WS2012
WS2012
WS2012
Vulnerabilities by Host
• 192.168.56.103.....................................................................................................................................................4
Remediations
• Suggested Remediations................................................................................................................................. 350
Vulnerabilities by Host
192.168.56.103
11 24 55 12 205
CRITICAL HIGH MEDIUM LOW INFO
Scan Information
Host Information
Vulnerabilities
105752 - Elasticsearch Transport Protocol Unspecified Remote Code Execution
Synopsis
Elasticsearch contains an unspecified flaw related to the transport protocol that may allow a remote attacker to
execute arbitrary code.
Description
Elasticsearch could allow a remote attacker to execute arbitrary code on the system, caused by an error in the
transport protocol. An attacker could exploit this vulnerability to execute arbitrary code on the system.
See Also
http://www.nessus.org/u?c6b6cf1a
Solution
Users should upgrade to 1.6.1 or 1.7.0. Alternately, ensure that only trusted applications have access to the
transport protocol port
Risk Factor
Critical
192.168.56.103 4
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2015-5377
192.168.56.103 5
79638 - MS14-066: Vulnerability in Schannel Could Allow Remote Code Execution (2992611)
(uncredentialed check)
Synopsis
Description
The remote Windows host is affected by a remote code execution vulnerability due to improper processing of
packets by the Secure Channel (Schannel) security package. An attacker can exploit this issue by sending
specially crafted packets to a Windows server.
Note that this plugin sends a client Certificate TLS handshake message followed by a CertificateVerify message.
Some Windows hosts will close the connection upon receiving a client certificate for which it did not ask for
with a CertificateRequest message. In this case, the plugin cannot proceed to detect the vulnerability as the
CertificateVerify message cannot be sent.
See Also
http://www.nessus.org/u?64e97902
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Critical
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 (CVSS2#E:F/RL:OF/RC:C)
References
BID 70954
CVE CVE-2014-6321
MSKB 2992611
XREF CERT:505120
XREF MSFT:MS14-066
192.168.56.103 6
Exploitable With
192.168.56.103 7
97833 - MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE)
(ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks)
(Petya) (uncredentialed check)
Synopsis
Description
- Multiple remote code execution vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to
improper handling of certain requests. An unauthenticated, remote attacker can exploit these vulnerabilities,
via a specially crafted packet, to execute arbitrary code. (CVE-2017-0143, CVE-2017-0144, CVE-2017-0145,
CVE-2017-0146, CVE-2017-0148)
- An information disclosure vulnerability exists in Microsoft Server Message Block 1.0 (SMBv1) due to improper
handling of certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet,
to disclose sensitive information. (CVE-2017-0147)
See Also
http://www.nessus.org/u?68fc8eff
http://www.nessus.org/u?321523eb
http://www.nessus.org/u?065561d0
http://www.nessus.org/u?d9f569cf
https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
http://www.nessus.org/u?b9d9ebf9
http://www.nessus.org/u?8dcab5e4
http://www.nessus.org/u?234f8ef8
http://www.nessus.org/u?4c7e0cf3
https://github.com/stamparm/EternalRocks/
http://www.nessus.org/u?59db5b5b
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10,
and 2016. Microsoft has also released emergency patches for Windows operating systems that are no longer
supported, including Windows XP, 2003, and 8.
For unsupported Windows operating systems, e.g. Windows XP, Microsoft recommends that users discontinue
the use of SMBv1. SMBv1 lacks security features that were included in later SMB versions. SMBv1 can
192.168.56.103 8
be disabled by following the vendor instructions provided in Microsoft KB2696547. Additionally, US-CERT
recommends that users block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB
over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices.
Risk Factor
Critical
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.7 (CVSS:3.0/E:H/RL:O/RC:C)
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
References
BID 96703
BID 96704
BID 96705
BID 96706
BID 96707
BID 96709
CVE CVE-2017-0143
CVE CVE-2017-0144
CVE CVE-2017-0145
CVE CVE-2017-0146
CVE CVE-2017-0147
CVE CVE-2017-0148
MSKB 4012212
MSKB 4012213
MSKB 4012214
MSKB 4012215
MSKB 4012216
192.168.56.103 9
MSKB 4012217
MSKB 4012606
MSKB 4013198
MSKB 4013429
MSKB 4012598
XREF EDB-ID:41891
XREF EDB-ID:41987
XREF MSFT:MS17-010
XREF IAVA:2017-A-0065
Exploitable With
192.168.56.103 10
90192 - ManageEngine Desktop Central 8 / 9 < Build 91100 Multiple RCE
Synopsis
The remote web server contains a Java-based web application that is affected by multiple remote code
execution vulnerabilities.
