Date post: | 05-Mar-2016 |
Category: |
Documents |
Upload: | web-sploit |
View: | 44 times |
Download: | 0 times |
7/21/2019 Scan Report CRM
http://slidepdf.com/reader/full/scan-report-crm 1/17
22/tcp
Summary
This document reports on the results of an automatic security scan. The report first summarises the results
found. Then, for each host, the report describes every issue found. Please cons ider the advice given in each
description, in order to rectify the issue.
Vendor security updates are not trusted.
Overrides are on. When a result has an override, this report uses the threat of the override.
Notes are included in the report.
This report might not show details of all issues that we re found. It only lists hosts that produced issues.Issues with the threat level "Debug" are not shown. Issues with the threat level "False Positive" are not
shown.
This report contains a ll 40 results selected by the filtering described above. Before filtering there we re 40
results.
All dates are displayed using the timezone "Coordinated Universal Time", which is abbreviated "UTC".
Scan started: Fri Nov 13 08:50:20 2015 UTC
Scan ended: Fri Nov 13 09:07:34 2015 UTC
Task: secu crm mobile
Host Summary
Host Start End High Medium Low Log False Positive
172.29.99.33 Nov 13, 08:50:31 Nov 13, 09:07:34 7 3 1 29 0Total: 1 7 3 1 29 0
Results per Host
Host 172.29.99.33
Scanning of this host sta rted at: Fri Nov 13 08:50:31 2015 UTC
Number of results: 40
Port Summary for Host 172.29.99.33
Service (Port) Threat Level
22/tcp High
80/tcp High
3389/tcp Medium
general/tcp Low
general/icmp Log
general/CPE-T Log
21/tcp Log
111/tcp Log
Security Issues for Host 172.29.99.33
High (CVSS: 8.5)
NVT: OpenSSH Multiple Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.806052)
Product detection result: cpe:/a:openbsd:openssh:6.6.1p1 by SSH Server type and version (OID:
1.3.6.1.4.1.25623.1.0.10267)
Summary
This host is running OpenSSH and is prone to multiple vulnerabilities.
Vulnerability Detection Result
Installed version: 6.6.1p1Fixed version: 7.0
Impact
Successful exploitation will allow an attacker to gain privileges, to conduct impersonation attacks, to
conduct brute-force attacks or cause a denial of service.
Impact Level: Application
Solution
Upgrade to OpenSSH 7.0 or later. For updates refer to http://www.openssh.com
Affected Software/OS
OpenSSH versions before 7.0
Vulnerability Insight
7/21/2019 Scan Report CRM
http://slidepdf.com/reader/full/scan-report-crm 2/17
80/tcp
Multiple flaws are due to: - Use-after-free vulnerability in the 'mm_answer_pam_free_ctx' function in
monitor.c in sshd. - Vulnerability in 'kbdint_next_device' function in auth2-chall.c in sshd. - vulnerability in
the handler for the MONITOR_REQ_PAM_FREE_CTX request.
Vulnerability Detection Method
Get the installed version w ith the help of detect NVT and check the version is vulnerable or not.
Details: OpenSSH Multiple Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.806052)
Version used: $Revision: 1784 $
Product Detection Result
Product: cpe:/a:openbsd:openssh:6.6.1p1
Method: SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267)
References
CVE: CVE-2015-6564, CVE-2015-6563, CVE-2015-5600
CERT: DFN-CERT-2015-1679 , DFN-CERT-2015-1644 , DFN-CERT-2015-1632 , DFN-CERT-2015-1591 , DFN-
CERT-2015-1443 , DFN-CERT-2015-1406 , DFN-CERT-2015-1263 , DFN-CERT-2015-1259 , DFN-
CERT-2015-1252 , DFN-CERT-2015-1239 , DFN-CERT-2015-1161 , DFN-CERT-2015-1159
Other: http://seclists.org/fulldisclosure/2015/Aug/54
http://openwall.com/lists/oss-security/2015/07/23/4
High (CVSS: 7.5)
NVT: php Multiple Vulnerabilities -01 June15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805651)
Product de tection result: cpe:/a:php:php:5.5.9 by PHP Version Detection (OID:
1.3.6.1.4.1.25623.1.0.800109)
Summary
This host is insta lled w ith php and is prone to multiple vulnerabilities.
Vulnerability Detection Result
Installed Version: 5.5.9Fixed Version: 5.5.23
Impact
Successfully exploiting this issue allow remote attackers to obtain sensitive information by providing crafted
serialized data w ith an int data type and to execute arbitrary code by providing crafted serialized data w ith
an unexpected data type.
Impact Level: Application
Solution
Upgrade to php 5.4.39 or 5.5.23 or 5.6.7 or later. For updates refer to http://www.php.net
Affected Software/OS
php versions before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7
Vulnerability Insight
Multiple flaws are due to, - 'do_soap_call' function in ext/soap/soap.c script in PHP does not verify that the
uri property is a s tring. - 'SoapClient::__call' method in ext/soap/soap.c script in PHP does not verify that
__default_headers is an array. - use-after-free error related to the 'unserialize' function when using
DateInterval input. - a flaw in the 'move_uploaded_file' function that is triggered w hen handling NULLbytes. - an integer overflow condition in the '_zip_cdir_new' function in 'zip_dirent.c' script.
Vulnerability Detection Method
Get the installed version w ith the help of detect NVT and check the version is vulnerable or not.
