VA_AIG_10.33.105.0_Report.pdf

Mphasis Internal Document

1

Vulnerability Assessment Report 2015

Document Control Section:

Scan start Date 23-July-2015

Scan end Date 25-July-2015

Scanned Subnet/Host 10.33.105.0/24

Number of Hosts Scanned 116

Scanned Project / Process AIG_10.33.105.0/24

Scanner Version Nessus 5.2.7

Scan Policy Name NetworkScan1_Servers_AIG

Scan Policy Approval Date 22-July-2014

Report Generated on 11-Aug-2015

Report Prepared by Varun Vasist HG

Report Verified by Dhanashekhar Devaraj

This report lists the vulnerabilities detected by Nessus Vulnerability Scanner after scanning the network. Objective of the report: This report is intended for Engineers (Infrastructure Security Administrators, Server Administrators, Network Administrators, Workstation Support Engineers or Helpdesk Support Engineers) for closing the identified vulnerabilities. Please evaluate each identified vulnerabilities and

1. Uninstall the related softwares / applications if not required for the delivery function 2. Close them as per the recommendations provided by OEM of the respective software or

Can refer the remedy information for vulnerabilities provided in this report Note: Number of systems identified and scanned in this report may not be accurate. The Vulnerability scanner reports the vulnerabilities on the systems which were active during scanning. It is recommended to check for these vulnerabilities in all the systems which are actually installed in the subnet.


2

Host Information Consolidated Vulnerability Count

Important Note:

Total number of Critical and High Vulnerabilities are represented under High Vulnerability

column.

High Vulnerabilities Medium Vulnerabilities

2 10


3

4

10.33.105.1

Host Information

IP: 10.33.105.1

OS: CISCO IOS 12.1, CISCO IOS 12.4

Results Summary

Critical High Medium Low Info Total

0 0 1 0 0 1

Results Details

23/tcp

42263 - Unencrypted Telnet Server

Synopsis

The remote Telnet server transmits traffic in cleartext.

Description

The remote host is running a Telnet server over an unencrypted channel.

Using Telnet over an unencrypted channel is not recommended as logins, passwords, and commands are transferred

in cleartext. This allows a remote, man-in-the-middle attacker to eavesdrop on a Telnet session to obtain credentials

or other sensitive information and to modify traffic exchanged between a client and server.

SSH is preferred over Telnet since it protects credentials from eavesdropping and can tunnel additional data streams

such as an X11 session.

Solution

Disable the Telnet service and use SSH instead.

Risk Factor

Medium

CVSS Base Score

5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

Plugin Information:

Publication date: 2009/10/27, Modification date: 2015/03/19

Ports

tcp/23

Nessus collected the following banner from the remote Telnet server :

------------------------------ snip ------------------------------

C

***************************************************************************

THIS IS AN OFFICIAL COMPUTER SYSTEM/PRIVATE NETWORK & IS THE PROPERTY OF

THE MPHASIS Ltd. AND IS FOR AUTHORIZED MPHASIS BUSINESS PURPOSE AND

FOR AUTHORIZED INDIVIDUALS ONLY.UNAUTHORIZED ACCESS OR ATTEMPTS

TO ACCESS IS PROHIBITED AND USER / VIOLATOR WILL

BE PROSECUTED AS PER LAW.

***************************************************************************

Users (authorized or unauthorized) have no explicit or implicit expectation

of privacy. Any or all users of this system may be subject to one or more

of the following a ctions: interception, monitoring, recording, auditing

inspection and disclosing, to security personnel and law enforcement

personnel, as well as authorized officials of other agencies,both domestic

and foreign.By using this system,the authorized user

consents to these actions.


4

5

Unauthorized or improper use of this system may result in administrative

disciplinary action. By accessing this system you indicate your awareness

of and consent to these terms and conditions of use. Discontinue access

immediately if you do not agree to the conditions

stated in this notice.

***************************************************************************

SWTBAN18AIGL30701 line 1

C

***************************************************************************

THIS IS AN OFFICIAL COMPUTER SYSTEM/PRIVATE NETWORK & IS THE PROPERTY OF

THE MPHASIS Ltd. AND IS FOR AUTHORIZED MPHASIS BUSINESS PURPOSE AND

FOR AUTHORIZED INDIVIDUALS ONLY.UNAUTHORIZED ACCESS OR ATTEMPTS

TO ACCESS IS PROHIBITED AND USER / VIOLATOR WILL

BE PROSECUTED AS PER LAW.

********************************************** [...]


5

6

10.33.105.36

Host Information

IP: 10.33.105.36

OS: Dell iDRAC Controller, KYOCERA Printer, Linux Kernel 2.6

Results Summary


0 2 14 0 0 16

Results Details

389/tcp

26928 - SSL Weak Cipher Suites Supported

Synopsis

The remote service supports the use of weak SSL ciphers.