Description
The ManageEngine Desktop Central application running on the remote host is version 8, or else version 9 prior
to build 91100. It is, therefore, affected by multiple remote code execution vulnerabilities :
- A flaw exists in the statusUpdate script due to a failure to properly sanitize user-supplied input to the 'fileName'
parameter. An unauthenticated, remote attacker can exploit this, via a crafted request to upload a PHP file that
has multiple file extensions and by manipulating the 'applicationName' parameter, to make a direct request
to the uploaded file, resulting in the execution of arbitrary code with NT-AUTHORITY\SYSTEM privileges.
(CVE-2015-82001)
- An unspecified flaw exists in various servlets that allow an unauthenticated, remote attacker to execute
arbitrary code. No further details are available.
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-
reported version number.
See Also
http://www.nessus.org/u?89099720
Solution
Risk Factor
Critical
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 (CVSS2#E:F/RL:OF/RC:ND)
References
CVE CVE-2015-82001
XREF TRA:TRA-2015-07
192.168.56.103 11
90192 - ManageEngine Desktop Central 8 / 9 < Build 91100 Multiple RCE
Synopsis
The remote web server contains a Java-based web application that is affected by multiple remote code
execution vulnerabilities.
Description
The ManageEngine Desktop Central application running on the remote host is version 8, or else version 9 prior
to build 91100. It is, therefore, affected by multiple remote code execution vulnerabilities :
- A flaw exists in the statusUpdate script due to a failure to properly sanitize user-supplied input to the 'fileName'
parameter. An unauthenticated, remote attacker can exploit this, via a crafted request to upload a PHP file that
has multiple file extensions and by manipulating the 'applicationName' parameter, to make a direct request
to the uploaded file, resulting in the execution of arbitrary code with NT-AUTHORITY\SYSTEM privileges.
(CVE-2015-82001)
- An unspecified flaw exists in various servlets that allow an unauthenticated, remote attacker to execute
arbitrary code. No further details are available.
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-
reported version number.
See Also
http://www.nessus.org/u?89099720
Solution
Risk Factor
Critical
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 (CVSS2#E:F/RL:OF/RC:ND)
References
CVE CVE-2015-82001
XREF TRA:TRA-2015-07
192.168.56.103 12
90192 - ManageEngine Desktop Central 8 / 9 < Build 91100 Multiple RCE
Synopsis
The remote web server contains a Java-based web application that is affected by multiple remote code
execution vulnerabilities.
Description
The ManageEngine Desktop Central application running on the remote host is version 8, or else version 9 prior
to build 91100. It is, therefore, affected by multiple remote code execution vulnerabilities :
- A flaw exists in the statusUpdate script due to a failure to properly sanitize user-supplied input to the 'fileName'
parameter. An unauthenticated, remote attacker can exploit this, via a crafted request to upload a PHP file that
has multiple file extensions and by manipulating the 'applicationName' parameter, to make a direct request
to the uploaded file, resulting in the execution of arbitrary code with NT-AUTHORITY\SYSTEM privileges.
(CVE-2015-82001)
- An unspecified flaw exists in various servlets that allow an unauthenticated, remote attacker to execute
arbitrary code. No further details are available.
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-
reported version number.
See Also
http://www.nessus.org/u?89099720
Solution
Risk Factor
Critical
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 (CVSS2#E:F/RL:OF/RC:ND)
References
CVE CVE-2015-82001
XREF TRA:TRA-2015-07
192.168.56.103 13
108752 - ManageEngine Desktop Central 9 < Build 92027 Multiple Vulnerabilities
Synopsis
The remote web server contains a Java-based web application that is affected by multiple vulnerabilities.
Description
The ManageEngine Desktop Central application running on the remote host is version 9 prior to build 92027. It
is, therefore, affected by multiple vulnerabilities including a remote code execution and three cross-site scripting
vulnerabilities.