Details: php Multiple Vulnerabilities -01 June15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805651)
Version used: $Revision: 1519 $
Product Detection Result
Product: cpe:/a:php:php:5.5.9
Method: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)
References
CVE: CVE-2015-4148, CVE-2015-4147, CVE-2015-2787, CVE-2015-2348, CVE-2015-2331
BID: 73357, 73431, 73434
CERT: DFN-CERT-2015-1514 , DFN-CERT-2015-1252 , DFN-CERT-2015-1083 , DFN-CERT-2015-1017 , DFN-
CERT-2015-0989 , DFN-CERT-2015-0900 , DFN-CERT-2015-0854 , DFN-CERT-2015-0842 , DFN-
CERT-2015-0809 , DFN-CERT-2015-0794 , DFN-CERT-2015-0697 , DFN-CERT-2015-0583 , DFN-
CERT-2015-0505 , DFN-CERT-2015-0387 , DFN-CERT-2015-0383 , DFN-CERT-2015-0382
7/21/2019 Scan Report CRM
http://slidepdf.com/reader/full/scan-report-crm 3/17
80/tcp
80/tcp
Other: http://php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=69085
http://openwall.com/lists/oss-security/2015/06/01/4
High (CVSS: 7.5)
NVT: php Multiple Vulnerabilities -03 June15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805657)
Product de tection result: cpe:/a:php:php:5.5.9 by PHP Version Detection (OID:
1.3.6.1.4.1.25623.1.0.800109)
Summary
This host is insta lled w ith php and is prone to multiple vulnerabilities.
Vulnerability Detection Result
Installed Version: 5.5.9Fixed Version: 5.5.24
Impact
Successfully exploiting this issue allow remote a ttackers to cause a denial of service, to obtain sens itive
information from process memory and to execute arbitrary code via crafted dimensions.
Impact Level: Application
Solution
Upgrade to php 5.4.40 or 5.5.24 or 5.6.8 or later. For updates refer to http://www.php.net
Affected Software/OS
php versions before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8
Vulnerability Insight
Multiple flaws are due to, - Multiple stack-based buffer overflows in the 'phar_set_inode' function in
phar_internal.h script in PHP . - Vulnerabilities in 'phar_parse_metadata ' and 'phar_parse_pharfile'
functions in ext/phar/phar.c script in PHP. - A NULL pointer dereference flaw in the 'build_tablename'
function in 'ext/pgsql/pgsql.c' script that is triggered when handling NULL return values for 'token'.
Vulnerability Detection Method
Get the installed version w ith the help of detect NVT and check the version is vulnerable or not.
Details: php Multiple Vulnerabilities -03 June15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805657)
Version used: $Revision: 1519 $
Product Detection Result
Product: cpe:/a:php:php:5.5.9
Method: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)
References
CVE: CVE-2015-3329, CVE-2015-3307, CVE-2015-2783, CVE-2015-1352
BID: 74240, 74239, 74703
CERT: DFN-CERT-2015-1514 , DFN-CERT-2015-1252 , DFN-CERT-2015-1017 , DFN-CERT-2015-0926 , DFN-
CERT-2015-0900 , DFN-CERT-2015-0842 , DFN-CERT-2015-0809 , DFN-CERT-2015-0803 , DFN-
CERT-2015-0794 , DFN-CERT-2015-0697 , DFN-CERT-2015-0677 , DFN-CERT-2015-0583 , DFN-
CERT-2015-0579 , DFN-CERT-2015-0212
Other: http://php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=69085
http://openwall.com/lists/oss-security/2015/06/01/4
High (CVSS: 7.5)
NVT: php Multiple Vulnerabilities -02 June15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805660)
Product de tection result: cpe:/a:php:php:5.5.9 by PHP Version Detection (OID:
1.3.6.1.4.1.25623.1.0.800109)
Summary
This host is insta lled w ith php and is prone to multiple vulnerabilities.
Vulnerability Detection Result
Installed Version: 5.5.9
Fixed Version: 5.5.25
Impact
Successfully exploiting this issue allow remote a ttackers to cause a denial of service , bypass intended
extension restrictions and access and execute files or directories w ith unexpected names via crafted
dimensions and remote FTP servers to execute arbitrary code.
7/21/2019 Scan Report CRM
http://slidepdf.com/reader/full/scan-report-crm 4/17
80/tcp
Impact Level: Application
Solution
Upgrade to php 5.4.41 or 5.5.25 or 5.6.9 or later. For updates refer to http://www.php.net
Affected Software/OS
php versions before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9
Vulnerability Insight
Multiple flaws are due to, - Algorithmic complexity vulnerability in the 'multipart_buffer_headers' function in
main/rfc1867.c script in PHP. - 'pcntl_exec' implementation in PHP truncates a pathname upon encounteringa \x00 character. - Integer overflow in the 'ftp_genlist' function in ext/ftp/ftp.c script in PHP. - The
'phar_parse_tarfile' function in ext/phar/tar.c script in PHP does not verify that the first character of a
filename is different from the \0 character.
Vulnerability Detection Method
Get the installed version w ith the help of detect NVT and check the version is vulnerable or not.
Details: php Multiple Vulnerabilities -02 June15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805660)
Version used: $Revision: 1488 $
Product Detection Result
Product: cpe:/a:php:php:5.5.9
Method: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)
References
CVE: CVE-2015-4026, CVE-2015-4025, CVE-2015-4024, CVE-2015-4022, CVE-2015-4021
BID: 75056, 74904, 74903, 74902, 74700
CERT: DFN-CERT-2015-1252 , DFN-CERT-2015-1139 , DFN-CERT-2015-1083 , DFN-CERT-2015-1021 , DFN-
CERT-2015-1017 , DFN-CERT-2015-0989 , DFN-CERT-2015-0973 , DFN-CERT-2015-0926 , DFN-
CERT-2015-0900 , DFN-CERT-2015-0809 , DFN-CERT-2015-0803 , DFN-CERT-2015-0797 , DFN-
CERT-2015-0732
Other: http://php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=69085
http://openwall.com/lists/oss-security/2015/06/01/4
High (CVSS: 7.5)
NVT: php Multiple Remote Code Execution Vulnerabilities July15 (Linux) (OID:1.3.6.1.4.1.25623.1.0.805685)
Product de tection result: cpe:/a:php:php:5.5.9 by PHP Version Detection (OID:
1.3.6.1.4.1.25623.1.0.800109)
Summary
This host is insta lled w ith php and is prone to multiple vulnerabilities.
