Diferència entre revisions de la pàgina «ASIX/M17/UF2/PT1»

De Lordwektabyte Wiki
Salta a la navegació Salta a la cerca
(Es crea la pàgina amb «<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UT...».)
 
m (Guillem ha mogut M17/UF2/PT1 a ASIX/M17/UF2/PT1 sense deixar una redirecció: Crear subnivell ASIX)
 
(Hi ha 4 revisions intermèdies del mateix usuari que no es mostren)
Línia 1: Línia 1:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+
<source>
<html>
+
I Summary
<head>
+
=========
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 
<style>
 
body {
 
  background-color: #FFFFFF;
 
  margin: 0px;
 
  font: small Verdana, sans-serif;
 
  font-size: 12px;
 
  color: #1A1A1A;
 
}
 
  
div.content {
+
This document reports on the results of an automatic security scan.
  width: 98%;
+
The report first summarises the results found.
  align: center;
+
Then, for each host, the report describes every issue found.
  margin-left: auto;
+
Please consider the advice given in each description, in order to rectify
  margin-right: auto;
+
the issue.
}
 
  
tr.table_head {
+
All dates are displayed using the timezone "Coordinated Universal Time",
  background-color: #d5d5d5;
+
which is abbreviated "UTC".
}
 
  
.diff {
+
Vendor security updates are not trusted.
  white-space: pre;
 
  font-family: monospace;
 
}
 
  
.diff.at {
+
Overrides are on. When a result has an override, this report uses the
  color: #9932CC;
+
threat of the override.
}
 
  
.diff.plus {
+
Notes are included in the report.Information on overrides is included in the report.
  color: #006400;
 
}
 
  
.diff.minus {
+
This report might not show details of all issues that were found.
  color: #B22222;
+
It only lists hosts that produced issues.
}
+
Issues with the threat level "Log" are not shown.
 +
Issues with the threat level "Debug" are not shown.
 +
Issues with the threat level "False Positive" are not shown.
 +
Only results with a minimum QoD of 70 are shown.
  
div.footer {
+
This report contains all 5 results selected by the
  text-align: center;
+
filtering described above.  Before filtering there were 155 results.
}
 
  
div.note, div.override {
+
Scan started: Fri Mar 1 14:54:15 2019 UTC
  padding:4px;
+
Scan endedFri Mar 1 15:41:58 2019 UTC
  margin:3px;
+
Task:         Nose OVA
  margin-bottom:0px;
 
  margin-top:0px;
 
   border: 1px solid #CCCCCC;
 
  border-top: 0px;
 
  background-color: #ffff90;
 
}
 
  
.result_head {
+
Host Summary
  padding:4px;
+
************
  margin:3px;
 
  margin-bottom:0px;
 
  color: #FFFFFF;
 
  border: 1px solid #CCCCCC;
 
  border-bottom: 0px;
 
  background:#d5d5d5;
 
}
 
  
.result_head.low {
+
Host            High  Medium  Low  Log  False Positive
  background:#539dcb
+
10.17.3.6          0      3    2    0              0
}
+
Total: 1          0      3    2    0              0
  
.result_head.medium {
 
  background:#f99f31
 
}
 
  
.result_head.high {
+
II Results per Host
  background:#cb1d17
+
===================
}
 
  
.result_section {
+
Host 10.17.3.6
  padding:4px;
+
**************
  margin:3px;
 
  margin-bottom:0px;
 
  margin-top:0px;
 
  border: 1px solid #CCCCCC;
 
  border-top: 0px;
 
}
 
  
.location_float {
+
Scanning of this host started at: Fri Mar 1 15:21:42 2019 UTC
  float: right;
+
Number of results: 5
  text-align:right;
 
}
 
  
.delta_float {
+
Port Summary for Host 10.17.3.6
  float: left;
+
-------------------------------
  font-size: 24px;
 
  border: 2px;
 
  padding-left: 2px;
 
  padding-right: 8px;
 
  margin:0px;
 
}
 
  
.full_width {
+
Service (Port)          Threat Level
  width: 100%;
+
22/tcp                  Medium
}
+
general/tcp            Low
 +
80/tcp                  Medium
  
pre {
+
Security Issues for Host 10.17.3.6
white-space: pre-wrap;
+
----------------------------------
word-wrap: break-word;
 
}
 
        </style>
 
<title>Scan Report</title>
 
</head>
 
<body><div class="content">
 
<h1>Summary</h1>
 
<p>
 
          This document reports on the results of an automatic security scan.
 
          The report first summarises the results found.  Then, for each host,
 
          the report describes every issue found.  Please consider the
 
          advice given in each description, in order to rectify the issue.
 
        </p>
 
<p>
 
              Vendor security updates are not trusted.
 
            </p>
 
<p>
 
              Overrides are on.  When a result has an override, this report uses the threat of the override.
 