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-
reported version number.
See Also
http://www.nessus.org/u?b2a97375
Solution
Risk Factor
Critical
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2018-8722
192.168.56.103 14
108752 - ManageEngine Desktop Central 9 < Build 92027 Multiple Vulnerabilities
Synopsis
The remote web server contains a Java-based web application that is affected by multiple vulnerabilities.
Description
The ManageEngine Desktop Central application running on the remote host is version 9 prior to build 92027. It
is, therefore, affected by multiple vulnerabilities including a remote code execution and three cross-site scripting
vulnerabilities.
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-
reported version number.
See Also
http://www.nessus.org/u?b2a97375
Solution
Risk Factor
Critical
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2018-8722
192.168.56.103 15
108752 - ManageEngine Desktop Central 9 < Build 92027 Multiple Vulnerabilities
Synopsis
The remote web server contains a Java-based web application that is affected by multiple vulnerabilities.
Description
The ManageEngine Desktop Central application running on the remote host is version 9 prior to build 92027. It
is, therefore, affected by multiple vulnerabilities including a remote code execution and three cross-site scripting
vulnerabilities.
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-
reported version number.
See Also
http://www.nessus.org/u?b2a97375
Solution
Risk Factor
Critical
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2018-8722
192.168.56.103 16
60085 - PHP 5.3.x < 5.3.15 Multiple Vulnerabilities
Synopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.15, and is,
therefore, potentially affected by the following vulnerabilities :
- An unspecified overflow vulnerability exists in the function '_php_stream_scandir' in the file 'main/streams/
streams.c'. (CVE-2012-2688)
- An unspecified error exists that can allow the 'open_basedir' constraint to be bypassed.
(CVE-2012-3365)
See Also
http://www.php.net/ChangeLog-5.php#5.3.15
Solution
Risk Factor
Critical
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 (CVSS2#E:U/RL:OF/RC:C)
References
BID 54612
BID 54638
CVE CVE-2012-2688
CVE CVE-2012-3365
192.168.56.103 17
58987 - PHP Unsupported Version Detection
Synopsis
The remote host contains an unsupported version of a web application scripting language.
Description
According to its version, the installation of PHP on the remote host is no longer supported.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it
is likely to contain security vulnerabilities.
See Also
http://php.net/eol.php
https://wiki.php.net/rfc/releaseprocess
Solution
Risk Factor
Critical
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
192.168.56.103 18
77531 - Apache 2.2.x < 2.2.28 Multiple Vulnerabilities
Synopsis
Description
According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.28. It is, therefore,
affected by the following vulnerabilities :
- A flaw exists within the 'mod_headers' module which allows a remote attacker to inject arbitrary headers.
This is done by placing a header in the trailer portion of data being sent using chunked transfer encoding.
(CVE-2013-5704)
- A flaw exists within the 'mod_deflate' module when handling highly compressed bodies. Using a specially
crafted request, a remote attacker can exploit this to cause a denial of service by exhausting memory and CPU
resources. (CVE-2014-0118)
- The 'mod_status' module contains a race condition that can be triggered when handling the scoreboard.
A remote attacker can exploit this to cause a denial of service, execute arbitrary code, or obtain sensitive
credential information. (CVE-2014-0226)
- The 'mod_cgid' module lacks a time out mechanism. Using a specially crafted request, a remote attacker can
use this flaw to cause a denial of service by causing child processes to linger indefinitely, eventually filling up the
scoreboard. (CVE-2014-0231)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.