Vulnerability Detection Result
Installed Version: 5.5.9Fixed Version: 5.5.22
Impact
Successfully exploiting this issue allow remote attackers to execute arbitrary code via some crafted
dimensions.
Impact Level: Application
Solution
Upgrade to php 5.4.38 or 5.5.22 or 5.6.6 or later. For updates refer to http://www.php.net
Affected Software/OS
php versions before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6
Vulnerability Insight
Multiple flaws are due to, - Multiple use-after-free vulnerabilities in 'ext/date/php_date.c' script. - Heap-
based buffer overflow in the 'enchant_broker_request_dict' function in 'ext/enchant/enchant.c' script.
Vulnerability Detection Method
Get the installed version w ith the help of detect NVT and check the version is vulnerable or not.
Details: php Multiple Remote Code Execution Vulnerabilities July15 (Linux) (OID:
1.3.6.1.4.1.25623.1.0.805685)
Version used: $Revision: 1519 $
7/21/2019 Scan Report CRM
http://slidepdf.com/reader/full/scan-report-crm 5/17
80/tcp
80/tcp
Product Detection Result
Product: cpe:/a:php:php:5.5.9
Method: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)
References
CVE: CVE-2015-0273, CVE-2014-9705
BID: 73031, 72701
CERT: DFN-CERT-2015-1644 , DFN-CERT-2015-1514 , DFN-CERT-2015-1017 , DFN-CERT-2015-0956 , DFN-
CERT-2015-0900 , DFN-CERT-2015-0842 , DFN-CERT-2015-0809 , DFN-CERT-2015-0794 , DFN-
CERT-2015-0697 , DFN-CERT-2015-0505 , DFN-CERT-2015-0371 , DFN-CERT-2015-0370 , DFN-CERT-2015-0286 , DFN-CERT-2015-0228
Other: http://php.net/ChangeLog-5.php
https://bugzilla.redhat.com/show_bug.cgi?id=1194730
http://lists.opensuse.org/opensuse-updates /2015-04/msg00002.html
High (CVSS: 7.5)
NVT: php Use-After-Free Remote Code EXecution Vulnerability -01 July15 (Linux) (OID:
1.3.6.1.4.1.25623.1.0.805686)
Product de tection result: cpe:/a:php:php:5.5.9 by PHP Version Detection (OID:
1.3.6.1.4.1.25623.1.0.800109)
Summary
This hos t is installed with php and is prone to remote code execution vulnerability.
Vulnerability Detection Result
Installed Version: 5.5.9Fixed Version: 5.5.22
Impact
Successfully exploiting this issue allow remote a ttackers to execute arbitrary code on the target system.
Impact Level: Application
Solution
Upgrade to php 5.5.22 or 5.6.6 or later. For updates refer to http://www.php.net
Affected Software/OS
php versions before 5.5.22 and 5.6.x before 5.6.6
Vulnerability Insight
The flaw is due to Use-after-free vulnerability in the 'phar_rename_archive' function in 'phar_object.c' script
Vulnerability Detection Method
Get the installed version w ith the help of detect NVT and check the version is vulnerable or not.
Details: php Use-After-Free Remote Code EXecution Vulnerability -01 July15 (Linux) (OID:
1.3.6.1.4.1.25623.1.0.805686)
Version used: $Revision: 1519 $
Product Detection Result
Product: cpe:/a:php:php:5.5.9
Method: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)
References
CVE: CVE-2015-2301
BID: 73037
CERT: DFN-CERT-2015-1514 , DFN-CERT-2015-1017 , DFN-CERT-2015-0900 , DFN-CERT-2015-0842 , DFN-
CERT-2015-0809 , DFN-CERT-2015-0794 , DFN-CERT-2015-0697 , DFN-CERT-2015-0505 , DFN-
CERT-2015-0387 , DFN-CERT-2015-0370
Other: http://php.net/ChangeLog-5.php
https://bugzilla.redhat.com/show_bug.cgi?id=1194747
http://lists.opensuse.org/opensuse-updates /2015-04/msg00002.html
High (CVSS: 7.5)
NVT: php Use-After-Free Denial Of Service Vulnerability -02 July15 (Linux) (OID:
1.3.6.1.4.1.25623.1.0.805687)
Product de tection result: cpe:/a:php:php:5.5.9 by PHP Version Detection (OID:
1.3.6.1.4.1.25623.1.0.800109)
Summary
7/21/2019 Scan Report CRM
http://slidepdf.com/reader/full/scan-report-crm 6/17
3389/tcp
This hos t is installed with php and is prone to denial of service vulnerability.
Vulnerability Detection Result
Installed Version: 5.5.9Fixed Version: 5.5.25
Impact
Successfully exploiting this issue allow remote a ttackers to cause a denial of service or possibly have
unspecified other impact.
Impact Level: Application
Solution
Upgrade to php 5.5.22 or 5.6.6 or later. For updates refer to http://www.php.net
Affected Software/OS
php versions through 5.6.7 and 5.5.x before 5.5.25
Vulnerability Insight
The flaw is due to Use-after-free vulnerability in the '_zend_shared_memdup' function in
'zend_shared_alloc.c' script.