            </p>
 
<p>
 
              Information on overrides is included in the report.
 
            </p>
 
<p>
 
              Notes are included in the report.
 
            </p>
 
<p>
 
      This report might not show details of all issues that were found.
 
     
 
        It only lists hosts that produced issues.
 
     
 
        Issues with the threat level "Log" are not shown.
 
     
 
        Issues with the threat level "Debug" are not shown.
 
     
 
        Issues with the threat level "False Positive" are not shown.
 
      Only results with a minimum QoD of 70 are shown. </p>
 
<p>This report contains all 5 results selected by the filtering described above.  Before filtering there were 155 results.</p>
 
<p>All dates are displayed using the timezone "Coordinated Universal Time", which is abbreviated "UTC".</p>
 
<table>
 
<tr>
 
<td>Scan started:</td>
 
<td><b>Fri Mar 1 14:54:15 2019 UTC</b></td>
 
</tr>
 
<tr>
 
<td>Scan ended:</td>
 
<td>Fri Mar 1 15:41:58 2019 UTC</td>
 
</tr>
 
<tr>
 
<td>Task:</td>
 
<td>Nose OVA</td>
 
</tr>
 
</table>
 
<h2>Host Summary</h2>
 
<table width="100%">
 
<tr class="table_head">
 
<td>Host</td>
 
<td>Start</td>
 
<td>End</td>
 
<td>High</td>
 
<td>Medium</td>
 
<td>Low</td>
 
<td>Log</td>
 
<td>False Positive</td>
 
</tr>
 
<tr>
 
<td><a href="#10.17.3.6">10.17.3.6</a></td>
 
<td>Mar 1, 15:21:42</td>
 
<td>Mar 1, 15:41:58</td>
 
<td>0</td>
 
<td>3</td>
 
<td>2</td>
 
<td>0</td>
 
<td>0</td>
 
</tr>
 
<tr>
 
<td>Total: 1</td>
 
<td></td>
 
<td></td>
 
<td>0</td>
 
<td>3</td>
 
<td>2</td>
 
<td>0</td>
 
<td>0</td>
 
</tr>
 
</table>
 
<h1>Results per Host</h1>
 
<h2 id="10.17.3.6">Host 10.17.3.6</h2>
 
<table>
 
<tr>
 
<td>Scanning of this host started at:</td>
 
<td>Fri Mar 1 15:21:42 2019 UTC</td>
 
</tr>
 
<tr>
 
<td>Number of results:</td>
 
<td>5</td>
 
</tr>
 
</table>
 
<h3>Port Summary for Host 10.17.3.6</h3>
 
<table width="100%">
 
<tr class="table_head">
 
<td>Service (Port)</td>
 
<td>Threat Level</td>
 
</tr>
 
<tr>
 
<td>general/tcp</td>
 
<td>Low</td>
 
</tr>
 
<tr>
 
<td>80/tcp</td>
 
<td>Medium</td>
 
</tr>
 
<tr>
 
<td>22/tcp</td>
 
<td>Medium</td>
 
</tr>
 
</table>
 
<h3>Security Issues for Host 10.17.3.6</h3>
 
<div class="result_head medium">
 
<div class="location_float">80/tcp</div>
 
<b>Medium</b>
 
                    (CVSS: 5.8)
 
                  <div class="full_width">
 
            NVT:
 
            HTTP Debugging Methods (TRACE/TRACK) Enabled
 
            (OID: 1.3.6.1.4.1.25623.1.0.11213)
 
          </div>
 
</div>
 
<div class="result_section">
 
<b>Summary</b><p>Debugging functions are enabled on the remote web server.</p>
 
<p>  The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK
 
  are HTTP methods which are used to debug web server connections.</p>
 
</div>
 
<div class="result_section">
 
<b>Vulnerability Detection Result</b><pre>The web server has the following HTTP methods enabled: TRACE</pre>
 
</div>
 
<div class="result_section">
 
<b>Impact</b><p>An attacker may use this flaw to trick your legitimate web users to give
 
  him their credentials.</p>
 
</div>
 
<div class="result_section">
 
<b>Solution</b><p><b>Solution type: </b>Mitigation</p>
 
<p>Disable the TRACE and TRACK methods in your web server configuration.</p>
 
<p>  Please see the manual of your web server or the references for more information.</p>
 
</div>
 
<div class="result_section">
 
<b>Affected Software/OS</b><p>Web servers with enabled TRACE and/or TRACK methods.</p>
 
</div>
 
<div class="result_section">
 
<b>Vulnerability Insight</b><p>It has been shown that web servers supporting this methods are
 
  subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in
 
  conjunction with various weaknesses in browsers.</p>
 
</div>
 
<div class="result_section">
 
<b>Vulnerability Detection Method</b><p>
 
            Details:
 