Description

The remote host supports the use of SSL ciphers that offer weak encryption.

Note: This is considerably easier to exploit if the attacker is on the same physical network.

See Also

http://www.openssl.org/docs/apps/ciphers.html

Solution

Reconfigure the affected application, if possible to avoid the use of weak ciphers.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

References

XREF CWE:326

XREF CWE:327

XREF CWE:720

XREF CWE:753

XREF CWE:803

XREF CWE:928

XREF CWE:934

Plugin Information:


Ports

tcp/389

Here is the list of weak SSL ciphers supported by the remote server :

Low Strength Ciphers (< 56-bit key)


6

7

TLSv1

EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1

export

EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2-CBC(40) Mac=MD5

export

EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5

export

The fields above are :

{OpenSSL ciphername}

Kx={key exchange}

Au={authentication}

Enc={symmetric encryption method}

Mac={message authentication code}

{export flag}

20007 - SSL Version 2 and 3 Protocol Detection

Synopsis

The remote service encrypts traffic using a protocol with known weaknesses.

Description

The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL reportedly

suffer from several cryptographic flaws. An attacker may be able to exploit these flaws to conduct man-in-the-middle

attacks or to decrypt communications between the affected service and clients.

NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement

found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'.

See Also

http://www.schneier.com/paper-ssl.pdf

http://support.microsoft.com/kb/187498

http://www.nessus.org/u?247c4540

https://www.openssl.org/~bodo/ssl-poodle.pdf

http://www.nessus.org/u?5d15ba70

Solution

Consult the application's documentation to disable SSL 2.0 and 3.0.

Use TLS 1.0 or higher instead.

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:


Ports

tcp/389

- SSLv3 is enabled and the server supports at least one cipher.

42873 - SSL Medium Strength Cipher Suites Supported

Synopsis

The remote service supports the use of medium strength SSL ciphers.

Description

The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as

those with key lengths at least 56 bits and less than 112 bits.


Solution


7

8

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Risk Factor

Medium

CVSS Base Score


Plugin Information:


Ports

tcp/389

Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (>= 56-bit and < 112-bit key)

TLSv1

DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1



Kx={key exchange}

Au={authentication}



{export flag}

636/tcp


Synopsis


Description



See Also


Solution


Risk Factor

Medium

CVSS Base Score


References

XREF CWE:326

XREF CWE:327

XREF CWE:720

XREF CWE:753

XREF CWE:803

XREF CWE:928

XREF CWE:934

Plugin Information:


8

9


Ports

tcp/636



TLSv1


export


export


export



Kx={key exchange}

Au={authentication}



{export flag}


Synopsis


Description






See Also






Solution



Risk Factor

Medium

CVSS Base Score


Plugin Information:


Ports

tcp/636



Synopsis


9

10


Description




Solution


Risk Factor

Medium

CVSS Base Score


Plugin Information:


Ports

tcp/636



TLSv1




Kx={key exchange}

Au={authentication}



{export flag}

42880 - SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection

Synopsis

The remote service allows insecure renegotiation of TLS / SSL connections.

Description

The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after

the initial handshake.

An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext

into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service

assumes that the sessions before and after renegotiation are from the same 'client' and merges them at the

application layer.

See Also

http://www.ietf.org/mail-archive/web/tls/current/msg03948.html

http://www.g-sec.lu/practicaltls.pdf

http://tools.ietf.org/html/rfc5746

Solution

Contact the vendor for specific patch information.

Risk Factor

Medium

CVSS Base Score

5.8 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)

CVSS Temporal Score


10

11


References

BID 36935

CVE CVE-2009-3555

XREF OSVDB:59968

XREF OSVDB:59969

XREF OSVDB:59970

XREF OSVDB:59971

XREF OSVDB:59972

XREF OSVDB:59973

XREF OSVDB:59974

XREF OSVDB:60366

XREF OSVDB:60521

XREF OSVDB:61234

XREF OSVDB:61718

XREF OSVDB:61784

XREF OSVDB:61785

XREF OSVDB:61929

XREF OSVDB:62064

XREF OSVDB:62135

XREF OSVDB:62210

XREF OSVDB:62273

XREF OSVDB:62536

XREF OSVDB:62877

XREF OSVDB:64040

XREF OSVDB:64499

XREF OSVDB:64725

XREF OSVDB:65202

XREF OSVDB:66315

XREF OSVDB:67029

XREF OSVDB:69032

XREF OSVDB:69561


11

12

XREF OSVDB:70055

XREF OSVDB:70620

XREF OSVDB:71951

XREF OSVDB:71961

XREF OSVDB:74335

XREF OSVDB:75622

XREF OSVDB:77832

XREF OSVDB:90597

XREF OSVDB:99240

XREF OSVDB:100172

XREF OSVDB:104575

XREF OSVDB:104796

XREF CERT:120541

XREF CWE:310

Plugin Information:


Ports

tcp/636

SSLv3 supports insecure renegotiation.