Vulnerability Detection Method
Get the installed version w ith the help of detect NVT and check the version is vulnerable or not.
Details: php Use-After-Free Denial Of Service Vulnerability -02 July15 (Linux) (OID:
1.3.6.1.4.1.25623.1.0.805687)
Version used: $Revision: 1519 $
Product Detection Result
Product: cpe:/a:php:php:5.5.9
Method: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)
References
CVE: CVE-2015-1351
BID: 71929
CERT: DFN-CERT-2015-1514 , DFN-CERT-2015-0794 , DFN-CERT-2015-0579 , DFN-CERT-2015-0487 , DFN-
CERT-2015-0212
Other: http://bugzilla.redhat.com/show_bug.cgi?id=1185900
http://openwall.com/lists/oss-security/2015/01/24/9
Medium (CVSS: 6.4)
NVT: Microsoft RDP Server Private Key Information Disclosure Vulnerability (OID:
1.3.6.1.4.1.25623.1.0.902658)
Summary
This host is running Remote Desktop Protocol server and is prone to information disclosure vulnerability.
Vulnerability Detection Result
Vulnerability was de tected according to the Vulnerability Detection Method.
Impact
Successful exploitation could allow remote attackers to gain sens itive information.
Impact Level: System/Application
Solution
No solution or patch was made available for at least one year since disclosure o f this vulnerability. Likely
none w ill be provided anymore. General solution options are to upgrade to a newer release, disable
respective features, remove the product or replace the product by another one.
A Workaround is to connect only to terminal services over trusted netw orks.
Affected Software/OS
All Microsoft-compatible RDP (5.2 or earlier) softwares
Vulnerability Insight
The flaw is due to RDP se rver which stores an RSA private key used for signing a terminal server's public
key in the mstlsapi.dll library, which allows remote attackers to calculate a valid signature and further
perform a man-in-the-middle (MITM) attacks to obtain sensitive information.
7/21/2019 Scan Report CRM
http://slidepdf.com/reader/full/scan-report-crm 7/17
80/tcp
22/tcp
Vulnerability Detection Method
Details: Microsoft RDP Server Private Key Information Disclosure Vulnerability (OID:
1.3.6.1.4.1.25623.1.0.902658)
Version used: $Revision: 1640 $
References
CVE: CVE-2005-1794
BID: 13818
Other: http://secunia.com/advisories/15605/
http://xforce.iss.net/xforce/xfdb/21954
http://www.oxid.it/downloads/rdp-gbu.pdf
http://sourceforge.net/p/xrdp/mailman/message/32732056
Medium (CVSS: 5.0)
NVT: Missing httpOnly Cookie Attribute (OID: 1.3.6.1.4.1.25623.1.0.105925)
Summary
The application is missing the 'httpOnly' cookie attribute
Vulnerability Detection Result
The cookies:Set-Cookie: PHPSESSID=0foma9opbd9lv1gr1bf5gmraj6; path=/are missing the httpOnly attribute.
Impact
Application
Solution
Set the 'httpOnly' attribute for any session cookies.
Affected Software/OS
Application with session handling in cookies.
Vulnerability Insight
The flaw is due to a cookie is not using the 'httpOnly' attribute. This allows a cookie to be accessed by
JavaScript which could lead to session hijacking attacks.
Vulnerability Detection Method
Check all cookies sent by the application for a missing 'httpOnly' attribute
Details: Missing httpOnly Cookie Attribute (OID: 1.3.6.1.4.1.25623.1.0.105925)
Version used: $Revision: 1711 $
References
Other: https://www.owasp.org/index.php/HttpOnly
https://www.owasp.org/index.php/Testing_for_cookies_attributes_(OTG-SESS-002)
Medium (CVSS: 4.3)
NVT: OpenSSH Security Bypass Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.806049)
Product detection result: cpe:/a:openbsd:openssh:6.6.1p1 by SSH Server type and version (OID:1.3.6.1.4.1.25623.1.0.10267)
Summary
This host is running OpenSSH and is prone to security bypass vulnerability.
Vulnerability Detection Result
Installed version: 6.6.1p1Fixed version: 6.9
Impact
Successful exploitation will allow remote attackers to bypass intended access restrictions.
Impact Level: Application
Solution
Upgrade to OpenSSH version 6.9 or later. For updates refer to http://www.openssh.com
Affected Software/OS
OpenSSH versions before 6.9
7/21/2019 Scan Report CRM
http://slidepdf.com/reader/full/scan-report-crm 8/17
general/tcp
general/CPE-T
Vulnerability Insight
The flaw is due to the refusal deadline was not checked within the x11_open_he lper function.
Vulnerability Detection Method
Get the installed version w ith the help of detect NVT and check the version is vulnerable or not.
Details: OpenSSH Security Bypass Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.806049)
Version used: $Revision: 1789 $
Product Detection Result
Product: cpe:/a:openbsd:openssh:6.6.1p1
Method: SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267)
References
CVE: CVE-2015-5352
CERT: DFN-CERT-2015-1679 , DFN-CERT-2015-1406 , DFN-CERT-2015-1263 , DFN-CERT-2015-0987
Other: http://openw all.com/lists/oss-security/2015/07/01/10
Low (CVSS: 2.6)
NVT: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091)
Summary
The remote host implements TCP timestamps and therefore a llows to compute the uptime.
Vulnerability Detection Result
It was detected that the host implements RFC1323.The following timestamps were retrieved with a delay of 1 seconds in-between:Paket 1: 14790252Paket 2: 14790508
Impact
A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Solution
To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute
'sysctl -p' to apply the settings a t runtime.