            HTTP Debugging Methods (TRACE/TRACK) Enabled
 
                (OID: 1.3.6.1.4.1.25623.1.0.11213)
 
              </p>
 
<p>
 
                  Version used: $Revision: 10828 $</p>
 
</div>
 
<div class="result_section">
 
<b>References</b><br><p><table>
 
<tr valign="top">
 
<td>CVE:</td>
 
<td>CVE-2003-1567, CVE-2004-2320, CVE-2004-2763, CVE-2005-3398, CVE-2006-4683, CVE-2007-3008, CVE-2008-7253, CVE-2009-2823, CVE-2010-0386, CVE-2012-2223, CVE-2014-7883</td>
 
</tr>
 
<tr valign="top">
 
<td>BID:</td>
 
<td>9506,  9561,  11604,  15222,  19915,  24456,  33374,  36956,  36990,  37995</td>
 
</tr>
 
<tr valign="top">
 
<td>CERT:</td>
 
<td>CB-K14/0981, DFN-CERT-2014-1018, DFN-CERT-2010-0020</td>
 
</tr>
 
<tr valign="top">
 
<td>Other:</td>
 
<td>http://www.kb.cert.org/vuls/id/288308</td>
 
</tr>
 
<tr valign="top">
 
<td></td>
 
<td>http://www.kb.cert.org/vuls/id/867593</td>
 
</tr>
 
<tr valign="top">
 
<td></td>
 
<td>http://httpd.apache.org/docs/current/de/mod/core.html#traceenable</td>
 
</tr>
 
<tr valign="top">
 
<td></td>
 
<td>https://www.owasp.org/index.php/Cross_Site_Tracing</td>
 
</tr>
 
</table></p>
 
</div>
 
<div class="result_head medium">
 
<div class="location_float">80/tcp</div>
 
<b>Medium</b>
 
                    (CVSS: 5.0)
 
                  <div class="full_width">
 
            NVT:
 
            Linux Home Folder Accessible
 
            (OID: 1.3.6.1.4.1.25623.1.0.111108)
 
          </div>
 
</div>
 
<div class="result_section">
 
<b>Summary</b><p>The script attempts to identify files of a linux home folder accessible
 
  at the webserver.</p>
 
</div>
 
<div class="result_section">
 
<b>Vulnerability Detection Result</b><pre>The following files were identified:
 
  
http://10.17.3.6/.bash_history</pre>
+
Issue
</div>
+
-----
<div class="result_section">
+
NVT:    HTTP Debugging Methods (TRACE/TRACK) Enabled
<b>Impact</b><p>Based on the information provided in this files an attacker might
+
OID:   1.3.6.1.4.1.25623.1.0.11213
  be able to gather additional info.</p>
+
Threat: Medium (CVSS: 5.8)
</div>
+
Port:   80/tcp
<div class="result_section">
 
<b>Solution</b><p><b>Solution type: </b>Mitigation</p>
 
<p>A users home folder shouldn't be accessible via a webserver. Restrict access to it or remove it completely.</p>
 
</div>
 
<div class="result_section">
 
<b>Vulnerability Insight</b><p>Currently the script is checking for the following files:</p>
 
<p>  - /.ssh/authorized_keys</p>
 
<p>  - /.ssh/known_hosts</p>
 
<p>  - /.ssh/identity</p>
 
<p>  - /.ssh/id_rsa</p>
 
<p>  - /.ssh/id_rsa.pub</p>
 
<p>  - /.ssh/id_dsa</p>
 
<p>  - /.ssh/id_dsa.pub</p>
 
<p>  - /.ssh/id_dss</p>
 
<p>  - /.ssh/id_dss.pub</p>
 
<p>  - /.ssh/id_ecdsa</p>
 
<p>  - /.ssh/id_ecdsa.pub</p>
 
<p>  - /.ssh/id_ed25519</p>
 
<p>  - /.ssh/id_ed25519.pub</p>
 
<p>  - /.mysql_history</p>
 
<p>  - /.sqlite_history</p>
 
<p>  - /.psql_history</p>
 
<p>  - /.sh_history</p>
 
<p>  - /.bash_history</p>
 
<p>  - /.profile</p>
 
<p>  - /.bashrc</p>
 
</div>
 
<div class="result_section">
 
<b>Vulnerability Detection Method</b><p>Check the response if files from a home folder are accessible.</p>
 
<p>
 
            Details:
 
            Linux Home Folder Accessible
 
                (OID: 1.3.6.1.4.1.25623.1.0.111108)
 
              </p>
 
<p>
 
                  Version used: $Revision: 10157 $</p>
 
</div>
 
<div class="result_head medium">
 
<div class="location_float">22/tcp</div>
 
<b>Medium</b>
 
                    (CVSS: 4.3)
 
                  <div class="full_width">
 
            NVT:
 