See Also
https://www.zerodayinitiative.com/advisories/ZDI-14-236/
https://archive.apache.org/dist/httpd/CHANGES_2.2.29
http://httpd.apache.org/security/vulnerabilities_22.html
http://swende.se/blog/HTTPChunked.html
Solution
Risk Factor
High
7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
192.168.56.103 19
CVSS v3.0 Temporal Score
6.6 (CVSS:3.0/E:P/RL:O/RC:C)
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 66550
BID 68678
BID 68742
BID 68745
CVE CVE-2013-5704
CVE CVE-2014-0118
CVE CVE-2014-0226
CVE CVE-2014-0231
XREF EDB-ID:34133
192.168.56.103 20
100995 - Apache 2.2.x < 2.2.33-dev / 2.4.x < 2.4.26 Multiple Vulnerabilities
Synopsis
Description
According to its banner, the version of Apache running on the remote host is 2.2.x prior to 2.2.33-dev or 2.4.x
prior to 2.4.26. It is, therefore, affected by the following vulnerabilities :
- An authentication bypass vulnerability exists due to third-party modules using the ap_get_basic_auth_pw()
function outside of the authentication phase. An unauthenticated, remote attacker can exploit this to bypass
authentication requirements. (CVE-2017-3167)
- A NULL pointer dereference flaw exists due to third-party module calls to the mod_ssl
ap_hook_process_connection() function during an HTTP request to an HTTPS port. An unauthenticated, remote
attacker can exploit this to cause a denial of service condition. (CVE-2017-3169)
- A NULL pointer dereference flaw exists in mod_http2 that is triggered when handling a specially crafted
HTTP/2 request. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.
Note that this vulnerability does not affect 2.2.x.
(CVE-2017-7659)
- An out-of-bounds read error exists in the ap_find_token() function due to improper handling of header
sequences. An unauthenticated, remote attacker can exploit this, via a specially crafted header sequence, to
cause a denial of service condition.
(CVE-2017-7668)
- An out-of-bounds read error exists in mod_mime due to improper handling of Content-Type response headers.
An unauthenticated, remote attacker can exploit this, via a specially crafted Content-Type response header, to
cause a denial of service condition or the disclosure of sensitive information. (CVE-2017-7679)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.
See Also
https://archive.apache.org/dist/httpd/CHANGES_2.2.32
https://archive.apache.org/dist/httpd/CHANGES_2.4.26
https://httpd.apache.org/security/vulnerabilities_22.html
https://httpd.apache.org/security/vulnerabilities_24.html
Solution
Risk Factor
High
192.168.56.103 21
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 (CVSS:3.0/E:U/RL:O/RC:C)
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 (CVSS2#E:U/RL:OF/RC:C)
References
BID 99132
BID 99134
BID 99135
BID 99137
BID 99170
CVE CVE-2017-3167
CVE CVE-2017-3169
CVE CVE-2017-7659
CVE CVE-2017-7668
CVE CVE-2017-7679
192.168.56.103 22
101787 - Apache 2.2.x < 2.2.34 Multiple Vulnerabilities
Synopsis
Description
According to its banner, the version of Apache running on the remote host is 2.2.x prior to 2.2.34. It is, therefore,
affected by the following vulnerabilities :
- An authentication bypass vulnerability exists in httpd due to third-party modules using the
ap_get_basic_auth_pw() function outside of the authentication phase. An unauthenticated, remote attacker can
exploit this to bypass authentication requirements. (CVE-2017-3167)
- A denial of service vulnerability exists in httpd due to a NULL pointer dereference flaw that is triggered when
a third-party module calls the mod_ssl ap_hook_process_connection() function during an HTTP request to
an HTTPS port. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.
(CVE-2017-3169)
- A denial of service vulnerability exists in httpd due to an out-of-bounds read error in the ap_find_token()
function that is triggered when handling a specially crafted request header sequence. An unauthenticated,
remote attacker can exploit this to crash the service or force ap_find_token() to return an incorrect value.
(CVE-2017-7668)
- A denial of service vulnerability exists in httpd due to an out-of-bounds read error in the mod_mime that is
triggered when handling a specially crafted Content-Type response header. An unauthenticated, remote attacker
can exploit this to disclose sensitive information or cause a denial of service condition. (CVE-2017-7679)
- A denial of service vulnerability exists in httpd due to a failure to initialize or reset the value placeholder
in [Proxy-]Authorization headers of type 'Digest' before or between successive key=value assignments by
mod_auth_digest. An unauthenticated, remote attacker can exploit this, by providing an initial key with no '='
assignment, to disclose sensitive information or cause a denial of service condition. (CVE-2017-9788)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.
