| Network Vulnerability Assessment Report |
| |
| Sorted by host names |
| |||||||||
|
| Host | Holes | Warnings | Open ports | State |
| 10.0.0.219 | 0 | 1 | 3 | Finished |
| Service | Severity | Description |
| https (443/tcp) | Port is open | |
| UPnP (5000/tcp) | Port is open | |
| www (80/tcp) | Port is open | |
| www (80/tcp) | osCommerce is an online shop e-commerce solution under on going development by the open source community. Its feature packed out-of-the-box installation allows store owners to setup, run, and maintain their online stores with minimum effort and with absolutely no costs or license fees involved. osCommerce is vulnerable to a XSS flaw. The flaw can be exploited when a malicious user passes a malformed session ID to URI. Solution : This is the response from the developer. To fix the issue, the $_sid parameter needs to be wrapped around tep_output_string() in the tep_href_link() function defined in includes/functions/html_output.php. Before: if (isset($_sid)) { $link .= $separator . $_sid } After: if (isset($_sid)) { $link .= $separator . tep_output_string($_sid) } osCommerce 2.2 Milestone 3 will redirect the user to the index page when a malformed session ID is used, so that a new session ID can be generated. Risk factor : Medium BID : 9238 | |
| UPnP (5000/tcp) | An unknown service is running on this port. It is usually reserved for VTUN | |
| general/udp | For your information, here is the traceroute from 10.0.0.59 to 10.0.0.219 : 10.0.0.59 10.0.0.219 | |
| general/icmp | Synopsis : It is possible to determine the exact time set on the remote host. Description : The remote host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on your machine. This may help him to defeat all your time based authentication protocols. Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). Risk factor : None / CVSS Base Score : 0 (AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N) CVE : CVE-1999-0524 | |
| https (443/tcp) | A TLSv1 server answered on this port | |
| www (80/tcp) | A web server is running on this port | |
| general/tcp | The remote host is running one of these operating systems : Linux Kernel 2.6 Linux Kernel 2.4 | |
| www (80/tcp) | The following directories were discovered: /admin While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards Other references : OWASP:OWASP-CM-006 | |
| www (80/tcp) | The remote web server type is : GoAhead-Webs | |
| www (80/tcp) | Synopsis : The remote web server itself is prone to cross-site scripting attacks. Description : The remote host is running a web server that fails to adequately sanitize request strings of Javascript. By exploiting this flaw, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. Solution : Contact the vendor for a patch or upgrade. Risk factor : Low / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N) Plugin output : The request string used to detect this flaw was\n /<script>cross_site_scripting.nasl</script>'.\n CVE : CVE-2002-1060, CVE-2005-2453 BID : 5305, 7344, 7353, 8037, 14473 | |
| https (443/tcp) | An unknown service is running on this port through SSL. It is usually reserved for HTTPS | |