            SSH Weak Encryption Algorithms Supported
 
            (OID: 1.3.6.1.4.1.25623.1.0.105611)
 
          </div>
 
</div>
 
<div class="result_section">
 
<b>Summary</b><p>The remote SSH server is configured to allow weak encryption algorithms.</p>
 
</div>
 
<div class="result_section">
 
<b>Vulnerability Detection Result</b><pre>The following weak client-to-server encryption algorithms are supported by the remote service:
 
  
 +
Summary:
 +
Debugging functions are enabled on the remote web server.
 +
  The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK
 +
  are HTTP methods which are used to debug web server connections.
 +
 +
Vulnerability Detection Result:
 +
The web server has the following HTTP methods enabled: TRACE
 +
 +
Impact:
 +
An attacker may use this flaw to trick your legitimate web users to give
 +
  him their credentials.
 +
 +
Solution:
 +
Solution type: Mitigation
 +
Disable the TRACE and TRACK methods in your web server configuration.
 +
  Please see the manual of your web server or the references for more informatio!
 +
n.
 +
 +
Affected Software/OS:
 +
Web servers with enabled TRACE and/or TRACK methods.
 +
 +
Vulnerability Insight:
 +
It has been shown that web servers supporting this methods are
 +
  subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, wh!
 +
en used in
 +
  conjunction with various weaknesses in browsers.
 +
 +
Vulnerability Detection Method:
 +
Details:
 +
HTTP Debugging Methods (TRACE/TRACK) Enabled
 +
(OID: 1.3.6.1.4.1.25623.1.0.11213)
 +
Version used: $Revision: 10828 $
 +
 +
References:
 +
CVE: CVE-2003-1567, CVE-2004-2320, CVE-2004-2763, CVE-2005-3398, CVE-2006-4683, CVE-2007-3008, CVE-2008-7253, CVE-2009-2823, CVE-2010-0386, CVE-2012-2223, CVE-2014-7883
 +
BID: 9506,  9561,  11604,  15222,  19915,  24456,  33374,  36956,  36990,  37995
 +
CERT: CB-K14/0981
 +
, DFN-CERT-2014-1018
 +
, DFN-CERT-2010-0020
 +
 +
Other:
 +
    http://www.kb.cert.org/vuls/id/288308
 +
    http://www.kb.cert.org/vuls/id/867593
 +
    http://httpd.apache.org/docs/current/de/mod/core.html#traceenable
 +
    https://www.owasp.org/index.php/Cross_Site_Tracing
 +
 +
 +
Issue
 +
-----
 +
NVT:    Linux Home Folder Accessible
 +
OID:    1.3.6.1.4.1.25623.1.0.111108
 +
Threat: Medium (CVSS: 5.0)
 +
Port:  80/tcp
 +
 +
Summary:
 +
The script attempts to identify files of a linux home folder accessible
 +
  at the webserver.
 +
 +
Vulnerability Detection Result:
 +
The following files were identified:
 +
http://10.17.3.6/.bash_history
 +
 +
Impact:
 +
Based on the information provided in this files an attacker might
 +
  be able to gather additional info.
 +
 +
Solution:
 +
Solution type: Mitigation
 +
A users home folder shouldn't be accessible via a webserver. Restrict access to !
 +
it or remove it completely.
 +
 +
Vulnerability Insight:
 +
Currently the script is checking for the following files:
 +
  - /.ssh/authorized_keys
 +
  - /.ssh/known_hosts
 +
  - /.ssh/identity
 +
  - /.ssh/id_rsa
 +
  - /.ssh/id_rsa.pub
 +
  - /.ssh/id_dsa
 +
  - /.ssh/id_dsa.pub
 +
  - /.ssh/id_dss
 +
  - /.ssh/id_dss.pub
 +
  - /.ssh/id_ecdsa
 +
  - /.ssh/id_ecdsa.pub
 +
  - /.ssh/id_ed25519
 +
  - /.ssh/id_ed25519.pub
 +
  - /.mysql_history
 +
  - /.sqlite_history
 +
  - /.psql_history
 +
  - /.sh_history
 +
  - /.bash_history
 +
  - /.profile
 +
  - /.bashrc
 +
 +
Vulnerability Detection Method:
 +
Check the response if files from a home folder are accessible.
 +
Details:
 +
Linux Home Folder Accessible
 +
(OID: 1.3.6.1.4.1.25623.1.0.111108)
 +
Version used: $Revision: 10157 $
 +
 +
 +
Issue
 +
-----
 +
NVT:    SSH Weak Encryption Algorithms Supported
 +
OID:    1.3.6.1.4.1.25623.1.0.105611
 +
Threat: Medium (CVSS: 4.3)
 +
Port:  22/tcp
 +
 +
Summary:
 +
The remote SSH server is configured to allow weak encryption algorithms.
 +
 +
Vulnerability Detection Result:
 +
The following weak client-to-server encryption algorithms are supported by the r!
 +
emote service:
 
3des-cbc
 
3des-cbc
 
aes128-cbc
 
aes128-cbc
Línia 384: Línia 193:
 
cast128-cbc
 
cast128-cbc
 
rijndael-cbc@lysator.liu.se
 
rijndael-cbc@lysator.liu.se
 
+
The following weak server-to-client encryption algorithms are supported by the r!
 