To disable TCP timestamps on W indows execute 'netsh int tcp set global timestamps=disabled'
Starting w ith Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is, to not use the Timestamp options when
initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in
their synchronize (SYN) segment.
See also: http://www.microsoft.com/en-us/download/deta ils.aspx?id=9152
Affected Software/OS
TCP/IPv4 implementations that implement RFC1323.
Vulnerability Insight
The remote host implements TCP timestamps, as de fined by RFC1323.
Vulnerability Detection Method
Special IP packets are forged and sent with a little delay in between to the target IP. The responses are
searched for a timestamps. If found, the timestamps are reported.
Details: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091)
Version used: $Revision: 787 $
References
Other: http://www.ietf.org/rfc/rfc1323.txt
Log (CVSS: 0.0)
NVT: CPE Inventory (OID: 1.3.6.1.4.1.25623.1.0.810002)
Summary
This routine uses information collected by other routines about CPE identities (http://cpe.mitre.org/) of
operating systems, services and applications detected during the scan.
Vulnerability Detection Result
172.29.99.33|cpe:/a:apache:http_server:2.4.7
7/21/2019 Scan Report CRM
http://slidepdf.com/reader/full/scan-report-crm 9/17
general/icmp
general/icmp
general/tcp
general/tcp
172.29.99.33|cpe:/a:php:php:5.5.9172.29.99.33|cpe:/a:openbsd:openssh:6.6.1p1172.29.99.33|cpe:/a:phpmyadmin:phpmyadmin172.29.99.33|cpe:/o:canonical:ubuntu_linux
Log Method
Details: CPE Inventory (OID: 1.3.6.1.4.1.25623.1.0.810002)
Version used: $Revision: 314 $
Log (CVSS: 0.0)
NVT: ICMP Timestamp Detection (OID: 1.3.6.1.4.1.25623.1.0.103190)
Summary
The remote host responded to an ICMP timestamp reques t. The Timestamp Reply is an ICMP message
which replies to a Timestamp message. It consists of the originating timestamp sent by the sender of the
Timestamp as well as a receive timestamp and a transmit timestamp. This information could theoretically be
used to exploit weak time-based random number generators in other services.
Vulnerability Detection Result
Vulnerability was de tected according to the Vulnerability Detection Method.
Log Method
Details: ICMP Timestamp Detection (OID: 1.3.6.1.4.1.25623.1.0.103190)
Version used: $Revision: 13 $
References
CVE: CVE-1999-0524
CERT: DFN-CERT-2014-0658
Other: http://www.ietf.org/rfc/rfc0792.txt
Log (CVSS: 0.0)
NVT: Record route (OID: 1.3.6.1.4.1.25623.1.0.12264)
Summary
This plugin sends packets w ith the 'Record Route' option. It is a complement to traceroute.
Vulnerability Detection Result
Here is the route recorded between 172.29.99.21 and 172.29.99.33 :172.29.99.33.172.29.99.33.
Log Method
Details: Record route (OID: 1.3.6.1.4.1.25623.1.0.12264)
Version used: $Revision: 982 $
Log (CVSS: 7.8)
NVT: 3com switch2hub (OID: 1.3.6.1.4.1.25623.1.0.80103)
Summary
The remote host is subject to the switch to hub flood attack.
Description : The remote host on the local network seems to be connected through a sw itch which can be
turned into a hub when flooded by different mac addresses . The theory is to send a lot o f packets (>1000000) to the port of the sw itch we are connected to, w ith random mac addresses. This turns the switch
into learning mode, where traffic goes everywhere. An attacker may use this flaw in the remote switch to
sniff data go ing to this host
Reference : http://www.securitybugware.org/Other/2041.html
Vulnerability Detection Result
Fake IP address not specified. Skipping this check.
Solution
Lock Mac addresses on each port of the remote sw itch or buy newer sw itch.
Vulnerability Detection Method
Details: 3com switch2hub (OID: 1.3.6.1.4.1.25623.1.0.80103)
Version used: $Revision: 15 $
Log (CVSS: 5.0)
NVT: Easy File Management Web Server USERID Buffer Overflow Vulnerability (OID:
1.3.6.1.4.1.25623.1.0.805096)
7/21/2019 Scan Report CRM
http://slidepdf.com/reader/full/scan-report-crm 10/17
general/tcp
general/tcp
Summary
The host is running Easy File Management Web Server and is prone to buffer overflow vulnerability.
Vulnerability Detection Result
bannerHTTP/1.1 301 Moved PermanentlyDate: Fri, 13 Nov 2015 08:50:49 GMTServer: Apache/2.4.7 (Ubuntu)X-Powered-By: PHP/5.5.9-1ubuntu4.14Set-Cookie: PHPSESSID=qodnrdba4imh061hpblghss071; path=/Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cache
Location: index.php?action=Login&module=UsersContent-Length: 0Content-Type: text/html; charset=UTF-8
Impact
Successful exploitation may allow remote a ttackers to cause the application to crash, creating a denial-of-
service condition.
Impact Level: Application
Solution
No solution or patch is available as of 25th September, 2015. Information regarding this issue will updated
once the so lution deta ils are available. For updates refer to http://www.efssoft.com
Affected Software/OS
Easy File Management Web Server version 5.6
Vulnerability Insight
The flaw is due to an error when processing web requests and can be exploited to cause a buffer overflow
via an overly long string passed to USERID in a HEAD or GET reques t.
Vulnerability Detection Method
Send a crafted request via HTTP GET and check whether it is ab le to crash or not.
