Your Company Unfixed Vulnerabilities by Age - April 2011

Reference:
YC 201135
Hosts with Unfixed Vulnerabilities
6 High4 Medium0 Low10 Total


Ordered by Host

Host NameIP AddressCriticalRegionReportPortsHighMedium
Number Longest  Number Longest
sql2.manc.yourcompany.com   SANS192.168.1.53EMEA  View 21535
www.example.com   SANS192.168.0.112Asia  View 31333
www.your_company.nl   SANS192.168.0.103EMEA  View 72322
mail.example.com   SANS   URGENT192.168.0.111Asia  View 81232
sql1.manc.yourcompany.com   SANS   OVERDUE192.168.1.52EMEA  View 32222
dns0.example.com   SANS   OVERDUE192.168.0.110Asia  View 53211
www.yourcompany.co.uk192.168.0.100EMEA  View 5  15
apollo.example.com   SANS   OVERDUE192.168.0.81  View 3  15
www.yourcompany.net   SANS192.168.0.102US  View 2  34
www.yourcompany.com.my192.168.0.106Asia  View 2  23

Ordered by Vulnerability

VulnerabilitySeverity SystemsLongest
High Risk Ports OpenHigh Risk35
Apache < 1.3.26 Chunked Encoding Vulnerability   SANSHigh Risk13
SNMP Default Community Names   SANSHigh Risk23
Sendmail < 8.12.8 Buffer Overrun   SANS   URGENTHigh Risk12
BIND < 8.2.3 Buffer Overrun   SANS   OVERDUEHigh Risk11
IIS WebDAV Buffer OverrunHigh Risk11
MySQL Database Accessible Without Password   OVERDUEHigh Risk11
Apache < 1.3.27 Multiple VulnerabilitiesMedium Risk25
MySQL < 3.23.55 Multiple Vulnerabilities   SANSMedium Risk15
OpenSSL < 0.9.6m, 0.9.7d Multiple Vulnerabilities   SANSMedium Risk15
Cross-Site ScriptingMedium Risk14
MySQL < 3.23.56 Privilege Escalation   SANSMedium Risk24
Lotus Domino < 5.0.9 Database Lock DoSMedium Risk13
SSH Protocol Version 1 EnabledMedium Risk23
Apache < 1.3.31, 2.0.49 Multiple Vulnerabilities   SANSMedium Risk12
IIS .printer ISAPI Filter EnabledMedium Risk12
Lotus Domino Anonymous Database AccessMedium Risk12
MySQL < 3.23.58, 4.0.15 Password Overflow   SANSMedium Risk22
Apache mod_ssl < 2.8.10 off by one VulnerabilityMedium Risk11
DNS Zone Transfer   OVERDUEMedium Risk11
Globally Useable Name Server   SANSMedium Risk11
IIS global.asa AccessibleMedium Risk11
OpenSSH < 3.6.1p2 PAM Timing AttackMedium Risk11
SMTP Server Allows VRFY/EXPNMedium Risk11

Ordered by Contact

Collapse Expand / Collapse All

Name  SystemsReportTotal
Vulns		HighMediumLongestMonths of
Exposure
cuthbert@yourcompany.comCollapse  2  Systems 835523
sql1.manc.yourcompany.com   SANS   OVERDUE192.168.1.52View42227
sql2.manc.yourcompany.com   SANS192.168.1.53View413516
janebloggs@yourcompany.comCollapse  6  Systems 20713540
dns0.example.com   SANS   OVERDUE192.168.0.110View43125
www.your_company.nl   SANS192.168.0.103View42237
mail.example.com   SANS   URGENT192.168.0.111View41326
www.example.com   SANS192.168.0.112View41339
www.yourcompany.net   SANS192.168.0.102View3 348
www.yourcompany.co.uk192.168.0.100View1 155
joe.bloggs@technicians.comCollapse  4  Systems 1358525
dns0.example.com   SANS   OVERDUE192.168.0.110View43125
mail.example.com   SANS   URGENT192.168.0.111View41326
www.example.com   SANS192.168.0.112View41339
apollo.example.com   SANS   OVERDUE192.168.0.81View1 155
johndoe@yoursecurity.co.ukCollapse  3  Systems 817519
mail.example.com   SANS   URGENT192.168.0.111View41326
www.yourcompany.net   SANS192.168.0.102View3 348
www.yourcompany.co.uk192.168.0.100View1 155
manager@yourcompany.comCollapse  3  Systems 945516
dns0.example.com   SANS   OVERDUE192.168.0.110View43125
mail.example.com   SANS   URGENT192.168.0.111View41326
apollo.example.com   SANS   OVERDUE192.168.0.81View1 155

Note: This report deals with unfixed vulnerabilities. A vulnerability is considered "unfixed for three scans" if it has appeared for four consecutive scans.

Scans by Westpoint Ltd