Your Company Unfixed Vulnerabilities by Age - April 2010

Hosts with Unfixed Vulnerabilities
6 High4 Medium0 Low10 Total


Ordered by Host

Host NameIP AddressCriticalRegionReportPortsHighMediumLow
Number Longest  Number Longest Number Longest
sql2.manc.yourcompany.com   SANS192.168.1.53EMEA  View 21535  
www.example.com   SANS192.168.0.112Asia  View 3133335
www.your_company.nl   SANS192.168.0.103EMEA  View 72322211
mail.example.com   SANS   URGENT192.168.0.111Asia  View 8123211
sql1.manc.yourcompany.com   SANS   OVERDUE192.168.1.52EMEA  View 32222  
dns0.example.com   SANS   OVERDUE192.168.0.110Asia  View 53211  
www.yourcompany.co.uk192.168.0.100EMEA  View 5  1535
apollo.example.com   SANS   OVERDUE192.168.0.81  View 3  1525
www.yourcompany.net   SANS192.168.0.102US  View 2  3424
www.yourcompany.com.my192.168.0.106Asia  View 2  23  

Ordered by Vulnerability

VulnerabilitySeverity SystemsLongest
High Risk Ports OpenHigh Risk35
SNMP Default Community Names   SANSHigh Risk23
Apache < 1.3.26 Chunked Encoding Vulnerability   SANSHigh Risk13
Sendmail < 8.12.8 Buffer Overrun   SANS   URGENTHigh Risk12
IIS WebDAV Buffer OverrunHigh Risk11
BIND < 8.2.3 Buffer Overrun   SANS   OVERDUEHigh Risk11
MySQL Database Accessible Without Password   OVERDUEHigh Risk11
OpenSSL < 0.9.6m, 0.9.7d Multiple Vulnerabilities   SANSMedium Risk15
MySQL < 3.23.55 Multiple Vulnerabilities   SANSMedium Risk15
Apache < 1.3.27 Multiple VulnerabilitiesMedium Risk25
Cross-Site ScriptingMedium Risk14
MySQL < 3.23.56 Privilege Escalation   SANSMedium Risk24
SSH Protocol Version 1 EnabledMedium Risk23
Lotus Domino < 5.0.9 Database Lock DoSMedium Risk13
IIS .printer ISAPI Filter EnabledMedium Risk12
Apache < 1.3.31, 2.0.49 Multiple Vulnerabilities   SANSMedium Risk12
MySQL < 3.23.58, 4.0.15 Password Overflow   SANSMedium Risk22
Lotus Domino Anonymous Database AccessMedium Risk12
SMTP Server Allows VRFY/EXPNMedium Risk11
DNS Zone Transfer   OVERDUEMedium Risk11
Globally Useable Name Server   SANSMedium Risk11
OpenSSH < 3.6.1p2 PAM Timing AttackMedium Risk11
IIS global.asa AccessibleMedium Risk11
Apache mod_ssl < 2.8.10 off by one VulnerabilityMedium Risk11
Microsoft Frontpage Extensions InstalledLow Risk111
TRACE and/or TRACK Methods EnabledLow Risk35
Script Calling phpinfo() Detected   OVERDUELow Risk15
Apache < 1.3.29 Multiple Local FlawsLow Risk25
Holes Detected in Firewall ConfigurationLow Risk35
Apache mod_userdir Information LeakLow Risk14
DNS Cache SnoopingLow Risk11
Private IP Address LeakageLow Risk11

Ordered by Contact

Collapse Expand / Collapse All

Name  SystemsReportTotal
Vulns		HighMediumLowLongestMonths of
Exposure
cuthbert@yourcompany.comCollapse  2  Systems 8350523
sql1.manc.yourcompany.com   SANS   OVERDUE192.168.1.52View422 27
sql2.manc.yourcompany.com   SANS192.168.1.53View413 516
janebloggs@yourcompany.comCollapse  6  Systems 31713111178
dns0.example.com   SANS   OVERDUE192.168.0.110View431 25
www.your_company.nl   SANS192.168.0.103View62221119
www.example.com   SANS192.168.0.112View7133518
mail.example.com   SANS   URGENT192.168.0.111View513127
www.yourcompany.net   SANS192.168.0.102View5 32413
www.yourcompany.co.uk192.168.0.100View4 13516
joe.bloggs@technicians.comCollapse  4  Systems 19586544
dns0.example.com   SANS   OVERDUE192.168.0.110View431 25
www.example.com   SANS192.168.0.112View7133518
mail.example.com   SANS   URGENT192.168.0.111View513127
apollo.example.com   SANS   OVERDUE192.168.0.81View3 12514
johndoe@yoursecurity.co.ukCollapse  3  Systems 14176536
mail.example.com   SANS   URGENT192.168.0.111View513127
www.yourcompany.net   SANS192.168.0.102View5 32413
www.yourcompany.co.uk192.168.0.100View4 13516
manager@yourcompany.comCollapse  3  Systems 12453526
dns0.example.com   SANS   OVERDUE192.168.0.110View431 25
mail.example.com   SANS   URGENT192.168.0.111View513127
apollo.example.com   SANS   OVERDUE192.168.0.81View3 12514

Note: This report deals with unfixed vulnerabilities. A vulnerability is considered "unfixed for three scans" if it has appeared for four consecutive scans.

Scans by Westpoint Ltd