Details: Easy File Management Web Server USERID Buffer Overflow Vulnerability (OID:
1.3.6.1.4.1.25623.1.0.805096)
Version used: $Revision: 1812 $
References
Other: https://www.exploit-db.com/exploits/37808
Log (CVSS: 0.0)
NVT: OS fingerprinting (OID: 1.3.6.1.4.1.25623.1.0.102002)
Summary
This script performs ICMP based OS fingerprinting (as described by Ofir Arkin and Fyodor Yarochkin in
Phrack #57). It can be used to determine remote operating system version.
Vulnerability Detection Result
ICMP based OS fingerprint results: (91% confidence)Linux Kernel
Log Method
Details: OS fingerprinting (OID: 1.3.6.1.4.1.25623.1.0.102002)
Version used: $Revision: 1739 $
References
Other: http://www.phrack.org/issues.html?issue=57&id=7#article
Log (CVSS: 0.0)
NVT: DIRB (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.103079)
Summary
This script uses DIRB to find directories and files on web applications via brute forcing.
Vulnerability Detection Result
DIRB could not be found in your system path.OpenVAS was unable to execute DIRB and to perform the scan yourequested.Please make sure that DIRB is installed and isavailable in the PATH variable defined for your environment.
7/21/2019 Scan Report CRM
http://slidepdf.com/reader/full/scan-report-crm 11/17
general/tcp
general/tcp
general/tcp
21/tcp
Log Method
Details: DIRB (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.103079)
Version used: $Revision: 13 $
Log (CVSS: 0.0)
NVT: arachni (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.110001)
Summary
This plugin uses arachni ruby command line to find web security issues.
See the preferences section for arachni options.
Note that OpenVAS is using limited set of arachni options. Therefore, for more complete web assessment,
you should use standa lone arachni tool for deeper/customized checks.
Vulnerability Detection Result
Arachni could not be found in your system path.OpenVAS was unable to execute Arachni and to perform the scan yourequested.Please make sure that Arachni is installed and that arachni isavailable in the PATH variable defined for your environment.
Log Method
Details: arachni (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.110001)
Version used: $Revision: 683 $
Log (CVSS: 0.0)
NVT: IP protocols scan (OID: 1.3.6.1.4.1.25623.1.0.14788)
Summary
This plugin detects the protocols understood by the remote IP stack.
Vulnerability Detection Result
The following IP protocols are accepted on this host:1 ICMP2 IGMP6 TCP17 UDP103 PIM136 UDPLite
Log Method
Details: IP protocols scan (OID: 1.3.6.1.4.1.25623.1.0.14788)
Version used: $Revision: 1048 $
References
Other: http://www.iana.org/assignments/protocol-numbers
Log (CVSS: 0.0)
NVT: Traceroute (OID: 1.3.6.1.4.1.25623.1.0.51662)
Summary
A traceroute from the scanning se rver to the target system was conducted. This traceroute is providedprimarily for informational value only. In the vast majority of cases, it does not represent a vulnerability.
However, if the displayed traceroute contains any private addresses that should not have been publicly
visible, then you have an issue you need to correct.
Vulnerability Detection Result
Here is the route from 172.29.99.21 to 172.29.99.33:172.29.99.21172.29.99.33
Solution
Block unwanted packets from escaping your network.
Log Method
Details: Traceroute (OID: 1.3.6.1.4.1.25623.1.0.51662)
Version used: $Revision: 975 $
Log (CVSS: 0.0)
NVT: FTP Banner Detection (OID: 1.3.6.1.4.1.25623.1.0.10092)
Summary
7/21/2019 Scan Report CRM
http://slidepdf.com/reader/full/scan-report-crm 12/17
21/tcp
22/tcp
22/tcp
22/tcp
This Plugin detects the FTP Server Banner
Vulnerability Detection Result
Remote FTP server banner :220 My FTP Server
Log Method
Details: FTP Banner Detection (OID: 1.3.6.1.4.1.25623.1.0.10092)
Version used: $Revision: 1776 $
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
Summary
This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a
web server which could listen on anothe r port than 80 and set the results in the plugins knowledge base.
Vulnerability Detection Result
An FTP server is running on this port.Here is its banner :220 My FTP Server
Log Method
Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
Version used: $Revision: 69 $
Log (CVSS: 0.0)
NVT: SSH Protocol Versions Supported (OID: 1.3.6.1.4.1.25623.1.0.100259)
Summary
Identification of SSH protocol versions supported by the remote SSH Server. Also reads the corresponding
fingerprints from the service.
The following versions are tried: 1.33, 1.5, 1.99 and 2.0
Vulnerability Detection Result
The remote SSH Server supports the following SSH Protocol Versions:1.992.0
Log Method
Details: SSH Protocol Versions Supported (OID: 1.3.6.1.4.1.25623.1.0.100259)
Version used: $Revision: 1952 $
Log (CVSS: 0.0)
NVT: SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267)
Summary
This detects the SSH Server's type and version by connecting to the server and processing the buffer
received.
This information gives potential attackers additional information about the system they are attacking.
Versions and Types should be omitted where possible.
Vulnerability Detection Result
Detected SSH server version: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3Remote SSH supported authentication: password,publickeyRemote SSH banner:(not available)CPE: cpe:/a:openbsd:openssh:6.6.1p1Concluded from remote connection attempt with credentials: Login: OpenVAS Password: OpenVAS
Log Method
Details: SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267)
Version used: $Revision: 1789 $
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
Summary
This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a
web server which could listen on anothe r port than 80 and set the results in the plugins knowledge base.
