Your Company Scan Results - April 2011

Reference:
YC 201135

Global PCI Status: FAILED

Westpoint Ltd has determined that Your Company is NOT COMPLIANT with the PCI scan validation requirement.

This report is provisional. In order to receive an Attestation of Scan Compliance, you must address any failing vulnerabilities and obtain a passing retest of the failing components. In addition you must ensure that you have addressed any issues listed in the 'PCI Finalisation' section of this report.


Reasons for PCI Failure
  • 12 Systems found to be non-compliant due to failing vulnerabilities.
  • 1 System had a mismatched hostname on its SSL certificate.

 21
 29
 16
 16
 22
 1
 4		High risk vulnerabilities found.
Medium risk vulnerabilities found.
Low risk vulnerabilities found.
SANS vulnerabilities found.
New vulnerabilities found.
Urgent vulnerabilities found.
Overdue vulnerabilities found. 		 9
 3
 0
 9
 12
 8
 1
 3		 Systems (45%) had high risk vulnerabilities.
Systems (15%) had medium risk vulnerabilities.
Systems (0%) had low risk vulnerabilities.
Systems (45%) had SANS vulnerabilities.
Systems (60%) failed PCI criteria.
Systems (40%) passed PCI criteria.
Systems (5%) had urgent vulnerabilities.
Systems (15%) had overdue vulnerabilities. 		Scan Type
Start Date
End Date
Report Generated
Expiry Date
Systems Scanned
New Systems 		Enterprise
13-Apr-11 11:54
16-Apr-11 16:32
08-Jun-11 11:09
15-Jul-11 16:32
20
2

Key Increase No change DecreaseHigh RiskMedium RiskLow RiskNo ServicesNo Ports/VulnsNot Subnet ScannedPCI Mapping

Filter Hosts: 

 

Systems

Download As CSV...
Download As PDF...
Host NameIP AddressCriticalReportPortsVulnerabilities 
www.your_company.nl   SANS    FAIL192.168.0.103View713 (7 New)
www.yourcompany.co.uk    FAIL192.168.0.100View59 (5 New)
www.example.com   SANS    FAIL192.168.0.112View311 (4 New)
dns0.example.com   SANS   OVERDUE    FAIL192.168.0.110View55 (1 New)
mail.example.com   SANS   URGENT    FAIL192.168.0.111View85
sql1.manc.yourcompany.com   SANS   OVERDUE    FAIL192.168.1.52View34
sql2.manc.yourcompany.com   SANS    FAIL192.168.1.53View24
www.yourcompany.com   NEW    FAIL192.168.0.101View122 (2 New)
www.your_company.fr   SANS    FAIL192.168.0.105View53 (3 New)
www.yourcompany.net   SANS    FAIL192.168.0.102View25
apollo.example.com   SANS   OVERDUE    FAIL192.168.0.81View33
www.yourcompany.com.my    FAIL192.168.0.106View22
www1.manc.yourcompany.com    PASS192.168.1.54View20
www2.manc.yourcompany.com    PASS192.168.1.55View20
mail1.manc.yourcompany.com    PASS192.168.1.50View10
mail2.manc.yourcompany.com    PASS192.168.1.51View10
192.168.0.104    PASS192.168.0.104View20
gopher.example.com    PASS192.168.0.93View00
192.168.100.9   NEW    PASS192.168.100.9 View10
laptop.yourcompany.com    PASS192.168.0.57 View00

All Vulnerabilities

FrequencyVulnerabilitySeverity 
6High Risk Ports Open    FAILHigh Risk
3SNMP Default Community Names   SANS    FAILHigh Risk
1Administration Interface with Weak Password   NEW    FAILHigh Risk
1Apache < 1.3.26 Chunked Encoding Vulnerability   SANS    FAILHigh Risk
1Authentication Bypass Through Cookie Manipulation   NEW    FAILHigh Risk
1BIND < 8.2.3 Buffer Overrun   SANS   OVERDUE    FAILHigh Risk
1IIS ASP.NET Application Trace Enabled   NEW    FAILHigh Risk
1IIS WebDAV Buffer Overrun    FAILHigh Risk
1MySQL Database Accessible Without Password   OVERDUE    FAILHigh Risk
1Possible Compromise   NEW    FAILHigh Risk
1Script Allows Arbitrary Command Execution   NEW    FAILHigh Risk
1Script Appears Vulnerable to SQL Injection   NEW    FAILHigh Risk
1Sendmail < 8.12.8 Buffer Overrun   SANS   URGENT    FAILHigh Risk
1Sensitive Information Leakage   NEW    FAILHigh Risk
3Globally Useable Name Server   SANS    FAILMedium Risk
2Apache < 1.3.27 Multiple Vulnerabilities    FAILMedium Risk
2Cross-Site Scripting    FAILMedium Risk
2MySQL < 3.23.56 Privilege Escalation   SANS    FAILMedium Risk
2MySQL < 3.23.58, 4.0.15 Password Overflow   SANS    FAILMedium Risk
2SSH Protocol Version 1 Enabled    FAILMedium Risk
1Apache mod_ssl < 2.8.10 off by one Vulnerability    PASSMedium Risk
1Apache < 1.3.31, 2.0.49 Multiple Vulnerabilities   SANS    FAILMedium Risk
1DNS Zone Transfer   OVERDUE    PASSMedium Risk
1IIS global.asa Accessible    FAILMedium Risk
1IIS .printer ISAPI Filter Enabled    FAILMedium Risk
1Lotus Domino Anonymous Database Access    FAILMedium Risk
1Lotus Domino < 5.0.9 Database Lock DoS    PASSMedium Risk
1MySQL < 3.23.55 Multiple Vulnerabilities   SANS    FAILMedium Risk
1OpenSSH < 3.6.1p2 PAM Timing Attack    FAILMedium Risk
1OpenSSL < 0.9.6m, 0.9.7d Multiple Vulnerabilities   SANS    FAILMedium Risk
1Script Allows Arbitrary Redirection   NEW    FAILMedium Risk
1Service Permits Unauthenticated Users to Send Arbitrary Emails   NEW    PASSMedium Risk
1SMTP Server Allows VRFY/EXPN    FAILMedium Risk
1SSL Certificate Problems   NEW    FAILMedium Risk
1Weak or Ineffective Authentication Mechanism   NEW    FAILMedium Risk
1XPath Injection   NEW    FAILMedium Risk
4Holes Detected in Firewall Configuration    PASSLow Risk
3TRACE and/or TRACK Methods Enabled    FAILLow Risk
2Apache < 1.3.29 Multiple Local Flaws    PASSLow Risk
2DNS Cache Snooping    FAILLow Risk
1Apache mod_userdir Information Leak    FAILLow Risk
1Microsoft Frontpage Extensions Installed    FAILLow Risk
1NTP Information Leakage   NEW    FAILLow Risk
1Private IP Address Leakage    PASSLow Risk
1Script Calling phpinfo() Detected   OVERDUE    FAILLow Risk

This report was generated by a PCI Approved Scanning Vendor, Westpoint Ltd., under certificate number 3974-01-05, within the guidelines of the PCI data security initiative.

A mapping between the Westpoint vulnerability severity levels and those of the PCI documentation is provided in the glossary.

Scans by Westpoint Ltd