| https (443/tcp) | Here is the SSLv3 server certificate: Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, ST=NJ, L=Somerset, O=Raritan Computer, Inc., OU=Engineering, CN=Raritan Computer, Inc./emailAddress=support@raritan.com Validity Not Before: Jun 16 16:35:44 2005 GMT Not After : Jun 15 16:35:44 2010 GMT Subject: C=US, ST=NJ, L=Somerset, O=Raritan Computer, Inc., OU=Engineering, CN=Raritan Computer, Inc./emailAddress=support@raritan.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:be:a9:93:7f:ae:b7:54:ba:21:86:07:51:ad:49: c6:60:11:23:cd:00:fb:2b:ad:d6:4e:bf:bc:57:fc: 98:5b:9a:33:69:8e:ea:85:51:7f:d0:9c:2d:6e:10: fd:e3:f0:51:ea:1c:3b:c3:6e:f2:d4:85:25:34:9c: 74:02:31:ca:6b:e5:81:c1:77:b9:c9:27:c0:4a:43: 22:e2:52:08:f0:19:d0:57:6d:65:b1:8f:d0:e6:e9: df:f3:ae:ec:10:b3:98:01:bd:b7:24:73:80:a6:e3: 13:0e:88:a3:f5:6c:cb:7f:43:cf:e3:dd:28:0e:01: 8c:22:2a:84:ba:70:d3:db:73:b0:7c:37:0d:f6:0f: 2c:56:86:67:8e:5e:10:5b:f9:0f:69:52:54:ef:60: a0:48:1c:7f:0e:53:a1:4f:67:e5:eb:33:13:73:10: 27:1d:09:ed:00:83:b9:01:70:e7:bf:16:46:f7:ae: 14:e4:59:02:7c:29:c1:78:fd:db:b2:64:13:57:2c: d0:b3:ad:07:45:04:72:9c:1b:7a:84:44:c3:b4:ed: 8f:24:e2:8b:81:11:a7:0c:48:cc:d3:f2:57:0f:7a: e8:eb:5e:cd:0a:fb:a6:55:5e:7f:e0:e0:15:df:75: d2:ab:0c:87:7e:61:0c:cb:f7:a4:5d:9b:d6:81:e1: 50:59 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 85:12:B6:92:E7:7C:4F:AF:B2:28:13:4F:5A:C6:7C:09:D5:92:7A:19 X509v3 Authority Key Identifier: keyid:85:12:B6:92:E7:7C:4F:AF:B2:28:13:4F:5A:C6:7C:09:D5:92:7A:19 DirName:/C=US/ST=NJ/L=Somerset/O=Raritan Computer, Inc./OU=Engineering/CN=Raritan Computer, Inc./emailAddress=support@raritan.com serial:00 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: md5WithRSAEncryption 56:68:27:18:04:16:74:82:20:d8:e5:06:8b:de:e9:f7:71:c1: 3b:7c:1b:00:83:c4:29:9f:d8:ff:7d:4c:cd:0a:36:5d:bc:dc: ca:19:9c:2c:c2:24:df:9a:98:df:69:6f:93:36:0f:d2:40:b1: a7:2b:66:c2:60:b4:95:90:8d:5e:52:35:2f:be:ee:08:db:4b: 91:66:23:98:fd:25:12:09:31:68:9c:ad:33:f4:6a:00:53:40: 49:56:6f:70:06:8c:fe:fe:7a:e7:0b:8d:a8:e3:dd:2d:12:b8: bc:b0:1d:a5:1f:f5:91:5c:9d:c3:33:55:c7:06:4e:ff:84:d1: 06:c7:ca:b2:a0:ee:5d:d1:3a:f4:29:19:e3:b7:8d:49:94:0c: 0f:3a:b0:f6:db:87:56:55:68:a7:72:b6:5f:b2:e0:1b:ad:ac: 36:53:86:f5:44:7a:8e:ee:9f:5e:85:d3:cf:47:7a:b6:a7:b9: c2:f3:e7:95:70:ec:f8:6b:a9:ae:88:e5:c6:ad:da:4f:fe:3d: 33:78:bc:8d:f1:33:e3:0a:4d:1f:f8:1b:6b:aa:0d:f0:46:fd: 0a:b2:8d:45:ee:71:66:ee:a6:c0:bf:33:5c:5c:c1:59:73:75: 23:77:65:dd:ff:25:bf:07:87:21:e8:b5:40:bc:01:76:44:56: 1b:53:e6:c2 This TLSv1 server does not accept SSLv2 connections. This TLSv1 server also accepts SSLv3 connections. | |
| general/tcp | Information about this scan : Nessus version : Unknown (NASL_LEVEL=2200) Plugin feed version : 200602130615 Type of plugin feed : Registered (7 days delay) Scanner IP : 10.0.0.59 Port range : 1-5100 Thorough tests : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : yes Max hosts : 16 Max checks : 10 Scan Start Date : 2006/2/14 16:15 Scan duration : 1656 sec | |
| UPnP (5000/tcp) | An unknown server is running on this port. If you know what it is, please send this banner to the Nessus team: 00: 00 00 00 0b 3c 43 53 43 2f 3e 00 00 00 00 4a 4b ....<CSC/>....JK 10: 58 5f 4b 49 4d 2d 30 32 36 37 00 00 00 00 00 0a X_KIM-0267...... 20: 00 00 db 13 88 00 1e 00 14 00 00 00 00 00 00 00 .. . ........... 30: 00 00 00 00 00 14 01 00 00 00 06 00 00 00 00 00 ................ 40: 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01 00 ................ 50: 00 00 00 00 03 ..... |