 ![New [Selected]](on-vulnew.gif)  |  |
| |
Vulnerability
| 90064 | Authentication Bypass Through Cookie Manipulation | 1 System | High Risk |
|---|
| Description | The remote webserver contains a CGI script or web application which uses cookies for authentication in such a way that login bypass is possible by modifying the cookie value. Example cookie values which allow a login are:[For specific url or description click server link below.] | ||||
|---|---|---|---|---|---|
| Solution | Recode your web application source code to use stronger authentication. | ||||
| Category | Application or content flaw. | ||||
| CVE Reference | CVE-MAP-NOMATCH | CVSS2 6.8 (Medium) (AV:N/AC:M/Au:N/C:P/I:P/A:N) | |||
| Systems | www.example.com (192.168.0.112)
|
|---|
|
Vulnerability
| 90027 | High Risk Ports Open | 1 System | High Risk |
|---|
| Description | The following high risk ports are open: [For specific url or description click server link below.] Note: Even if the ports are immediately closed after being opened, this is still a security risk as packets are reaching the destination host. It is recommended to completely drop packets from untrusted sources instead. | ||||
|---|---|---|---|---|---|
| Solution | Ensure that the ports are filtered by your router or firewall or close the ports on the affected systems. | ||||
| Category | Hosting or infrastructure flaw. | ||||
| CVE Reference | CVE-MAP-NOMATCH | CVSS2 6.4 (Medium) (AV:N/AC:L/Au:N/C:P/I:P/A:N) | |||
| Systems | www.yourcompany.com (192.168.0.101)
|
|---|
|
Vulnerability
| 90109 | Possible Compromise | 1 System | High Risk |
|---|
| Description | Suspicious content or behaviour from the remote host indicates that it may have been compromised by a virus or remote attacker.[For specific url or description click server link below.] | ||||
|---|---|---|---|---|---|
| Solution | Consider restoring the host from trusted media. | ||||
| Category | N/A | ||||
| CVE Reference | CVE-MAP-NOMATCH | CVSS2 10.0 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
| Systems | www.yourcompany.co.uk (192.168.0.100)
|
|---|
|
Vulnerability
| 90139 | Script Allows Arbitrary Command Execution | 1 System | High Risk |
|---|
| Description | One or more scripts on this host appear to execute commands which can be manipulated by remote users. This flaw may allow arbitrary commands to be executed with the same privileges as the web server. A remote attacker could exploit this flaw to compromise the system. Under some circumstances it may be possible for attacker to elevate the privileges gained though the exploitation of local system flaws. An example that demonstrates this is: [For specific url or description click server link below.] | ||||
|---|---|---|---|---|---|
| Solution | Recode the web application to ensure that unsanitised user supplied input is never included in executable statements. | ||||
| Category | Application or content flaw. | ||||
| CVE Reference | CVE-MAP-NOMATCH | CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
| Systems | www.yourcompany.co.uk (192.168.0.100)
|
|---|
|
Vulnerability
| 11139 | Script Appears Vulnerable to SQL Injection | 1 System | High Risk |
|---|
| Description | One or more scripts on this host appear vulnerable to an SQL injection attack. By requesting the page with parameters containing particular SQL commands, it is possible to force a database level error or otherwise demonstrate that the database is executing user supplied code. This implies that the parameter is being passed to the database without proper input validation. A maliciously crafted parameter could modify the contents of the database, damage it, extract hidden information, allow an attacker to login without a password or allow execution of arbitrary system commands, depending on the type of database. The issue can be demonstrated as follows: [For specific url or description click server link below.] This is simply an example that illustrates the problem, you should fix the underlying injection issue rather than attempting to prevent this exploit from working. Note: Users of Microsoft Internet Explorer may need to disable the 'Show Friendly HTTP Error Messages' option in the Advanced tab of the options dialog in order to see the example properly. | ||||
|---|---|---|---|---|---|
| Solution | Use bound parameters (also known as parameterised commands) and improve input validation in the web application source code. | ||||
| Category | Application or content flaw. | ||||
| References | SQL Injection: Modes of Attack, Defence, and Why It Matters OWASP Top Ten - Injection Flaws Security Considerations for SQL Server: SQL Injection | ||||
| CVE Reference | CVE-MAP-NOMATCH | CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
| Systems | www.yourcompany.co.uk (192.168.0.100)
|
|---|
|
Vulnerability
| 90085 | Sensitive Information Leakage | 1 System | High Risk |
|---|
| Description | This host is leaking information that may be commercially sensitive or help an attacker craft an attack. An example of the information leaked can be found below: [For specific url or description click server link below.] | ||||
|---|---|---|---|---|---|
| Solution | Use a firewall to restrict access to this service. | ||||
| Category | Application or content flaw. | ||||
| CVE Reference | CVE-MAP-NOMATCH | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
| Systems | www.example.com (192.168.0.112)
|
|---|
|
Vulnerability
| 90068 | SSL Certificate Problems | 1 System | Medium Risk |
|---|
| Description | The remote host has presented a certificate that does not meet the requirements for establishing a secure session. The problems detected were: [For specific url or description click server link below.] | ||||
|---|---|---|---|---|---|
