ASIX/M17/UF2/PT1
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
Summary
This document reports on the results of an automatic security scan. The report first summarises the results found. Then, for each host, the report describes every issue found. Please consider the advice given in each description, in order to rectify the issue.
Vendor security updates are not trusted.
Overrides are on. When a result has an override, this report uses the threat of the override.
Information on overrides is included in the report.
Notes are included in the report.
This report might not show details of all issues that were found. It only lists hosts that produced issues. Issues with the threat level "Log" are not shown. Issues with the threat level "Debug" are not shown. Issues with the threat level "False Positive" are not shown. Only results with a minimum QoD of 70 are shown.
This report contains all 5 results selected by the filtering described above. Before filtering there were 155 results.
All dates are displayed using the timezone "Coordinated Universal Time", which is abbreviated "UTC".
| Scan started: | Fri Mar 1 14:54:15 2019 UTC |
| Scan ended: | Fri Mar 1 15:41:58 2019 UTC |
| Task: | Nose OVA |
Host Summary
| Host | Start | End | High | Medium | Low | Log | False Positive |
| 10.17.3.6 | Mar 1, 15:21:42 | Mar 1, 15:41:58 | 0 | 3 | 2 | 0 | 0 |
| Total: 1 | 0 | 3 | 2 | 0 | 0 |
Results per Host
Host 10.17.3.6
| Scanning of this host started at: | Fri Mar 1 15:21:42 2019 UTC |
| Number of results: | 5 |
Port Summary for Host 10.17.3.6
| Service (Port) | Threat Level |
| general/tcp | Low |
| 80/tcp | Medium |
| 22/tcp | Medium |
Security Issues for Host 10.17.3.6
Debugging functions are enabled on the remote web server.
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections.
The web server has the following HTTP methods enabled: TRACE
An attacker may use this flaw to trick your legitimate web users to give him their credentials.
Solution type: Mitigation
Disable the TRACE and TRACK methods in your web server configuration.
Please see the manual of your web server or the references for more information.
Web servers with enabled TRACE and/or TRACK methods.
It has been shown that web servers supporting this methods are subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in conjunction with various weaknesses in browsers.
Details: HTTP Debugging Methods (TRACE/TRACK) Enabled (OID: 1.3.6.1.4.1.25623.1.0.11213)
Version used: $Revision: 10828 $
| CVE: | CVE-2003-1567, CVE-2004-2320, CVE-2004-2763, CVE-2005-3398, CVE-2006-4683, CVE-2007-3008, CVE-2008-7253, CVE-2009-2823, CVE-2010-0386, CVE-2012-2223, CVE-2014-7883 |
| BID: | 9506, 9561, 11604, 15222, 19915, 24456, 33374, 36956, 36990, 37995 |
| CERT: | CB-K14/0981, DFN-CERT-2014-1018, DFN-CERT-2010-0020 |
| Other: | http://www.kb.cert.org/vuls/id/288308 |
| http://www.kb.cert.org/vuls/id/867593 | |
| http://httpd.apache.org/docs/current/de/mod/core.html#traceenable | |
| https://www.owasp.org/index.php/Cross_Site_Tracing |
The script attempts to identify files of a linux home folder accessible at the webserver.
The following files were identified: http://10.17.3.6/.bash_history
Based on the information provided in this files an attacker might be able to gather additional info.
Solution type: Mitigation
A users home folder shouldn't be accessible via a webserver. Restrict access to it or remove it completely.
Currently the script is checking for the following files:
- /.ssh/authorized_keys
- /.ssh/known_hosts
- /.ssh/identity
- /.ssh/id_rsa
- /.ssh/id_rsa.pub
- /.ssh/id_dsa
- /.ssh/id_dsa.pub
- /.ssh/id_dss
- /.ssh/id_dss.pub
- /.ssh/id_ecdsa
- /.ssh/id_ecdsa.pub
- /.ssh/id_ed25519
- /.ssh/id_ed25519.pub
- /.mysql_history
- /.sqlite_history
- /.psql_history
- /.sh_history
- /.bash_history
- /.profile
- /.bashrc
Check the response if files from a home folder are accessible.
Details: Linux Home Folder Accessible (OID: 1.3.6.1.4.1.25623.1.0.111108)
Version used: $Revision: 10157 $
The remote SSH server is configured to allow weak encryption algorithms.
The following weak client-to-server encryption algorithms are supported by the remote service: 3des-cbc aes128-cbc aes192-cbc aes256-cbc arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc rijndael-cbc@lysator.liu.se The following weak server-to-client encryption algorithms are supported by the remote service: 3des-cbc aes128-cbc aes192-cbc aes256-cbc arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc rijndael-cbc@lysator.liu.se
Solution type: Mitigation
Disable the weak encryption algorithms.
The `arcfour` cipher is the Arcfour stream cipher with 128-bit keys. The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]. Arcfour (and RC4) has problems with weak keys, and should not be used anymore.
The `none` algorithm specifies that no encryption is to be done. Note that this method provides no confidentiality protection, and it is NOT RECOMMENDED to use it.
A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext.
Check if remote ssh service supports Arcfour, none or CBC ciphers.
Details: SSH Weak Encryption Algorithms Supported (OID: 1.3.6.1.4.1.25623.1.0.105611)
Version used: $Revision: 13581 $
| Other: | https://tools.ietf.org/html/rfc4253#section-6.3 |
| https://www.kb.cert.org/vuls/id/958563 |
The remote SSH server is configured to allow weak MD5 and/or 96-bit MAC algorithms.
The following weak client-to-server MAC algorithms are supported by the remote service: hmac-md5 hmac-md5-96 hmac-sha1-96 The following weak server-to-client MAC algorithms are supported by the remote service: hmac-md5 hmac-md5-96 hmac-sha1-96
Solution type: Mitigation
Disable the weak MAC algorithms.
Details: SSH Weak MAC Algorithms Supported (OID: 1.3.6.1.4.1.25623.1.0.105610)
Version used: $Revision: 13581 $
The remote host implements TCP timestamps and therefore allows to compute the uptime.
It was detected that the host implements RFC1323. The following timestamps were retrieved with a delay of 1 seconds in-between: Packet 1: 3183497 Packet 2: 3185039
A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Solution type: Mitigation
To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in their synchronize (SYN) segment.
See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152
TCP/IPv4 implementations that implement RFC1323.
The remote host implements TCP timestamps, as defined by RFC1323.
Special IP packets are forged and sent with a little delay in between to the target IP. The responses are searched for a timestamps. If found, the timestamps are reported.
Details: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091)
Version used: $Revision: 10411 $
| Other: | http://www.ietf.org/rfc/rfc1323.txt |