8080/tcp

34460 - Unsupported Web Server Detection

Synopsis

The remote web server is obsolete / unsupported.

Description

According to its version, the remote web server is obsolete and no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may

contain security vulnerabilities.

Solution

Remove the service if it is no longer needed. Otherwise, upgrade to a newer version if possible or switch to another

server.

Risk Factor

High

CVSS Base Score

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Plugin Information:


Ports

tcp/8080

Product : Tomcat

Installed version : 5.0.28

Supported versions : 7.0.x / 6.0.x


12

13

Additional information : http://wiki.apache.org/tomcat/TomcatVersions

12085 - Apache Tomcat servlet/JSP container default files

Synopsis

The remote web server contains example files.

Description

Example JSPs and Servlets are installed in the remote Apache Tomcat servlet/JSP container. These files should be

removed as they may help an attacker uncover information about the remote Tomcat install or host itself. Or they may

themselves contain vulnerabilities such as cross-site scripting issues.

Solution

Review the files and delete those that are not needed.

Risk Factor

Medium

CVSS Base Score

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

References

XREF CWE:20

XREF CWE:74

XREF CWE:79

XREF CWE:442

XREF CWE:629

XREF CWE:711

XREF CWE:712

XREF CWE:722

XREF CWE:725

XREF CWE:750

XREF CWE:751

XREF CWE:800

XREF CWE:801

XREF CWE:809

XREF CWE:811

XREF CWE:864

XREF CWE:900

XREF CWE:928

XREF CWE:931

XREF CWE:990

Plugin Information:


Ports


13

14

tcp/8080

The following default files were found :

/tomcat-docs/index.html

8443/tcp

34460 - Unsupported Web Server Detection

Synopsis

The remote web server is obsolete / unsupported.

Description

According to its version, the remote web server is obsolete and no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may

contain security vulnerabilities.

Solution

Remove the service if it is no longer needed. Otherwise, upgrade to a newer version if possible or switch to another

server.

Risk Factor

High

CVSS Base Score

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Plugin Information:


Ports

tcp/8443

Product : Tomcat

Installed version : 5.0.28

Supported versions : 7.0.x / 6.0.x

Additional information : http://wiki.apache.org/tomcat/TomcatVersions


Synopsis


Description




Solution


Risk Factor

Medium

CVSS Base Score


References

XREF CWE:20

XREF CWE:74

XREF CWE:79

XREF CWE:442

XREF CWE:629


14

15

XREF CWE:711

XREF CWE:712

XREF CWE:722

XREF CWE:725

XREF CWE:750

XREF CWE:751

XREF CWE:800

XREF CWE:801

XREF CWE:809

XREF CWE:811

XREF CWE:864

XREF CWE:900

XREF CWE:928

XREF CWE:931

XREF CWE:990

Plugin Information:


Ports

tcp/8443


/tomcat-docs/index.html

15901 - SSL Certificate Expiry

Synopsis

The remote server's SSL certificate has already expired.

Description

This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and reports

whether any have already expired.

Solution

Purchase or generate a new SSL certificate to replace the existing one.

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Plugin Information:


Ports

tcp/8443

The SSL certificate has already expired :


15

16

Subject : C=US, ST=, L=, O=Novell, OU=iManager, CN=Temporary Certificate

Issuer : C=US, ST=, L=, O=Novell, OU=iManager, CN=Temporary Certificate

Not valid before : Jan 4 12:31:31 2010 GMT

Not valid after : Jan 4 12:31:31 2011 GMT


Synopsis


Description



See Also


Solution


Risk Factor

Medium

CVSS Base Score


References

XREF CWE:326

XREF CWE:327

XREF CWE:720

XREF CWE:753

XREF CWE:803

XREF CWE:928

XREF CWE:934

Plugin Information:


Ports

tcp/8443



TLSv1

EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1

export


export


export



Kx={key exchange}

Au={authentication}



{export flag}


Synopsis


16

17


Description






See Also






Solution



Risk Factor

Medium

CVSS Base Score


Plugin Information:


Ports

tcp/8443



Synopsis


Description




Solution


Risk Factor

Medium

CVSS Base Score


Plugin Information:


Ports

tcp/8443




17

18

TLSv1

EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES-CBC(56) Mac=SHA1




Kx={key exchange}

Au={authentication}



{export flag}


Synopsis


Description






application layer.