See Also
https://archive.apache.org/dist/httpd/CHANGES_2.2.34
https://httpd.apache.org/security/vulnerabilities_22.html
Solution
Risk Factor
High
192.168.56.103 23
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 (CVSS2#E:U/RL:OF/RC:C)
References
BID 99134
BID 99135
BID 99137
BID 99170
BID 99569
CVE CVE-2017-3167
CVE CVE-2017-3169
CVE CVE-2017-7668
CVE CVE-2017-7679
CVE CVE-2017-9788
192.168.56.103 24
95438 - Apache Tomcat 6.0.x < 6.0.48 / 7.0.x < 7.0.73 / 8.0.x < 8.0.39 / 8.5.x < 8.5.8 / 9.0.x < 9.0.0.M13
Multiple Vulnerabilities
Synopsis
Description
According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x
prior to 6.0.48, 7.0.x prior to 7.0.73, 8.0.x prior to 8.0.39, 8.5.x prior to 8.5.8, or 9.0.x prior to 9.0.0.M13. It is,
therefore, affected by multiple vulnerabilities :
- A flaw exists that is triggered when handling request lines containing certain invalid characters. An
unauthenticated, remote attacker can exploit this, by injecting additional headers into responses, to conduct
HTTP response splitting attacks. (CVE-2016-6816)
- A denial of service vulnerability exists in the HTTP/2 parser due to an infinite loop caused by improper parsing
of overly large headers. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to
cause a denial of service condition.
Note that this vulnerability only affects 8.5.x versions. (CVE-2016-6817)
- A remote code execution vulnerability exists in the JMX listener in JmxRemoteLifecycleListener.java due
to improper deserialization of Java objects. An unauthenticated, remote attacker can exploit this to execute
arbitrary code. (CVE-2016-8735)
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-
reported version number.
See Also
http://www.nessus.org/u?1e8a81e1
http://www.nessus.org/u?1c7e7b23
http://www.nessus.org/u?833cb56a
http://www.nessus.org/u?87d6ed56
http://www.nessus.org/u?5f7bb039
Solution
Upgrade to Apache Tomcat version 6.0.48 / 7.0.73 / 8.0.39 / 8.5.8 / 9.0.0.M13 or later.
Risk Factor
High
7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
192.168.56.103 25
CVSS v3.0 Temporal Score
6.6 (CVSS:3.0/E:P/RL:O/RC:C)
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 94097
BID 94461
BID 94463
CVE CVE-2016-6816
CVE CVE-2016-6817
CVE CVE-2016-8735
192.168.56.103 26
121119 - Apache Tomcat 7.0.x < 7.0.70 / 8.0.x < 8.0.36 / 8.5.x < 8.5.3 / 9.0.x < 9.0.0.M8 Denial of
Service
Synopsis
Description
According to its self-reported version number, the Apache Tomcat instance listening on the remote host is 7.0.x
prior to 7.0.70, 8.0.x < 8.0.36, 8.5.x < 8.5.3 or 9.0.x < 9.0.0.M8. It is, therefore, affected by a denial of service
vulnerability:
- A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of
the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the
boundary was the typical tens of bytes long.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.
See Also
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.70
http://www.nessus.org/u?ecb3da27
http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M8
Solution
Risk Factor
High
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
References
CVE CVE-2016-3092
192.168.56.103 27
111067 - Apache Tomcat 8.0.0 < 8.0.53 Security Constraint Weakness
Synopsis
Description
The version of Apache Tomcat installed on the remote host is 8.0.x prior to 8.0.53. It is, therefore, affected by
multiple vulnerabilities.
See Also
http://www.nessus.org/u?cea2044a
http://www.nessus.org/u?d5ab19d6
Solution
Risk Factor
High
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
BID 104203
CVE CVE-2018-8014
CVE CVE-2018-8034
192.168.56.103 28
103697 - Apache Tomcat 8.0.0.RC1 < 8.0.47 Multiple Vulnerabilities
Synopsis
Description
The version of Apache Tomcat installed on the remote host is 8.0.0.RC1 or later but prior to 8.0.47. It is,
therefore, affected by an unspecified vulnerability when running with HTTP PUTs enabled (e.g.
via setting the readonly initialization parameter of the Default to false) that makes it possible to upload a JSP file
to the server via a specially crafted request. This JSP could then be requested and any code it contained would
be executed by the server.
Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-
reported version number.