+
emote service:
The following weak server-to-client encryption algorithms are supported by the remote service:
 
 
 
 
3des-cbc
 
3des-cbc
 
aes128-cbc
 
aes128-cbc
Línia 397: Línia 204:
 
blowfish-cbc
 
blowfish-cbc
 
cast128-cbc
 
cast128-cbc
rijndael-cbc@lysator.liu.se</pre>
+
rijndael-cbc@lysator.liu.se
</div>
+
 
<div class="result_section">
+
Solution:
<b>Solution</b><p><b>Solution type: </b>Mitigation</p>
+
Solution type: Mitigation
<p>Disable the weak encryption algorithms.</p>
+
Disable the weak encryption algorithms.
</div>
+
 
<div class="result_section">
+
Vulnerability Insight:
<b>Vulnerability Insight</b><p>The `arcfour` cipher is the Arcfour stream cipher with 128-bit keys.
+
The `arcfour` cipher is the Arcfour stream cipher with 128-bit keys.
   The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]. Arcfour (and RC4) has problems
+
   The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]!
   with weak keys, and should not be used anymore.</p>
+
. Arcfour (and RC4) has problems
<p>  The `none` algorithm specifies that no encryption is to be done.
+
   with weak keys, and should not be used anymore.
 +
  The `none` algorithm specifies that no encryption is to be done.
 
   Note that this method provides no confidentiality protection, and it
 
   Note that this method provides no confidentiality protection, and it
   is NOT RECOMMENDED to use it.</p>
+
   is NOT RECOMMENDED to use it.
<p>  A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext.</p>
+
  A vulnerability exists in SSH messages that employ CBC mode that may allow an !
</div>
+
attacker to recover plaintext from a block of ciphertext.
<div class="result_section">
 
<b>Vulnerability Detection Method</b><p>Check if remote ssh service supports Arcfour, none or CBC ciphers.</p>
 
<p>
 
            Details:
 
            SSH Weak Encryption Algorithms Supported
 
                (OID: 1.3.6.1.4.1.25623.1.0.105611)
 
              </p>
 
<p>
 
                  Version used: $Revision: 13581 $</p>
 
</div>
 
<div class="result_section">
 
<b>References</b><br><p><table>
 
<tr valign="top">
 
<td>Other:</td>
 
<td>https://tools.ietf.org/html/rfc4253#section-6.3</td>
 
</tr>
 
<tr valign="top">
 
<td></td>
 
<td>https://www.kb.cert.org/vuls/id/958563</td>
 
</tr>
 
</table></p>
 
</div>
 
<div class="result_head low">
 
<div class="location_float">22/tcp</div>
 
<b>Low</b>
 
                    (CVSS: 2.6)
 
                  <div class="full_width">
 
            NVT:
 
            SSH Weak MAC Algorithms Supported
 
            (OID: 1.3.6.1.4.1.25623.1.0.105610)
 
          </div>
 
</div>
 
<div class="result_section">
 
<b>Summary</b><p>The remote SSH server is configured to allow weak MD5 and/or 96-bit MAC algorithms.</p>
 
</div>
 
<div class="result_section">
 
<b>Vulnerability Detection Result</b><pre>The following weak client-to-server MAC algorithms are supported by the remote service:
 
  
 +
Vulnerability Detection Method:
 +
Check if remote ssh service supports Arcfour, none or CBC ciphers.
 +
Details:
 +
SSH Weak Encryption Algorithms Supported
 +
(OID: 1.3.6.1.4.1.25623.1.0.105611)
 +
Version used: $Revision: 13581 $
 +
 +
References:
 +
Other:
 +
    https://tools.ietf.org/html/rfc4253#section-6.3
 +
    https://www.kb.cert.org/vuls/id/958563
 +
 +
 +
Issue
 +
-----
 +
NVT:    SSH Weak MAC Algorithms Supported
 +
OID:    1.3.6.1.4.1.25623.1.0.105610
 +
Threat: Low (CVSS: 2.6)
 +
Port:  22/tcp
 +
 +
Summary:
 +
The remote SSH server is configured to allow weak MD5 and/or 96-bit MAC algorith!
 +
ms.
 +
 +
Vulnerability Detection Result:
 +
The following weak client-to-server MAC algorithms are supported by the remote s!
 +
ervice:
 +
hmac-md5
 +
hmac-md5-96
 +
hmac-sha1-96
 +
The following weak server-to-client MAC algorithms are supported by the remote s!
 +
ervice:
 
hmac-md5
 
hmac-md5
 
hmac-md5-96
 
hmac-md5-96
 
hmac-sha1-96
 
hmac-sha1-96
 +
 +
Solution:
 +
Solution type: Mitigation
 +
Disable the weak MAC algorithms.
 +
 +
Vulnerability Detection Method:
 +
Details:
 +
SSH Weak MAC Algorithms Supported
 +
(OID: 1.3.6.1.4.1.25623.1.0.105610)
 +
Version used: $Revision: 13581 $
  