See Also




Solution


Risk Factor

Medium

CVSS Base Score


CVSS Temporal Score


References

BID 36935

CVE CVE-2009-3555

XREF OSVDB:59968

XREF OSVDB:59969

XREF OSVDB:59970

XREF OSVDB:59971

XREF OSVDB:59972

XREF OSVDB:59973

XREF OSVDB:59974

XREF OSVDB:60366

XREF OSVDB:60521


18

19

XREF OSVDB:61234

XREF OSVDB:61718

XREF OSVDB:61784

XREF OSVDB:61785

XREF OSVDB:61929

XREF OSVDB:62064

XREF OSVDB:62135

XREF OSVDB:62210

XREF OSVDB:62273

XREF OSVDB:62536

XREF OSVDB:62877

XREF OSVDB:64040

XREF OSVDB:64499

XREF OSVDB:64725

XREF OSVDB:65202

XREF OSVDB:66315

XREF OSVDB:67029

XREF OSVDB:69032

XREF OSVDB:69561

XREF OSVDB:70055

XREF OSVDB:70620

XREF OSVDB:71951

XREF OSVDB:71961

XREF OSVDB:74335

XREF OSVDB:75622

XREF OSVDB:77832

XREF OSVDB:90597

XREF OSVDB:99240

XREF OSVDB:100172

XREF OSVDB:104575

XREF OSVDB:104796


19

20

XREF CERT:120541

XREF CWE:310

Plugin Information:


Ports

tcp/8443

TLSv1 supports insecure renegotiation.



20

21

10.33.105.37

Host Information

DNS Name: srvban18dvsql01.fs.mphasis.com

Netbios Name: SRVBAN18DVSQL01

IP: 10.33.105.37

MAC Address: 00:1a:a0:b5:b4:85

OS: Microsoft Windows Server 2003 Service Pack 2

Results Summary


0 0 3 0 0 3

Results Details

1433/tcp


Synopsis


Description



See Also


Solution


Risk Factor

Medium

CVSS Base Score


References

XREF CWE:326

XREF CWE:327

XREF CWE:720

XREF CWE:753

XREF CWE:803

XREF CWE:928

XREF CWE:934

Plugin Information:



21

22

Ports

tcp/1433



TLSv1


export


export



Kx={key exchange}

Au={authentication}



{export flag}


Synopsis


Description






See Also






Solution



Risk Factor

Medium

CVSS Base Score


Plugin Information:


Ports

tcp/1433



Synopsis


Description


22

23




Solution


Risk Factor

Medium

CVSS Base Score


Plugin Information:


Ports

tcp/1433



TLSv1

EXP1024-DES-CBC-SHA Kx=RSA(1024) Au=RSA Enc=DES-CBC(56) Mac=SHA1

export

EXP1024-RC4-SHA Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1

export




Kx={key exchange}

Au={authentication}



{export flag}


23

24

10.33.105.38

Host Information

DNS Name: srvban18qasql02.fs.mphasis.com

Netbios Name: SRVBAN18QASQL02

IP: 10.33.105.38

MAC Address: 00:1a:a0:bf:65:c4


Results Summary


0 0 3 0 0 3

Results Details

1433/tcp


Synopsis


Description



See Also


Solution


Risk Factor

Medium

CVSS Base Score


References

XREF CWE:326

XREF CWE:327

XREF CWE:720

XREF CWE:753

XREF CWE:803

XREF CWE:928

XREF CWE:934

Plugin Information:



24

25

Ports

tcp/1433



TLSv1


export


export



Kx={key exchange}

Au={authentication}



{export flag}


Synopsis


Description






See Also






Solution



Risk Factor

Medium

CVSS Base Score


Plugin Information:


Ports

tcp/1433



Synopsis


Description


25

26




Solution


Risk Factor

Medium

CVSS Base Score


Plugin Information:


Ports

tcp/1433



TLSv1


export


export




Kx={key exchange}

Au={authentication}



{export flag}


26

27

10.33.105.43

Host Information

DNS Name: srvban18bkp02.fs.mphasis.com

Netbios Name: SRVBAN18BKP02

IP: 10.33.105.43

MAC Address: 00:17:a4:10:48:a3


Results Summary


0 0 1 0 0 1

Results Details

9000/tcp

10297 - Web Server Directory Traversal Arbitrary File Access

Synopsis

The remote web server is affected by a directory traversal vulnerability.

Description

It appears possible to read arbitrary files on the remote host outside the web server's document directory using a

specially crafted URL. An unauthenticated attacker may be able to exploit this issue to access sensitive information to

aide in subsequent attacks.

Note that this plugin is not limited to testing for known vulnerabilities in a specific set of web servers. Instead, it

attempts a variety of generic directory traversal attacks and considers a product to be vulnerable simply if it finds

evidence of the contents of '/etc/passwd' or a Windows 'win.ini' file in the response. It may, in fact, uncover 'new'

issues, that have yet to be reported to the product's vendor.