7/21/2019 Scan Report CRM
http://slidepdf.com/reader/full/scan-report-crm 13/17
80/tcp
80/tcp
80/tcp
80/tcp
Vulnerability Detection Result
An ssh server is running on this port
Log Method
Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
Version used: $Revision: 69 $
Log (CVSS: 0.0)
NVT: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)
Summary
This detects the HTTP Server's type and version.
Vulnerability Detection Result
The remote web server type is :Apache/2.4.7 (Ubuntu)Solution : You can set the directive 'ServerTokens Prod' to limitthe information emanating from the server in its response headers.
Solution
Configure your server to use an a lternate name like 'Wintendo httpD w/Dotmatrix display' Be sure to
remove common logos like apache_pb.gif. With Apache, you can set the directive 'ServerTokens Prod ' to
limit the information emanating from the se rver in its response heade rs.
Log Method
Details: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)
Version used: $Revision: 229 $
Log (CVSS: 0.0)
NVT: robot(s).txt exists on the Web Server (OID: 1.3.6.1.4.1.25623.1.0.10302)
Summary
Web Servers can use a file called /robot(s).txt to ask sea rch engines to ignore certain files and directories.
By nature this file can not be used to protect private files from public read access.
Vulnerability Detection Result
The file 'robots.txt' contains the following:User-agent: *
Disallow: /User-agent: GooglebotAllow: /ical_server.php
Solution
Review the content o f the robots file and consider removing the files from the server or protect them in
other ways in case you actually intended non-public availability.
Vulnerability Insight
Any serious web search engine will honor the /robot(s).txt file and not scan the files and d irectories listed
there.
Any entries listed in this file are not even hidden anymore.
Log Method
Details: robot(s).txt exists on the Web Server (OID: 1.3.6.1.4.1.25623.1.0.10302)
Version used: $Revision: 673 $
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
Summary
This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a
web server which could listen on anothe r port than 80 and set the results in the plugins knowledge base.
Vulnerability Detection Result
A web server is running on this port
Log Method
Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
Version used: $Revision: 69 $
Log (CVSS: 0.0)
NVT: Web mirroring (OID: 1.3.6.1.4.1.25623.1.0.10662)
7/21/2019 Scan Report CRM
http://slidepdf.com/reader/full/scan-report-crm 14/17
80/tcp
80/tcp
80/tcp
Summary
This script makes a mirror of the remote web s ite and extracts the list of CGIs that are used by the remote
host.
It is suggested you a llow a long-enough timeout value for this test routine and also adjust the setting on
the number of pages to mirror.
Vulnerability Detection Result
The following CGI have been discovered :Syntax : cginame (arguments [default value])/index.php (module [Users] action [Login] )
Log Method
Details: Web mirroring (OID: 1.3.6.1.4.1.25623.1.0.10662)
Version used: $Revision: 1825 $
Log (CVSS: 0.0)
NVT: Directory Scanne r (OID: 1.3.6.1.4.1.25623.1.0.11032)
Summary
This plugin attempts to determine the presence of various common dirs on the remote w eb server
Vulnerability Detection Result
The following directories were discovered:/include, /data, /examples, /icons, /install, /javascript, /restricted, /service, /soap, /↵
uploadWhile this is not, in and of itself, a bug, you should manually inspectthese directories to ensure that they are in compliance with companysecurity standards
Log Method
Details: Directory Scanner (OID: 1.3.6.1.4.1.25623.1.0.11032)
Version used: $Revision: 1717 $
References
Other: OWASP:OWASP-CM-006
Log (CVSS: 0.0)
NVT: Directories used for CGI Scanning (OID: 1.3.6.1.4.1.25623.1.0.111038)
Summary
The script prints out the directories which are used when CGI scanning is enabled.
Vulnerability Detection Result
The following directories are used for CGI scanning:/scripts/cgi-bin/upload/soap/service/restricted/javascript/install/icons
/examples/data/include/
Log Method
Details: Directories used for CGI Scanning (OID: 1.3.6.1.4.1.25623.1.0.111038)
Version used: $Revision: 1727 $
Log (CVSS: 0.0)
NVT: Nikto (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.14260)
Summary
This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web se rver security.
See the preferences section for configuration options.
Vulnerability Detection Result
Here is the Nikto report:- Nikto v2.1.5---------------------------------------------------------------------------+ Target IP: 172.29.99.33+ Target Hostname: 172.29.99.33
7/21/2019 Scan Report CRM
http://slidepdf.com/reader/full/scan-report-crm 15/17
80/tcp
80/tcp
+ Target Port: 80+ Start Time: 2015-11-13 08:53:29 (GMT0)---------------------------------------------------------------------------+ Server: Apache/2.4.7 (Ubuntu)+ Cookie PHPSESSID created without the httponly flag+ Retrieved x-powered-by header: PHP/5.5.9-1ubuntu4.14+ The anti-clickjacking X-Frame-Options header is not present.+ Root page / redirects to: index.php?action=Login&module=Users+ No CGI Directories found (use '-C all' to force check all possible dirs)+ Server leaks inodes via ETags, header found with file /crossdomain.xml, fields: 0x8c5 0x↵
4fc73e1e28500+ /crossdomain.xml contains 0 line which should be manually viewed for improper domains or↵
wildcards.+ File/dir '/' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Uncommon header 'x-webdav-status' found, with contents: 401 not authorized+ "robots.txt" contains 2 entries which should be manually viewed.+ /config.php: PHP Config file may contain database IDs and passwords.+ OSVDB-3268: /data/: Directory indexing found.+ OSVDB-3092: /data/: This might be interesting...+ OSVDB-3268: /install/: Directory indexing found.+ OSVDB-3092: /install/: This might be interesting...+ Cookie phpMyAdmin created without the httponly flag+ Uncommon header 'x-frame-options' found, with contents: DENY+ Uncommon header 'x-content-security-policy' found, with contents: default-src 'self' ;op↵
tions inline-script eval-script;img-src 'self' data: *.tile.openstreetmap.org *.tile.open↵
cyclemap.org;+ Uncommon header 'x-ob_mode' found, with contents: 0+ Uncommon header 'x-webkit-csp' found, with contents: default-src 'self' ;script-src 'sel↵
f' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: *↵
.tile.openstreetmap.org *.tile.opencyclemap.org;+ OSVDB-3268: /restricted/: Directory indexing found.+ OSVDB-3092: /restricted/: This might be interesting...+ OSVDB-3268: /service/: Directory indexing found.