See Also
http://www.nessus.org/u?4f047e41
Solution
Risk Factor
High
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
8.1 (CVSS:3.0/E:F/RL:O/RC:C)
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 (CVSS2#E:F/RL:OF/RC:C)
References
BID 100954
CVE CVE-2017-12617
192.168.56.103 29
Exploitable With
192.168.56.103 30
76572 - Elasticsearch 'source' Parameter RCE
Synopsis
The remote web server hosts a Java application that is affected by a remote code execution vulnerability.
Description
The Elasticsearch application hosted on the remote web server is affected by a remote code execution
vulnerability due to a failure to properly sanitize user-supplied input to the 'source' parameter of the '/_search'
page. A remote, unauthenticated attacker can exploit this flaw to execute arbitrary Java code or manipulate files
on the remote host.
See Also
http://bouk.co/blog/elasticsearch-rce/
https://www.elastic.co/blog/found-elasticsearch-security
Solution
Risk Factor
High
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 67731
CVE CVE-2014-3120
XREF EDB-ID:33370
XREF EDB-ID:33588
Exploitable With
Metasploit (true)
192.168.56.103 31
119499 - Elasticsearch ESA-2015-06
Synopsis
Description
Elasticsearch versions prior to 1.6.1 are vulnerable to an attack that can result in remote code execution.
See Also
http://www.nessus.org/u?3f00797e
Solution
Users should upgrade to 1.6.1 or 1.7.0. Alternately, ensure that only trusted applications have access to the
transport protocol port.
Risk Factor
High
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
CVE CVE-2015-5377
192.168.56.103 32
71219 - ManageEngine Desktop Central Default Administrator Credentials
Synopsis
Description
The ManageEngine Desktop Central application running on the remote host uses a default set of credentials
to control access to its management interface. An attacker can exploit this vulnerability to gain administrative
access to the application.
Solution
Risk Factor
High
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
7.5 (CVSS2#E:H/RL:ND/RC:ND)
192.168.56.103 33
71219 - ManageEngine Desktop Central Default Administrator Credentials
Synopsis
Description
The ManageEngine Desktop Central application running on the remote host uses a default set of credentials
to control access to its management interface. An attacker can exploit this vulnerability to gain administrative
access to the application.
Solution
Risk Factor
High
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
7.5 (CVSS2#E:H/RL:ND/RC:ND)
192.168.56.103 34
71219 - ManageEngine Desktop Central Default Administrator Credentials
Synopsis
Description
The ManageEngine Desktop Central application running on the remote host uses a default set of credentials
to control access to its management interface. An attacker can exploit this vulnerability to gain administrative
access to the application.
Solution
Risk Factor
High
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
7.5 (CVSS2#E:H/RL:ND/RC:ND)
192.168.56.103 35
110612 - Oracle GlassFish Server URL normalization Denial of Service
Synopsis
Description
The instance of Oracle GlassFish Server running on the remote host is affected by an authenticated and
unauthenticated denial of service vulnerability.
A remote attacker can exploit this issue, via a specially crafted HTTP request to Admin Console component.
See Also
http://www.nessus.org/u?81fcff67
Solution
Risk Factor
High
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
References
XREF TRA:TRA-2018-06
192.168.56.103 36
59056 - PHP 5.3.x < 5.3.13 CGI Query String Code Execution
Synopsis
The remote web server uses a version of PHP that is affected by a remote code execution vulnerability.
Description
According to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.13 and, as such,
is potentially affected by a remote code execution and information disclosure vulnerability.
The fix for CVE-2012-1823 does not completely correct the CGI query vulnerability. Disclosure of PHP source
code and code execution via query parameters are still possible.
Note that this vulnerability is exploitable only when PHP is used in CGI-based configurations. Apache with
'mod_php' is not an exploitable configuration.
See Also
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
https://bugs.php.net/bug.php?id=61910
http://www.php.net/archive/2012.php#id2012-05-08-1
http://www.php.net/ChangeLog-5.php#5.3.13
Solution
Risk Factor
High
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 53388
CVE CVE-2012-2311
CVE CVE-2012-2335
CVE CVE-2012-2336
XREF CERT:520827
192.168.56.103 37
Exploitable With
Metasploit (true)
192.168.56.103 38
59529 - PHP 5.3.x < 5.3.14 Multiple Vulnerabilities
Synopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.14, and is,
therefore, potentially affected the following vulnerabilities :
- An integer overflow error exists in the function 'phar_parse_tarfile' in the file 'ext/phar/tar.c'. This error can
lead to a heap-based buffer overflow when handling a maliciously crafted TAR file. Arbitrary code execution is
possible due to this error. (CVE-2012-2386)
- A weakness exists in the 'crypt' function related to the DES implementation that can allow brute-force attacks.