Solution

Contact the vendor for an update, use a different product, or disable the service altogether.

Risk Factor

Medium

CVSS Base Score


CVSS Temporal Score


References

BID 7308

BID 7362

BID 7378

BID 7544

BID 7715

BID 26583


27

28

BID 32412

BID 40053

BID 40133

BID 40680

BID 43230

BID 43258

BID 43356

BID 43358

BID 43830

BID 44393

BID 44564

BID 44586

BID 45599

BID 45603

BID 47760

BID 47842

BID 47987

BID 48114

BID 48926

BID 51286

BID 51311

BID 51399

BID 52327

BID 52384

BID 52541

BID 56871

BID 57143

BID 57313

BID 58794

BID 67389

BID 70760


28

29

CVE CVE-2000-0920

CVE CVE-2007-6483

CVE CVE-2008-5315

CVE CVE-2010-1571

CVE CVE-2010-3459

CVE CVE-2010-3487

CVE CVE-2010-3488

CVE CVE-2010-3743

CVE CVE-2010-4181

CVE CVE-2011-1900

CVE CVE-2011-2524

CVE CVE-2011-4788

CVE CVE-2012-0697

CVE CVE-2012-1464

CVE CVE-2012-5100

CVE CVE-2012-5335

CVE CVE-2012-5344

CVE CVE-2012-5641

CVE CVE-2013-2619

CVE CVE-2013-3304

CVE CVE-2014-3744

XREF OSVDB:3681

XREF OSVDB:42402

XREF OSVDB:50288

XREF OSVDB:64532

XREF OSVDB:64611

XREF OSVDB:65285

XREF OSVDB:68026

XREF OSVDB:68089

XREF OSVDB:68141

XREF OSVDB:68538


29

30

XREF OSVDB:68880

XREF OSVDB:68962

XREF OSVDB:70176

XREF OSVDB:72231

XREF OSVDB:72498

XREF OSVDB:72972

XREF OSVDB:73413

XREF OSVDB:74135

XREF OSVDB:78307

XREF OSVDB:78308

XREF OSVDB:79653

XREF OSVDB:79867

XREF OSVDB:80586

XREF OSVDB:82647

XREF OSVDB:82678

XREF OSVDB:88925

XREF OSVDB:89293

XREF EDB-ID:24915

XREF EDB-ID:33428

XREF EDB-ID:35056

XREF CWE:22

Plugin Information:


Ports

tcp/9000

Nessus was able to retrieve the remote host's 'win.ini' file using the

following URL :

- http://srvban18bkp02.fs.mphasis.com:9000/../../../../../../../../../../../../winnt/win.ini

Here are the contents :

------------------------------ snip ------------------------------

; for 16-bit app support

[fonts]

[extensions]

[mci extensions]

[files]

[MCI Extensions.BAK]

asf=MPEGVideo

asx=MPEGVideo

m3u=MPEGVideo

mp2v=MPEGVideo


30

31

mp3=MPEGVideo

mpv2=MPEGVideo

wax=MPEGVideo

wm=MPEGVideo

wma=MPEGVideo

wmv=MPEGVideo

wvx=MPEGVideo

wmx=MPEGVideo2

wpl=MPEGVideo

[WinZip]

Note-1=This section is required only to install the optional WinZip Internet Browser Support

build 0231.

Note-2=Removing this section of the win.ini will have no effect except preventing installation of

WinZip Internet Browser Support build 0231.

win32_version=6.3-8.0

[Solitaire]

Options=3

[Mail]

MAPI=1

CMCDLLNAME32=mapi32.dll

CMCDLLNAME=mapi.dll

CMC=1

MAPIX=1

MAPIXVER=1.0.0.1

OLEMessaging=1

------------------------------ snip ------------------------------

Note that Nessus stopped searching after one exploit was found. To

report all known exploits, enable 'Thorough tests' and re-scan.


31

32

10.33.105.50

Host Information

DNS Name: mpbakoraiusrv8.fs.mphasis.com

Netbios Name: MPBAKORAIUSRV8

IP: 10.33.105.50

MAC Address: 00:17:a4:10:ff:28


Results Summary


0 0 3 0 0 3

Results Details

1433/tcp


Synopsis


Description



See Also


Solution


Risk Factor

Medium

CVSS Base Score


References

XREF CWE:326

XREF CWE:327

XREF CWE:720

XREF CWE:753

XREF CWE:803

XREF CWE:928

XREF CWE:934

Plugin Information:



32

33

Ports

tcp/1433



TLSv1


export


export



Kx={key exchange}

Au={authentication}



{export flag}


Synopsis


Description






See Also






Solution



Risk Factor

Medium

CVSS Base Score


Plugin Information:


Ports

tcp/1433



Synopsis


Description


33

34




Solution


Risk Factor

Medium

CVSS Base Score


Plugin Information:


