| Network Vulnerability Assessment Report |
| |
| Sorted by host names |
| |||||||||
|
| Host | Holes | Warnings | Open ports | State |
| 10.0.0.9 | 2 | 13 | 2 | Finished |
| Service | Severity | Description |
| https (443/tcp) | Port is open | |
| www (80/tcp) | Port is open | |
| general/tcp | The remote host seems to generate Initial Sequence Numbers (ISN) in a weak manner which seems to solely depend on the source and dest port of the TCP packets. An attacker may exploit this flaw to establish spoofed connections to the remote host. The Raptor Firewall and Novell Netwoare are known to be vulnerable to this flaw, altough other network devices may be vulnerable as well. Solution : If you are using a Raptor Firewall, see http://www.symantec.com/techsupp/bulletin/archive/firewall/082002firewall.html If you are running Novell Netware 6, see: http://support.novell.com/servlet/tidfinder/2964249 Reference : http://online.securityfocus.com/archive/1/285729 Risk factor : High CVE : CAN-2002-1463 | |
| general/icmp | The remote host is vulnerable to an 'Etherleak' - the remote ethernet driver seems to leak bits of the content of the memory of the remote operating system. Note that an attacker may take advantage of this flaw only when its target is on the same physical subnet. See also : http://www.atstake.com/research/advisories/2003/a010603-1.txt Solution : Contact your vendor for a fix Risk factor : Serious CVE : CAN-2003-0001 BID : 6535 | |
| www (80/tcp) | A web server is running on this port | |
| https (443/tcp) | A web server is running on this port through SSL | |
| https (443/tcp) | A SSLv2 server answered on this port | |
| general/udp | For your information, here is the traceroute to 10.0.0.9 : 10.0.0.201 10.0.0.9 | |
| general/tcp | The remote host uses non-random IP IDs, that is, it is possible to predict the next value of the ip_id field of the ip packets sent by this host. An attacker may use this feature to determine traffic patterns within your network. A few examples (not at all exhaustive) are: 1. A remote attacker can determine if the remote host sent a packet in reply to another request. Specifically, an attacker can use your server as an unwilling participant in a blind portscan of another network. 2. A remote attacker can roughly determine server requests at certain times of the day. For instance, if the server is sending much more traffic after business hours, the server may be a reverse proxy or other remote access device. An attacker can use this information to concentrate his/her efforts on the more critical machines. 3. A remote attacker can roughly estimate the number of requests that a web server processes over a period of time. Solution : Contact your vendor for a patch Risk factor : Low | |
| https (443/tcp) | This web server is [mis]configured in that it does not return '404 Not Found' error codes when a non-existent file is requested, perhaps returning a site map, search page or authentication page instead. Nessus enabled some counter measures for that, however they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate | |
| www (80/tcp) | This web server is [mis]configured in that it does not return '404 Not Found' error codes when a non-existent file is requested, perhaps returning a site map, search page or authentication page instead. Nessus enabled some counter measures for that, however they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate | |
| https (443/tcp) | The remote web server type is : ATEN HTTP Server(V1.0) Solution : We recommend that you configure (if possible) your web server to return a bogus Server header in order to not leak information. | |
| www (80/tcp) | The remote web server type is : ATEN HTTP Server(V1.0) Solution : We recommend that you configure (if possible) your web server to return a bogus Server header in order to not leak information. | |
| https (443/tcp) | Here is the SSLv2 server certificate: Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: C=CA, ST=BC, L=RICHMOND, O=ATEN, OU=Aten, CN=Aten Validity Not Before: Nov 25 18:26:42 2003 GMT Not After : Nov 22 18:26:42 2013 GMT Subject: C=CA, ST=BC, L=RICHMOND, O=ATEN, OU=Aten, CN=Aten Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:ff:2d:d8:2b:fc:0f:c5:b0:13:c1:1b:f9:c0:c7: 56:e9:07:e9:59:51:d2:b2:e5:db:ae:80:6e:bc:99: 93:b6:72:0a:38:3a:41:f3:07:5d:a7:2d:5a:e4:be: 4b:11:81:64:86:3a:02:db:af:c3:f5:9f:e0:d7:be: 59:f0:42:ba:93:eb:23:f4:32:fd:6c:0b:a1:fb:d7: f5:15:71:1b:d8:7a:88:f7:c2:7c:b0:e6:85:34:1f: aa:14:cb:e1:00:23:64:57:62:b5:c7:0c:e1:d0:1c: 57:b8:92:71:d1:ba:9a:c5:4e:a1:70:01:43:97:0c: cf:48:3c:d3:bc:8c:1e:cb:a3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 37:DC:A8:8F:91:53:C6:D5:F7:FB:54:DF:60:EE:59:83:99:41:83:C3 X509v3 Authority Key Identifier: keyid:37:DC:A8:8F:91:53:C6:D5:F7:FB:54:DF:60:EE:59:83:99:41:83:C3 DirName:/C=CA/ST=BC/L=RICHMOND/O=ATEN/OU=Aten/CN=Aten serial:00 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: md5WithRSAEncryption c4:d3:45:85:47:6b:e4:5a:f7:dc:db:4e:73:d7:1e:92:10:7d: a7:7d:0c:98:f7:ca:8d:28:b0:3a:17:b9:1d:33:5c:04:68:d8: af:6b:cb:1d:b2:87:ae:c6:eb:1f:f2:26:80:c8:cc:7c:d5:a2: 13:43:27:9b:b6:04:2d:17:68:19:e2:2b:db:da:b0:a6:97:2f: b5:16:e8:a2:42:0b:b0:3f:24:69:34:87:48:0f:12:b7:11:13: 10:b5:68:05:32:c7:d9:eb:b4:38:c3:36:d2:94:bb:95:ef:1e: a3:fb:d7:6c:97:99:b6:86:7b:2a:4b:92:b1:6a:b0:7b:00:11: 84:58 Here is the list of available SSLv2 ciphers: RC4-MD5 EXP-RC4-MD5 RC4-64-MD5 The SSLv2 server offers 2 strong ciphers, but also 0 medium strength and 1 weak "export class" ciphers. The weak/medium ciphers may be chosen by an export-grade or badly configured client software. They only offer a limited protection against a brute force attack Solution: disable those ciphers and upgrade your client software if necessary. See http://support.microsoft.com/default.aspx?scid=kb en-us 216482 or http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslciphersuite This SSLv2 server also accepts SSLv3 connections. This SSLv2 server also accepts TLSv1 connections. | |
| general/tcp | The remote host might be vulnerable to a sequence number approximation bug, which may allow an attacker to send spoofed RST packets to the remote host and close established connections. This may cause problems for some dedicated services (BGP, a VPN over TCP, etc...). Solution : See http://www.securityfocus.com/bid/10183/solution/ Risk factor : Medium CVE : CAN-2004-0230 BID : 10183 Other references : OSVDB:4030, IAVA:2004-A-0007 | |
| https (443/tcp) | The target host is running a version of osTicket that enables a remote user to view attachments associated with existing tickets from any user. These attachments may contain sensitive information. Solution : Upgrade to osTicket STS 1.2.7 or later. Risk factor : Low CVE : CAN-2004-0613 | |
| www (80/tcp) | The target host is running a version of osTicket that enables a remote user to view attachments associated with existing tickets from any user. These attachments may contain sensitive information. Solution : Upgrade to osTicket STS 1.2.7 or later. Risk factor : Low CVE : CAN-2004-0613 |