  
The following weak server-to-client MAC algorithms are supported by the remote service:
+
Issue
 +
-----
 +
NVT:    TCP timestamps
 +
OID:    1.3.6.1.4.1.25623.1.0.80091
 +
Threat: Low (CVSS: 2.6)
 +
Port:   general/tcp
  
hmac-md5
+
Summary:
hmac-md5-96
+
The remote host implements TCP timestamps and therefore allows to compute
hmac-sha1-96</pre>
+
   the uptime.
</div>
 
<div class="result_section">
 
<b>Solution</b><p><b>Solution type: </b>Mitigation</p>
 
<p>Disable the weak MAC algorithms.</p>
 
</div>
 
<div class="result_section">
 
<b>Vulnerability Detection Method</b><p>
 
            Details:
 
            SSH Weak MAC Algorithms Supported
 
                (OID: 1.3.6.1.4.1.25623.1.0.105610)
 
              </p>
 
<p>
 
                  Version used: $Revision: 13581 $</p>
 
</div>
 
<div class="result_head low">
 
<div class="location_float">general/tcp</div>
 
<b>Low</b>
 
                    (CVSS: 2.6)
 
                  <div class="full_width">
 
            NVT:
 
            TCP timestamps
 
            (OID: 1.3.6.1.4.1.25623.1.0.80091)
 
          </div>
 
</div>
 
<div class="result_section">
 
<b>Summary</b><p>The remote host implements TCP timestamps and therefore allows to compute
 
   the uptime.</p>
 
</div>
 
<div class="result_section">
 
<b>Vulnerability Detection Result</b><pre>It was detected that the host implements RFC1323.
 
  
 +
Vulnerability Detection Result:
 +
It was detected that the host implements RFC1323.
 
The following timestamps were retrieved with a delay of 1 seconds in-between:
 
The following timestamps were retrieved with a delay of 1 seconds in-between:
 
Packet 1: 3183497
 
Packet 1: 3183497
Packet 2: 3185039</pre>
+
Packet 2: 3185039
</div>
+
 
<div class="result_section">
+
Impact:
<b>Impact</b><p>A side effect of this feature is that the uptime of the remote
+
A side effect of this feature is that the uptime of the remote
   host can sometimes be computed.</p>
+
   host can sometimes be computed.
</div>
+
 
<div class="result_section">
+
Solution:
<b>Solution</b><p><b>Solution type: </b>Mitigation</p>
+
Solution type: Mitigation
<p>To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
+
To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
   /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.</p>
+
   /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
<p>  To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'</p>
+
  To disable TCP timestamps on Windows execute 'netsh int tcp set global timesta!
<p>  Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.</p>
+
mps=disabled'
<p>  The default behavior of the TCP/IP stack on this Systems is to not use the
+
  Starting with Windows Server 2008 and Vista, the timestamp can not be complete!
   Timestamp options when initiating TCP connections, but use them if the TCP peer
+
ly disabled.
   that is initiating communication includes them in their synchronize (SYN) segment.</p>
+
  The default behavior of the TCP/IP stack on this Systems is to not use the
<p>  See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152</p>
+
   Timestamp options when initiating TCP connections, but use them if the TCP pee!
</div>
+
r
<div class="result_section">
+
   that is initiating communication includes them in their synchronize (SYN) segm!
<b>Affected Software/OS</b><p>TCP/IPv4 implementations that implement RFC1323.</p>
+
ent.
</div>
+
  See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152
<div class="result_section">
+
 
<b>Vulnerability Insight</b><p>The remote host implements TCP timestamps, as defined by RFC1323.</p>
+
Affected Software/OS:
</div>
+
TCP/IPv4 implementations that implement RFC1323.
<div class="result_section">
+
 
<b>Vulnerability Detection Method</b><p>Special IP packets are forged and sent with a little delay in between to the
+
Vulnerability Insight:
   target IP. The responses are searched for a timestamps. If found, the timestamps are reported.</p>
+
The remote host implements TCP timestamps, as defined by RFC1323.
<p>
+
 
            Details:
+
Vulnerability Detection Method:
            TCP timestamps
+
Special IP packets are forged and sent with a little delay in between to the
                (OID: 1.3.6.1.4.1.25623.1.0.80091)
+
   target IP. The responses are searched for a timestamps. If found, the timestam!
              </p>
+
ps are reported.
<p>
+
Details:
                  Version used: $Revision: 10411 $</p>
+
TCP timestamps
</div>
+
(OID: 1.3.6.1.4.1.25623.1.0.80091)
<div class="result_section">
+
Version used: $Revision: 10411 $
<b>References</b><br><p><table><tr valign="top">
+
 
<td>Other:</td>
+
References:
<td>http://www.ietf.org/rfc/rfc1323.txt</td>
+
Other:
</tr></table></p>
+
    http://www.ietf.org/rfc/rfc1323.txt
</div>
+
</source>
<div class="footer">
 
                  This file was automatically generated.
 