Ports

tcp/1433



TLSv1


export


export




Kx={key exchange}

Au={authentication}



{export flag}


34

35

10.33.105.52

Host Information

DNS Name: srvllaiusybase.fs.mphasis.com

Netbios Name: SRVLLAIUSYBASE

IP: 10.33.105.52

MAC Address: 00:17:a4:10:28:2c


Results Summary


0 0 3 0 0 3

Results Details

1498/tcp


Synopsis


Description



See Also


Solution


Risk Factor

Medium

CVSS Base Score


References

XREF CWE:326

XREF CWE:327

XREF CWE:720

XREF CWE:753

XREF CWE:803

XREF CWE:928

XREF CWE:934

Plugin Information:



35

36

Ports

tcp/1498



TLSv1


export


export



Kx={key exchange}

Au={authentication}



{export flag}


Synopsis


Description






See Also






Solution



Risk Factor

Medium

CVSS Base Score


Plugin Information:


Ports

tcp/1498



Synopsis


Description


36

37




Solution


Risk Factor

Medium

CVSS Base Score


Plugin Information:


Ports

tcp/1498



TLSv1


export


export




Kx={key exchange}

Au={authentication}



{export flag}


37

38

10.33.105.56

Host Information

IP: 10.33.105.56

OS: Microsoft Windows Vista, Microsoft Windows Server 2008, Microsoft Windows Server 2008

R2, Microsoft Windows 7

Results Summary


0 0 1 0 0 1

Results Details

8080/tcp


Synopsis


Description




Solution


Risk Factor

Medium

CVSS Base Score


References

XREF CWE:20

XREF CWE:74

XREF CWE:79

XREF CWE:442

XREF CWE:629

XREF CWE:711

XREF CWE:712

XREF CWE:722

XREF CWE:725

XREF CWE:750

XREF CWE:751

XREF CWE:800


38

39

XREF CWE:801

XREF CWE:809

XREF CWE:811

XREF CWE:864

XREF CWE:900

XREF CWE:928

XREF CWE:931

XREF CWE:990

Plugin Information:


Ports

tcp/8080


/examples/servlets/index.html

/examples/jsp/snp/snoop.jsp

/examples/jsp/index.html


39

40

10.33.105.85

Host Information

Netbios Name: WKSBAN18ALF7169

IP: 10.33.105.85

MAC Address: 2c:27:d7:46:b5:d8

OS: Microsoft Windows 7 Enterprise

Results Summary


0 0 1 0 0 1

Results Details

8080/tcp


Synopsis


Description




Solution


Risk Factor

Medium

CVSS Base Score


References

XREF CWE:20

XREF CWE:74

XREF CWE:79

XREF CWE:442

XREF CWE:629

XREF CWE:711

XREF CWE:712

XREF CWE:722

XREF CWE:725

XREF CWE:750


40

41

XREF CWE:751

XREF CWE:800

XREF CWE:801

XREF CWE:809

XREF CWE:811

XREF CWE:864

XREF CWE:900

XREF CWE:928

XREF CWE:931

XREF CWE:990

Plugin Information:


Ports

tcp/8080






41

42

10.33.105.108

Host Information


IP: 10.33.105.108

MAC Address: 3c:d9:2b:4c:bf:25


Results Summary


0 0 1 0 0 1

Results Details

8080/tcp


Synopsis


Description




Solution


Risk Factor

Medium

CVSS Base Score


References

XREF CWE:20

XREF CWE:74

XREF CWE:79

XREF CWE:442

XREF CWE:629

XREF CWE:711

XREF CWE:712

XREF CWE:722

XREF CWE:725

XREF CWE:750


42

43

XREF CWE:751

XREF CWE:800

XREF CWE:801

XREF CWE:809

XREF CWE:811

XREF CWE:864

XREF CWE:900

XREF CWE:928

XREF CWE:931

XREF CWE:990

Plugin Information:


Ports

tcp/8080






43

44

10.33.105.125

Host Information


IP: 10.33.105.125

MAC Address: 2c:27:d7:46:b6:0c


Results Summary


0 0 5 0 0 5

Results Details

8880/tcp

64097 - IBM WebSphere Application Server 7.0 < Fix Pack 27 Multiple Vulnerabilities

Synopsis

The remote application server may be affected by multiple vulnerabilities.

Description

IBM WebSphere Application Server 7.0 before Fix Pack 27 appears to be running on the remote host. It is, therefore,

potentially affected by the following vulnerabilities :

- A request validation error exists related to the proxy server component that could allow a remote attacker to cause

the proxy status to be reported as disabled, thus denying applications access to the proxy.

