|
Ports: 2 (High:0 Low:2)
| Port | Protocol | Service | Details | ||
|---|---|---|---|---|---|
| 80 | tcp | http | Lotus-Domino/0 | ||
| 1723 | tcp | pptp | Closed Immediately with TCP FIN |
Ports Closed Since Last Month: 1 (High:0 Low:1)
| Port | Protocol | Service | Details | ||
|---|---|---|---|---|---|
| 80 | tcp | www | No banner found |
PCI Special Notes: 1
| PCI Special Note | PCI-3 | Presence of remote access software |
|---|---|---|
| Item Noted | Note to scan customer: Due to increased risk to the cardholder data environment when remote access software is present, please 1) justify the business need for this software to the ASV and 2) confirm it is either implemented securely per Appendix C or disabled/ removed. Please consult your ASV if you have questions about this Special Note. | |
| Customer Declaration | The customer has not made a declaration at this time. | |
| Action Taken | The customer has not specified any actions at this time. | |
| Previous Test | 13 Mar 2011 | This Note was Reported in the Previous Test with the Following Declarations |
| Customer Declaration | Your Company requires this remote access software for business-critical support personnel while they are away from the base office. | |
| Action Taken | None. | |
Vulnerabilities: 2 (High:0 Medium:2 Low:0)
| Vulnerability | 10629 | Lotus Domino Anonymous Database Access
|
Medium Risk |
|---|
| Description | This system is running Lotus Domino. Some databases are accessible without authentication: http://192.168.0.106/certlog.nsf
This usually represents a security risk as the information contained is accessible to anyone on the internet.
|
||||
|---|---|---|---|---|---|
| Solution | Reconfigure Domino to require authentication for these databases. | ||||
| CVE References | CVE-2002-0664 | CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P) Fail | |||
| CVE-2000-0021 | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:P/I:N/A:N) Fail | ||||
| First Found | 13 February 2011 | Port | 80/tcp | Last 6 Months | 
|
| Vulnerability | 11718 | Lotus Domino < 5.0.9 Database Lock DoS
|
Medium Risk |
|---|
| Description | This system is running a vulnerable version of Lotus Domino, according to its banner. There is a vulnerability in the code related to database locking. A remote attack could use this to lock out some databases, by requesting them through the web interface with a carefully crafted URL. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version, or apply a patch. | ||||
| CVE Reference | CVE-2001-0954 | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:N/I:N/A:P) Pass | |||
| First Found | 13 January 2011 | Port | 80/tcp | Last 6 Months |
|
Historical Information