                </div>
 
</div></body>
 
</html>
 

Revisió de 11:34, 15 abr 2020

I Summary
=========

This document reports on the results of an automatic security scan.
The report first summarises the results found.
Then, for each host, the report describes every issue found.
Please consider the advice given in each description, in order to rectify
the issue.

All dates are displayed using the timezone "Coordinated Universal Time",
which is abbreviated "UTC".

Vendor security updates are not trusted.

Overrides are on.  When a result has an override, this report uses the
threat of the override.

Notes are included in the report.Information on overrides is included in the report.

This report might not show details of all issues that were found.
It only lists hosts that produced issues.
Issues with the threat level "Log" are not shown.
Issues with the threat level "Debug" are not shown.
Issues with the threat level "False Positive" are not shown.
Only results with a minimum QoD of 70 are shown.

This report contains all 5 results selected by the
filtering described above.  Before filtering there were 155 results.

Scan started: Fri Mar 1 14:54:15 2019 UTC
Scan ended:   Fri Mar 1 15:41:58 2019 UTC
Task:         Nose OVA

Host Summary
************

Host            High  Medium  Low  Log  False Positive
10.17.3.6          0       3    2    0               0
Total: 1           0       3    2    0               0


II Results per Host
===================

Host 10.17.3.6
**************

Scanning of this host started at: Fri Mar 1 15:21:42 2019 UTC
Number of results: 5

Port Summary for Host 10.17.3.6
-------------------------------

Service (Port)          Threat Level
22/tcp                  Medium
general/tcp             Low
80/tcp                  Medium

Security Issues for Host 10.17.3.6
----------------------------------

Issue
-----
NVT:    HTTP Debugging Methods (TRACE/TRACK) Enabled
OID:    1.3.6.1.4.1.25623.1.0.11213
Threat: Medium (CVSS: 5.8)
Port:   80/tcp

Summary:
Debugging functions are enabled on the remote web server.
  The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK
  are HTTP methods which are used to debug web server connections.

Vulnerability Detection Result:
The web server has the following HTTP methods enabled: TRACE

Impact:
An attacker may use this flaw to trick your legitimate web users to give
  him their credentials.

Solution:
Solution type: Mitigation
Disable the TRACE and TRACK methods in your web server configuration.
  Please see the manual of your web server or the references for more informatio!
n.

Affected Software/OS:
Web servers with enabled TRACE and/or TRACK methods.

Vulnerability Insight:
It has been shown that web servers supporting this methods are
  subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, wh!
en used in
  conjunction with various weaknesses in browsers.

Vulnerability Detection Method:
Details:
HTTP Debugging Methods (TRACE/TRACK) Enabled
(OID: 1.3.6.1.4.1.25623.1.0.11213)
Version used: $Revision: 10828 $

References:
CVE: CVE-2003-1567, CVE-2004-2320, CVE-2004-2763, CVE-2005-3398, CVE-2006-4683, CVE-2007-3008, CVE-2008-7253, CVE-2009-2823, CVE-2010-0386, CVE-2012-2223, CVE-2014-7883
BID: 9506,  9561,  11604,  15222,  19915,  24456,  33374,  36956,  36990,  37995
CERT: CB-K14/0981
, DFN-CERT-2014-1018
, DFN-CERT-2010-0020

Other:
    http://www.kb.cert.org/vuls/id/288308
    http://www.kb.cert.org/vuls/id/867593
    http://httpd.apache.org/docs/current/de/mod/core.html#traceenable
    https://www.owasp.org/index.php/Cross_Site_Tracing


Issue
-----
NVT:    Linux Home Folder Accessible
OID:    1.3.6.1.4.1.25623.1.0.111108
Threat: Medium (CVSS: 5.0)
Port:   80/tcp

Summary:
The script attempts to identify files of a linux home folder accessible
  at the webserver.

Vulnerability Detection Result:
The following files were identified:
http://10.17.3.6/.bash_history

Impact:
Based on the information provided in this files an attacker might
  be able to gather additional info.

Solution:
Solution type: Mitigation
A users home folder shouldn't be accessible via a webserver. Restrict access to !
it or remove it completely.