(CVE-2012-3330, PM71319)

- A user-supplied input validation error exists that could allow cross-site request forgery (CSRF) attacks to be carried

out. (CVE-2012-4853, PM62920)

- Unspecified errors exist related to the administration console that could allow cross-site scripting attacks.

(CVE-2013-0458, CVE-2013-0459, CVE-2013-0460, PM71139, PM72536, PM72275)

- An unspecified error exists related to the administration console for 'virtual member manager'

(VMM) that can allow cross-site scripting.

(CVE-2013-0461, PM71389)

See Also

http://www.nessus.org/u?c8df3590

http://www.nessus.org/u?85335f50

http://www.nessus.org/u?6249ee05

http://www.nessus.org/u?5ae80ba2

Solution

If using WebSphere Application Server, apply Fix Pack 27 (7.0.0.27) or later.

Otherwise, if using embedded WebSphere Application Server packaged with Tivoli Directory Server, contact the

vendor for more information as IBM currently has not a published fix pack 27 for that.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Temporal Score

3.6 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)


44

45

References

BID 56458

BID 56459

BID 57508

BID 57509

BID 57510

BID 57512

CVE CVE-2012-3330

CVE CVE-2012-4853

CVE CVE-2013-0458

CVE CVE-2013-0459

CVE CVE-2013-0460

CVE CVE-2013-0461

XREF OSVDB:87338

XREF OSVDB:87339

XREF OSVDB:89514

XREF OSVDB:89515

XREF OSVDB:89517

XREF OSVDB:89518

XREF CWE:20

XREF CWE:74

XREF CWE:79

XREF CWE:442

XREF CWE:629

XREF CWE:711

XREF CWE:712

XREF CWE:722

XREF CWE:725

XREF CWE:750

XREF CWE:751

XREF CWE:800

XREF CWE:801


45

46

XREF CWE:809

XREF CWE:811

XREF CWE:864

XREF CWE:900

XREF CWE:928

XREF CWE:931

XREF CWE:990

Plugin Information:


Ports

tcp/8880

Version source :

Installed version : 7.0.0.0

Fixed version : 7.0.0.27


Synopsis


Description






See Also






Solution



Risk Factor

Medium

CVSS Base Score


Plugin Information:


Ports

tcp/8880



46

47


Synopsis


Description






application layer.

See Also




Solution


Risk Factor

Medium

CVSS Base Score


CVSS Temporal Score


References

BID 36935

CVE CVE-2009-3555

XREF OSVDB:59968

XREF OSVDB:59969

XREF OSVDB:59970

XREF OSVDB:59971

XREF OSVDB:59972

XREF OSVDB:59973

XREF OSVDB:59974

XREF OSVDB:60366

XREF OSVDB:60521

XREF OSVDB:61234

XREF OSVDB:61718

XREF OSVDB:61784

XREF OSVDB:61785

XREF OSVDB:61929


47

48

XREF OSVDB:62064

XREF OSVDB:62135

XREF OSVDB:62210

XREF OSVDB:62273

XREF OSVDB:62536

XREF OSVDB:62877

XREF OSVDB:64040

XREF OSVDB:64499

XREF OSVDB:64725

XREF OSVDB:65202

XREF OSVDB:66315

XREF OSVDB:67029

XREF OSVDB:69032

XREF OSVDB:69561

XREF OSVDB:70055

XREF OSVDB:70620

XREF OSVDB:71951

XREF OSVDB:71961

XREF OSVDB:74335

XREF OSVDB:75622

XREF OSVDB:77832

XREF OSVDB:90597

XREF OSVDB:99240

XREF OSVDB:100172

XREF OSVDB:104575

XREF OSVDB:104796

XREF CERT:120541

XREF CWE:310

Plugin Information:


Ports

tcp/8880



48

49

9043/tcp


Synopsis


Description






See Also






Solution



Risk Factor

Medium

CVSS Base Score


Plugin Information:


Ports

tcp/9043


9443/tcp


Synopsis


Description






See Also






Solution


49

50



Risk Factor

Medium

CVSS Base Score


Plugin Information:


Ports

tcp/9443



50

51

10.33.105.136

Host Information


IP: 10.33.105.136

MAC Address: d4:85:64:b3:7e:be


Results Summary


0 0 1 0 0 1

Results Details

8080/tcp


Synopsis


Description




Solution


Risk Factor

Medium

CVSS Base Score


References

XREF CWE:20

XREF CWE:74

XREF CWE:79

XREF CWE:442

XREF CWE:629

XREF CWE:711

XREF CWE:712

XREF CWE:722

XREF CWE:725

XREF CWE:750


51

52

XREF CWE:751

XREF CWE:800

XREF CWE:801

XREF CWE:809

XREF CWE:811

XREF CWE:864

XREF CWE:900

XREF CWE:928

XREF CWE:931

XREF CWE:990

Plugin Information:


Ports

tcp/8080






52

53

10.33.105.158

Host Information


IP: 10.33.105.158

MAC Address: 2c:27:d7:46:b4:32


Results Summary


0 0 1 0 0 1

Results Details

1433/tcp


Synopsis


Description






See Also






Solution



Risk Factor

Medium

CVSS Base Score


Plugin Information:


Ports

tcp/1433



53

54

10.33.105.160

Host Information


IP: 10.33.105.160

MAC Address: 2c:27:d7:46:b6:55


Results Summary


0 0 1 0 0 1

Results Details

80/tcp

11213 - HTTP TRACE / TRACK Methods Allowed

Synopsis

Debugging functions are enabled on the remote web server.

