocol. You should restrict access to port 1900/udp. The remote Host answers the following to a SSDP M-SEARCH request HTTP/1.1 200 OK ST:uuid:80763aa9-40dc-49c7-953c-8fa7cb5e525a USN:uuid:80763aa9-40dc-49c7-953c-8fa7cb5e525a Location:http://192.168.0.102:2869/upnphost/udhisapi.dll?content=uuid:80763aa9-40dc-49c7-9↵ 53c-8fa7cb5e525a OPT:\"http://schemas.upnp.org/upnp/1/0/\"; ns=01 01-NLS:66f0430594ce321ba4d075e6f9cdda97 Cache-Control:max-age=1800 Server:Microsoft-Windows-NT/5.1 UPnP/1.0 UPnP-Device-Host/1.0 Ext:
Log Method
Details: MiniUPnPd Detection (OID: 1.3.6.1.4.1.25623.1.0.103652) Version used: $Revision: 18 $ 2869/tcp
Log
(CVSS: 0.0)
NVT:
DIRB (NASL wrapper)
(OID: 1.3.6.1.4.1.25623.1.0.103079)
Summary
This script uses DIRB to find directories and files on web applications via brute forcing.
Vulnerability Detection Result
This are the directories/files found with brute force: http://192.168.0.102:2869/
Log Method
Details: DIRB (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.103079) Version used: $Revision: 13 $ 2869/tcp
Log
(CVSS: 0.0)
NVT:
Identify unknown services with 'HELP'
(OID: 1.3.6.1.4.1.25623.1.0.11153)
Summary
This plugin performs service detection. Description : This plugin is a complement of find_service.nasl. It sends a HELP request to the remaining unknown services and tries to identify them.
Vulnerability Detection Result
A (non-RFC compliant) web server seems to be running on this port
Log Method
Details: Identify unknown services with 'HELP' (OID: 1.3.6.1.4.1.25623.1.0.11153) Version used: $Revision: 1085 $ 2869/tcp
Log
(CVSS: 0.0)
NVT:
Hidden WWW server name
(OID: 1.3.6.1.4.1.25623.1.0.11239)
Summary
It seems that your web server tries to hide its version or name, which is a good thing. However, using a special crafted request, OpenVAS was able to discover it.
Vulnerability Detection Result
It seems that your web server tries to hide its version or name, which is a good thing. However, using a special crafted request, OpenVAS was able to determine that is is running : Microsoft-HTTPAPI/2.0 Solution: Fix your configuration.
Solution
Fix your configuration.
Log Method
Details: Hidden WWW server name (OID: 1.3.6.1.4.1.25623.1.0.11239) Version used: $Revision: 673 $ 2869/tcp
Log
(CVSS: 0.0)
NVT:
Nikto (NASL wrapper)
(OID: 1.3.6.1.4.1.25623.1.0.14260)
Summary
This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web server security. See the preferences section for configuration options.
Vulnerability Detection Result
Here is the Nikto report: - Nikto v2.1.6 --------------------------------------------------------------------------- + No web server found on 192.168.0.102:2869 --------------------------------------------------------------------------- + 0 host(s) tested
Log Method
Details: Nikto (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.14260) Version used: $Revision: 995 $ 3780/tcp
Log
(CVSS: 0.0)
NVT:
HTTP Server type and version
(OID: 1.3.6.1.4.1.25623.1.0.10107)
Summary
This detects the HTTP Server's type and version.
Vulnerability Detection Result
The remote web server type is : NSC/0.6.4 (JVM)
Solution
Configure your server to use an alternate name like 'Wintendo httpD w/Dotmatrix display' Be sure to remove common logos like apache_pb.gif. With Apache, you can set the directive 'ServerTokens Prod' to limit the information emanating from the server in its response headers.
Log Method
Details: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107) Version used: $Revision: 229 $ 3780/tcp
Log
(CVSS: 0.0)
NVT:
DIRB (NASL wrapper)
(OID: 1.3.6.1.4.1.25623.1.0.103079)
Summary
This script uses DIRB to find directories and files on web applications via brute forcing.
Vulnerability Detection Result
This are the directories/files found with brute force: https://192.168.0.102:3780/
Log Method
Details: DIRB (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.103079) Version used: $Revision: 13 $ 3780/tcp
Log
(CVSS: 0.0)
NVT:
SSL Certificate - Self-Signed Certificate Detection
(OID: 1.3.6.1.4.1.25623.1.0.103140)
Summary
The SSL certificate on this port is self-signed.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Log Method
Details: SSL Certificate - Self-Signed Certificate Detection (OID: 1.3.6.1.4.1.25623.1.0.103140) Version used: $Revision: 651 $
References
3780/tcp
Log
(CVSS: 0.0)
NVT:
Services
(OID: 1.3.6.1.4.1.25623.1.0.10330)
Summary
This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.