+ OSVDB-3092: /service/: This might be interesting...+ OSVDB-3268: /examples/: Directory indexing found.+ OSVDB-3092: /install.php: install.php file found.+ OSVDB-3092: /LICENSE.txt: License file found may identify site software.+ OSVDB-3233: /icons/README: Apache default file found.+ /phpmyadmin/: phpMyAdmin directory found+ 6544 items checked: 0 error(s) and 27 item(s) reported on remote host+ End Time: 2015-11-13 08:53:52 (GMT0) (23 seconds)---------------------------------------------------------------------------+ 1 host(s) tested
Log Method
Details: Nikto (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.14260)
Version used: $Revision: 995 $
Log (CVSS: 0.0)NVT: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)
Summary
Detection of installed version of PHP.
This script sends HTTP GET reques t and try to get the version from the responce, and se ts the result in KB.
Vulnerability Detection Result
Detected PHPVersion: 5.5.9Location: tcp/80CPE: cpe:/a:php:php:5.5.9Concluded from version identification result:X-Powered-By: PHP/5.5.9-1ubuntu4.14
Log Method
Details: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)
Version used: $Revision: 1554 $
Log (CVSS: 0.0)
NVT: wapiti (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.80110)
Summary
This plugin uses wapiti to find web security issues .
Make sure to have wapiti 2.x as wapiti 1.x is not supported.
See the preferences section for wapiti options.
Note that OpenVAS is using limited set of wapiti options. Therefore, for more complete web assessment,
you should use standalone wapiti tool for deeper/customized checks.
Vulnerability Detection Result
wapiti could not be found in your system path.OpenVAS was unable to execute wapiti and to perform the scan yourequested.Please make sure that wapiti is installed and that wapiti is
7/21/2019 Scan Report CRM
http://slidepdf.com/reader/full/scan-report-crm 16/17
80/tcp
80/tcp
111/tcp
3389/tcp
available in the PATH variable defined for your environment.
Log Method
Details: wapiti (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.80110)
Version used: $Revision: 14 $
Log (CVSS: 0.0)
NVT: phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)
Summary
Detection of phpMyAdmin.
The script sends a connection request to the server and attempts to extract the version number from the
reply.
Vulnerability Detection Result
Detected phpMyAdminVersion: unknownLocation: /phpmyadminCPE: cpe:/a:phpmyadmin:phpmyadmin
Log Method
Details: phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)
Version used: $Revision: 1717 $
Log (CVSS: 0.0)
NVT: Apache Web Server Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900498)
Summary
Detection of installed version of Apache Web Server
The script detects the version of Apache HTTP Server on remote host and se ts the KB.
Vulnerability Detection Result
Detected ApacheVersion: 2.4.7Location: 80/tcpCPE: cpe:/a:apache:http_server:2.4.7Concluded from version identification result:Server: Apache/2.4.7
Log Method
Details: Apache Web Server Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900498)
Version used: $Revision: 1748 $
Log (CVSS: 0.0)
NVT: Identify unknown services with nmap (OID: 1.3.6.1.4.1.25623.1.0.66286)
Summary
This p lugin performs service detection by launching nmap's service probe against ports running unidentified
services.
Description :
This plugin is a complement of find_service.nasl. It launches nmap -sV (probe requests) against ports that
are running unidentified services.
Vulnerability Detection Result
Nmap service detection result for this port: rpcbind
Log Method
Details: Identify unknown services with nmap (OID: 1.3.6.1.4.1.25623.1.0.66286)
Version used: $Revision: 329 $
Log (CVSS: 0.0)
NVT: Microsoft Remote Desktop Protocol Detection (OID: 1.3.6.1.4.1.25623.1.0.100062)
Summary
The Microsoft Remote Desktop Protocol (RDP) is running at this host. Remote Desktop Services, formerlyknown as Terminal Services, is one of the components o f Microsoft Windows (both server and client
versions) that allows a user to access applications and data on a remote computer over a network.
Vulnerability Detection Result
Vulnerability was de tected according to the Vulnerability Detection Method.
7/21/2019 Scan Report CRM
http://slidepdf.com/reader/full/scan-report-crm 17/17
3389/tcp
Log Method
Details: Microsoft Remote Desktop Protocol Detection (OID: 1.3.6.1.4.1.25623.1.0.100062)
Version used: $Revision: 15 $
Log (CVSS: 0.0)
NVT: Identify unknown services with nmap (OID: 1.3.6.1.4.1.25623.1.0.66286)
Summary
This p lugin performs service detection by launching nmap's service probe against ports running unidentified
services.
Description :
This plugin is a complement of find_service.nasl. It launches nmap -sV (probe requests) against ports that
are running unidentified services.
Vulnerability Detection Result
Nmap service detection result for this port: ms-wbt-server
Log Method
Details: Identify unknown services with nmap (OID: 1.3.6.1.4.1.25623.1.0.66286)
Version used: $Revision: 329 $
This file was automatically generated.