Description

The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that

are used to debug web server connections.

See Also

http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf

http://www.apacheweek.com/issues/03-01-24

http://download.oracle.com/sunalerts/1000718.1.html

Solution

Disable these methods. Refer to the plugin output for more information.

Risk Factor

Medium

CVSS Base Score


CVSS Temporal Score


References

BID 9506

BID 9561

BID 11604

BID 33374

BID 37995

CVE CVE-2003-1567


54

55

CVE CVE-2004-2320

CVE CVE-2010-0386

XREF OSVDB:877

XREF OSVDB:3726

XREF OSVDB:5648

XREF OSVDB:50485

XREF CERT:288308

XREF CERT:867593

XREF CWE:16

Plugin Information:


Ports

tcp/80

Nessus sent the following TRACE request :

------------------------------ snip ------------------------------

TRACE /Nessus34398088.html HTTP/1.1

Connection: Close

Host: 10.33.105.160

Pragma: no-cache

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*

Accept-Language: en

Accept-Charset: iso-8859-1,*,utf-8

------------------------------ snip ------------------------------

and received the following response from the remote server :

------------------------------ snip ------------------------------

HTTP/1.1 200 OK

Server: Sun-ONE-Web-Server/6.1

Date: Thu, 23 Jul 2015 21:00:45 GMT

Content-type: message/http

Connection: close

TRACE /Nessus34398088.html HTTP/1.1

Connection: Close

Host: 10.33.105.160

Pragma: no-cache

User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*

Accept-language: en

Accept-charset: iso-8859-1,*,utf-8

------------------------------ snip ------------------------------


55

56

10.33.105.171

Host Information


IP: 10.33.105.171

MAC Address: 00:23:24:08:31:aa


Results Summary


0 0 1 0 0 1

Results Details

1433/tcp


Synopsis


Description






See Also






Solution



Risk Factor

Medium

CVSS Base Score


Plugin Information:


Ports

tcp/1433



56

57

10.33.105.177

Host Information


IP: 10.33.105.177

MAC Address: 2c:27:d7:47:6b:2b


Results Summary


1 0 0 0 0 1

Results Details

8080/tcp

34970 - Apache Tomcat Manager Common Administrative Credentials

Synopsis

The management console for the remote web server is protected using a known set of credentials.

Description

Nessus was able to gain access to the Manager web application for the remote Tomcat server using a known set of

credentials. A remote attacker can exploit this issue to install a malicious application on the affected server and run

arbitrary code with Tomcat's privileges (usually SYSTEM on Windows, or the unprivileged 'tomcat' account on Unix).

Worms are known to propagate this way.

See Also

http://markmail.org/thread/wfu4nff5chvkb6xp

http://svn.apache.org/viewvc?view=revision&revision=834047

http://www.intevydis.com/blog/?p=87

http://www.zerodayinitiative.com/advisories/ZDI-10-214/

http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0260.html

Solution

Edit the associated 'tomcat-users.xml' file and change or remove the affected set of credentials.

Risk Factor

Critical

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score

8.3 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

References

BID 36253

BID 36954

BID 37086


57

58

BID 38084

BID 44172

CVE CVE-2009-3099

CVE CVE-2009-3548

CVE CVE-2010-0557

CVE CVE-2010-4094

XREF OSVDB:57898

XREF OSVDB:60176

XREF OSVDB:60317

XREF OSVDB:62118

XREF OSVDB:69008

XREF EDB-ID:18619

XREF CWE:255

Exploitable with

Core Impact (true)Metasploit (true)

Plugin Information:


Ports

tcp/8080

It was possible to log into the Tomcat Manager web app using the

following info :

URL : http://10.33.105.177:8080/manager/html

Username : admin

Password :

URL : http://10.33.105.177:8080/host-manager/html

Username : admin

Password :

URL : http://10.33.105.177:8080/manager/status

Username : admin

Password :

Date post:	10-Jan-2016
Category:	Documents
Upload:	anonymous-ovq7ue2wz
View:	45 times
Download:	0 times

VA_AIG_10.33.105.0_Report.pdf

Documents