Vulnerability Detection Result
A TLScustom server answered on this port
Log Method
Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330) Version used: $Revision: 69 $ 3780/tcp
Log
(CVSS: 0.0)
NVT:
Services
(OID: 1.3.6.1.4.1.25623.1.0.10330)
Summary
This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.
Vulnerability Detection Result
A web server is running on this port through SSL
Log Method
Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330) Version used: $Revision: 69 $ 3780/tcp
Log
(CVSS: 0.0)
NVT:
Check for supported SSL Ciphers
(OID: 1.3.6.1.4.1.25623.1.0.103441)
Summary
This Plugin report about supported SSL Ciphers.
Vulnerability Detection Result
Service does not support SSLv2 ciphers. Service does not support SSLv3 ciphers. Service does not support TLSv1 ciphers. No medium ciphers are supported by this service No weak ciphers are supported by this service No non-ciphers are supported by this service
Log Method
Details: Check for supported SSL Ciphers (OID: 1.3.6.1.4.1.25623.1.0.103441) Version used: $Revision: 12 $ 3780/tcp
Log
(CVSS: 0.0)
NVT:
No 404 check
(OID: 1.3.6.1.4.1.25623.1.0.10386)
Summary
Remote web server does not reply with 404 error code.
Vulnerability Detection Result
This web server is [mis]configured in that it does not return '404 Not Found' error codes when a non-existent file is requested, perhaps returning a site map, search page or authentication page instead. CGI scanning will be disabled for this host.
Vulnerability Insight
This web server is [mis]configured in that it does not return '404 Not Found' error codes when a non-existent file is requested, perhaps returning a site map, search page or authentication page instead. OpenVAS enabled some counter measures for that, however they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate
Log Method
Details: No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386) Version used: $Revision: 1048 $ 3780/tcp
Log
(CVSS: 0.0)
NVT:
Web mirroring
(OID: 1.3.6.1.4.1.25623.1.0.10662)
Summary
This script makes a mirror of the remote web site and extracts the list of CGIs that are used by the remote host. It is suggested you allow a long-enough timeout value for this test routine and also adjust the setting on the number of pages to mirror.
Vulnerability Detection Result
The following CGI have been discovered : Syntax : cginame (arguments [default value]) /login.html (loginRedir [/20150414/style] )
Log Method
Details: Web mirroring (OID: 1.3.6.1.4.1.25623.1.0.10662) Version used: $Revision: 1048 $ 3780/tcp
Log
(CVSS: 0.0)
NVT:
Directory Scanner
(OID: 1.3.6.1.4.1.25623.1.0.11032)
Summary
This plugin attempts to determine the presence of various common dirs on the remote web server
Vulnerability Detection Result
The following directories were discovered: /News, /help, /images, /scripts, /style While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards
Log Method
Details: Directory Scanner (OID: 1.3.6.1.4.1.25623.1.0.11032) Version used: $Revision: 1048 $
References
3780/tcp
Log
(CVSS: 0.0)
NVT:
Nikto (NASL wrapper)
(OID: 1.3.6.1.4.1.25623.1.0.14260)
Summary
This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web server security. See the preferences section for configuration options.
Vulnerability Detection Result
The target server did not return 404 on requests for non-existent pages. This scan has not been executed since Nikto is prone to reporting many false positives in ↵ this case. If you wish to force this scan, you can enable it in the Nikto preferences in your client.
Log Method
Details: Nikto (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.14260) Version used: $Revision: 995 $ 3780/tcp
Log
(CVSS: 0.0)
NVT:
Check for SSL Ciphers
(OID: 1.3.6.1.4.1.25623.1.0.802067)
Summary
This routine search for SSL ciphers offered by a service.
Vulnerability Detection Result
Service does not support SSLv2 ciphers. Service does not support SSLv3 ciphers. Service does not support TLSv1 ciphers. No medium ciphers are supported by this service No weak ciphers are supported by this service No non-ciphers are supported by this service
Log Method
Details: Check for SSL Ciphers (OID: 1.3.6.1.4.1.25623.1.0.802067) Version used: $Revision: 312 $ 5357/tcp
Log
(CVSS: 0.0)
NVT:
HTTP Server type and version
(OID: 1.3.6.1.4.1.25623.1.0.10107)
Summary
This detects the HTTP Server's type and version.
Vulnerability Detection Result
The remote web server type is : Microsoft-HTTPAPI/2.0
Solution
Configure your server to use an alternate name like 'Wintendo httpD w/Dotmatrix display' Be sure to remove common logos like apache_pb.gif. With Apache, you can set the directive 'ServerTokens Prod' to limit the information emanating from the server in its response headers.
Log Method
Details: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107) Version used: $Revision: 229 $ 5357/tcp
Log
(CVSS: 0.0)
NVT:
Services
(OID: 1.3.6.1.4.1.25623.1.0.10330)
Summary
This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.
Vulnerability Detection Result
A web server is running on this port
Log Method
Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330) Version used: $Revision: 69 $
This file was automatically generated.
|