Vulnerability Insight:
Currently the script is checking for the following files:
  - /.ssh/authorized_keys
  - /.ssh/known_hosts
  - /.ssh/identity
  - /.ssh/id_rsa
  - /.ssh/id_rsa.pub
  - /.ssh/id_dsa
  - /.ssh/id_dsa.pub
  - /.ssh/id_dss
  - /.ssh/id_dss.pub
  - /.ssh/id_ecdsa
  - /.ssh/id_ecdsa.pub
  - /.ssh/id_ed25519
  - /.ssh/id_ed25519.pub
  - /.mysql_history
  - /.sqlite_history
  - /.psql_history
  - /.sh_history
  - /.bash_history
  - /.profile
  - /.bashrc

Vulnerability Detection Method:
Check the response if files from a home folder are accessible.
Details:
Linux Home Folder Accessible
(OID: 1.3.6.1.4.1.25623.1.0.111108)
Version used: $Revision: 10157 $


Issue
-----
NVT:    SSH Weak Encryption Algorithms Supported
OID:    1.3.6.1.4.1.25623.1.0.105611
Threat: Medium (CVSS: 4.3)
Port:   22/tcp

Summary:
The remote SSH server is configured to allow weak encryption algorithms.

Vulnerability Detection Result:
The following weak client-to-server encryption algorithms are supported by the r!
emote service:
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se
The following weak server-to-client encryption algorithms are supported by the r!
emote service:
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

Solution:
Solution type: Mitigation
Disable the weak encryption algorithms.

Vulnerability Insight:
The `arcfour` cipher is the Arcfour stream cipher with 128-bit keys.
  The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]!
. Arcfour (and RC4) has problems
  with weak keys, and should not be used anymore.
  The `none` algorithm specifies that no encryption is to be done.
  Note that this method provides no confidentiality protection, and it
  is NOT RECOMMENDED to use it.
  A vulnerability exists in SSH messages that employ CBC mode that may allow an !
attacker to recover plaintext from a block of ciphertext.

Vulnerability Detection Method:
Check if remote ssh service supports Arcfour, none or CBC ciphers.
Details:
SSH Weak Encryption Algorithms Supported
(OID: 1.3.6.1.4.1.25623.1.0.105611)
Version used: $Revision: 13581 $

References:
Other:
    https://tools.ietf.org/html/rfc4253#section-6.3
    https://www.kb.cert.org/vuls/id/958563


Issue
-----
NVT:    SSH Weak MAC Algorithms Supported
OID:    1.3.6.1.4.1.25623.1.0.105610
Threat: Low (CVSS: 2.6)
Port:   22/tcp

Summary:
The remote SSH server is configured to allow weak MD5 and/or 96-bit MAC algorith!
ms.

Vulnerability Detection Result:
The following weak client-to-server MAC algorithms are supported by the remote s!
ervice:
hmac-md5
hmac-md5-96
hmac-sha1-96
The following weak server-to-client MAC algorithms are supported by the remote s!
ervice:
hmac-md5
hmac-md5-96
hmac-sha1-96

Solution:
Solution type: Mitigation
Disable the weak MAC algorithms.

Vulnerability Detection Method:
Details:
SSH Weak MAC Algorithms Supported
(OID: 1.3.6.1.4.1.25623.1.0.105610)
Version used: $Revision: 13581 $


Issue
-----
NVT:    TCP timestamps
OID:    1.3.6.1.4.1.25623.1.0.80091
Threat: Low (CVSS: 2.6)
Port:   general/tcp

Summary:
The remote host implements TCP timestamps and therefore allows to compute
  the uptime.

Vulnerability Detection Result:
It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 3183497
Packet 2: 3185039

Impact:
A side effect of this feature is that the uptime of the remote
  host can sometimes be computed.

Solution:
Solution type: Mitigation
To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
  /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
  To disable TCP timestamps on Windows execute 'netsh int tcp set global timesta!
mps=disabled'
  Starting with Windows Server 2008 and Vista, the timestamp can not be complete!
ly disabled.
  The default behavior of the TCP/IP stack on this Systems is to not use the
  Timestamp options when initiating TCP connections, but use them if the TCP pee!
r
  that is initiating communication includes them in their synchronize (SYN) segm!
ent.
  See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152

Affected Software/OS:
TCP/IPv4 implementations that implement RFC1323.

Vulnerability Insight:
The remote host implements TCP timestamps, as defined by RFC1323.

Vulnerability Detection Method:
Special IP packets are forged and sent with a little delay in between to the
  target IP. The responses are searched for a timestamps. If found, the timestam!
ps are reported.
Details:
TCP timestamps
(OID: 1.3.6.1.4.1.25623.1.0.80091)
Version used: $Revision: 10411 $

References:
Other:
    http://www.ietf.org/rfc/rfc1323.txt