| Solution | Ensure you have a valid certificate issued by a trusted certificate authority. | ||||
| Category | Hosting or infrastructure flaw. | ||||
| References | Microsoft KB245030 Apache SSL/TLS Strong Encryption: How-To Microsoft KB187498 | ||||
| CVE Reference | CVE-MAP-NOMATCH | CVSS2 2.6 (Low) (AV:N/AC:H/Au:N/C:P/I:N/A:N) | |||
| Systems | www.example.com (192.168.0.112)
|
|---|
|
Vulnerability
| 90072 | Script Allows Arbitrary Redirection | 1 System | Medium Risk |
|---|
| Description | It is possible to craft a URL which appears to be located on this site, but will redirect users to an arbitrary location. This site could then pose as the legitimate site and prompt users to provide sensitive information. It could also contain any other type of malicious content. The following is an example of a URL which will redirect you to another site:[For specific url or description click server link below.] | ||||
|---|---|---|---|---|---|
| Solution | Recode scripts to allow redirections only to specific locations, for example limit redirections to your own domain. | ||||
| Category | Application or content flaw. | ||||
| References | OWASP Guide: Phishing Phishing: Understanding and Preventing Phishing Attacks Anti-Phishing Technology | ||||
| CVE Reference | CVE-MAP-NOMATCH | CVSS2 4.3 (Medium) (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
| Systems | www.yourcompany.co.uk (192.168.0.100)
|
|---|
|
Vulnerability
| 90111 | Service Permits Unauthenticated Users to Send Arbitrary Emails | 1 System | Medium Risk |
|---|
| Description | A service on the remote host appears to allow unauthenticated users to send emails containing arbitrary content. This service might be exploited by a remote attacker to conceal their identity whilst performing activities such as spamming, phishing and fraud. The issue can be demonstrated as follows: [For specific url or description click server link below.] Note:This vulnerability may be a false positive as we do not attempt to send arbitrary messages in order to avoid the possibility of crashing the service. | ||||
|---|---|---|---|---|---|
| Solution | Restrict the service to authenticated users, restrict the allowed recipient email addresses or prevent users from controlling the email's content. Implementing a captcha mechanism could help prevent the attacker from automating their activities. | ||||
| Category | Application or content flaw. | ||||
| CVE Reference | CVE-MAP-NOMATCH | CVSS2 .0 (Low) (AV:N/AC:L/Au:N/C:N/I:N/A:N) | |||
| Systems | www.yourcompany.co.uk (192.168.0.100)
|
|---|
|
Vulnerability
| 90091 | XPath Injection | 1 System | Medium Risk |
|---|
| Description | One or more scripts on this host appear vulnerable to XPath injection attacks. By requesting a page with parameters containing particular XPath elements, it is possible to force an XPath error or otherwise demonstrate that the user supplied code is being interpreted as XPath statements. This implies that a parameter is being passed to an XPath interpreter without proper input validation. A maliciously crafted parameter might be able to extract hidden information, bypass login requirements or even perform code execution depending on the XPath parser used. The issue can be demonstrated as follows: [For specific url or description click server link below.] This is simply an example that illustrates the problem, you should fix the underlying injection issue rather than attempting to prevent this exploit from working. | ||||
|---|---|---|---|---|---|
| Solution | Perform input validation within the web application and utilise query parameterisation where supported by the XPath parser. | ||||
| Category | Application or content flaw. | ||||
| References | XPath Injection - Threat Classification | ||||
| CVE Reference | CVE-MAP-NOMATCH | CVSS2 6.8 (Medium) (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
| Systems | www.example.com (192.168.0.112)
|
|---|
|
Vulnerability
| 90001 | Holes Detected in Firewall Configuration | 1 System | Low Risk |
|---|
| Description | This system is protected by a firewall which blocks access to TCP ports in inconsistent ways. Incoming TCP connections to most ports are simply dropped, however some ports were discovered where the connection is actively refused, for example with a TCP RST. This often indicates a firewall configuration error, and commonly occurs when the configuration has not been altered in line with changing system configuration behind the firewall. For example when a service such as a mail server is removed, but the corresponding firewall rule is not. The TCP ports which actively refuse connections are: [For specific url or description click server link below.] | ||||
|---|---|---|---|---|---|
| Solution | Reconfigure your firewall to completely drop all connections on ports that you are not running services on. | ||||
| Category | Hosting or infrastructure flaw. | ||||
| References | Firewalls FAQ | ||||
| CVE Reference | CVE-MAP-NOMATCH | CVSS2 2.6 (Low) (AV:N/AC:H/Au:N/C:P/I:N/A:N) | |||
| Systems | dns0.example.com (192.168.0.110)
|
|---|
|
Vulnerability
| 10884 | NTP Information Leakage | 1 System | Low Risk |
|---|
| Description | This system is running an NTP server that responds to information requests. A remote attacker could use this to extract information about the system, e.g. operating system, upstream NTP server and detailed clock information. | ||||
|---|---|---|---|---|---|
| Solution | Configure ntpd to ignore information requests. Alternatively, use a firewall to restrict NTP to trusted addresses. | ||||
| Category | Hosting or infrastructure flaw. | ||||
| CVE Reference | CVE-MAP-NOMATCH | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
| Systems | www.yourcompany.com (192.168.0.101)
|
|---|