List of vulnerabilities found
- https (443/tcp) (found security warning)
- https (443/tcp) (found security warning)
- http (80/tcp) (found security warning)
- http (80/tcp) (found security warning)
- https (443/tcp) (found security warning)
- http (80/tcp) (found security warning)
- general/tcp (found security warning)
- https (443/tcp) (found security warning)
Security warning found on port/service "https (443/tcp)"
A SSLv2 server answered on this portSecurity warning found on port/service "https (443/tcp)"
A web server is running on this port through SSLSecurity warning found on port/service "http (80/tcp)"
A web server is running on this portSecurity warning found on port/service "http (80/tcp)"
The following CGI have been discovered : Syntax : cginame (arguments [default value]) /style/ (C=S O [A] C=N O [D] C=M O [A] C=D O [A] ) /style/css/ (C=S O [A] C=N O [D] C=M O [A] C=D O [A] ) /sas/user/login.do (login [] password [] country [US] e_invalidLoginDetails [] currency [USD] region [North America] ) /images/ (C=S O [A] C=N O [D] C=M O [A] C=D O [A] ) /css/ (C=S O [A] C=N O [D] C=M O [A] C=D O [A] ) /style/images/ (C=S O [A] C=N O [D] C=M O [A] C=D O [A] ) /images/style/ (C=S O [A] C=N O [D] C=M O [A] C=D O [A] ) /style/certs/ (C=S O [A] C=N O [D] C=M O [A] C=D O [A] ) /style/flash/ (C=S O [A] C=N O [D] C=M O [A] C=D O [A] )Directory index found at /css/
Directory index found at /style/images/
Directory index found at /images/style/
Directory index found at /style/
Directory index found at /images/
Directory index found at /style/certs/
Directory index found at /style/css/
Directory index found at /style/flash/
Security warning found on port/service "https (443/tcp)"
Synopsis : Debugging functions are enabled on the remote HTTP server. Description : The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections. It has been shown that servers supporting this method are subject to cross-site-scripting attacks, dubbed XST for "Cross-Site-Tracing", when used in conjunction with various weaknesses in browsers. An attacker may use this flaw to trick your legitimate web users to give him their credentials.Solution : Disable these methods. See also
http://www.kb.cert.org/vuls/id/867593Risk factor : Low / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Plugin output :
Solution : Add the following lines for each virtual host in your configuration file : RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F]
CVE : CVE-2004-2320 BID : 9506, 9561, 11604
Security warning found on port/service "http (80/tcp)"
Synopsis : Debugging functions are enabled on the remote HTTP server. Description : The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections. It has been shown that servers supporting this method are subject to cross-site-scripting attacks, dubbed XST for "Cross-Site-Tracing", when used in conjunction with various weaknesses in browsers. An attacker may use this flaw to trick your legitimate web users to give him their credentials.Solution : Disable these methods. See also : http://www.kb.cert.org/vuls/id/867593
Risk factor : Low / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N) Plugin output :
Solution : Add the following lines for each virtual host in your configuration file : RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F]
CVE : CVE-2004-2320 BID : 9506, 9561, 11604
Security warning found on port/service "general/tcp"
81.187.167.53 resolves as 53.167.187.81.in-addr.arpa.Security warning found on port/service "https (443/tcp)"
Synopsis : The remote service encrypts traffic using a protocol with known weaknesses. Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients. See also : http://www.schneier.com/paper-ssl.pdfSolution : Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead.
Risk factor : Low / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