(CVE-2012-2143)
- Several design errors involving the incorrect parsing of PHP PDO prepared statements could lead to disclosure
of sensitive information or denial of service.
(CVE-2012-3450)
- A variable initialization error exists in the file 'ext/openssl/openssl.c' that can allow process memory contents to
be disclosed when input data is of length zero. (CVE-2012-6113)
See Also
http://www.nessus.org/u?ec6f812f
https://bugs.php.net/bug.php?id=61755
http://www.php.net/ChangeLog-5.php#5.3.14
http://www.nessus.org/u?99140286
http://www.nessus.org/u?a42ad63a
Solution
Risk Factor
High
8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
6.7 (CVSS2#E:POC/RL:OF/RC:C)
192.168.56.103 39
References
BID 47545
BID 53729
BID 54777
BID 57462
CVE CVE-2012-2143
CVE CVE-2012-2386
CVE CVE-2012-3450
CVE CVE-2012-6113
XREF EDB-ID:17201
192.168.56.103 40
64992 - PHP 5.3.x < 5.3.22 Multiple Vulnerabilities
Synopsis
The remote web server uses a version of PHP that is potentially affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.22. It is, therefore,
potentially affected by the following vulnerabilities :
Note that this plugin does not attempt to exploit the vulnerabilities but, instead relies only on PHP's self-reported
version number.
See Also
http://www.nessus.org/u?2dcf53bd
http://www.nessus.org/u?889595b1
http://www.php.net/ChangeLog-5.php#5.3.22
Solution
Risk Factor
High
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 (CVSS2#E:U/RL:OF/RC:C)
References
BID 58224
BID 58766
192.168.56.103 41
CVE CVE-2013-1635
CVE CVE-2013-1643
192.168.56.103 42
66584 - PHP 5.3.x < 5.3.23 Multiple Vulnerabilities
Synopsis
The remote web server uses a version of PHP that is potentially affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.23. It is, therefore,
potentially affected by multiple vulnerabilities:
Note that this plugin does not attempt to exploit the vulnerability, but instead relies only on PHP's self-reported
version number.
See Also
http://www.nessus.org/u?7c770707
http://www.php.net/ChangeLog-5.php#5.3.23
Solution
Risk Factor
High
7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 (CVSS:3.0/E:U/RL:O/RC:C)
192.168.56.103 43
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 (CVSS2#E:U/RL:OF/RC:C)
References
BID 58224
BID 58766
BID 62373
CVE CVE-2013-1635
CVE CVE-2013-1643
CVE CVE-2013-1824
192.168.56.103 44
71426 - PHP 5.3.x < 5.3.28 Multiple OpenSSL Vulnerabilities
Synopsis
The remote web server uses a version of PHP that is potentially affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP installed on the remote host is 5.3.x prior to 5.3.28. It is, therefore,
potentially affected by the following vulnerabilities :
- A flaw exists in the PHP OpenSSL extension's hostname identity check when handling certificates that contain
hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks
to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted
certificate signed by an authority that the client trusts. (CVE-2013-4073, CVE-2013-4248)
- A memory corruption flaw exists in the way the openssl_x509_parse() function of the PHP OpenSSL extension
parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious, self-signed certificate or a
certificate signed by a trusted authority to a PHP application using the aforementioned function. This could cause
the application to crash or possibly allow the attacker to execute arbitrary code with the privileges of the user
running the PHP interpreter. (CVE-2013-6420)
Note that this plugin does not attempt to exploit these vulnerabilities, but instead relies only on PHP's self-
reported version number.
See Also
https://seclists.org/fulldisclosure/2013/Dec/96
https://bugzilla.redhat.com/show_bug.cgi?id=1036830
http://www.nessus.org/u?b6ec9ef9
http://www.php.net/ChangeLog-5.php#5.3.28
Solution
Risk Factor
High
7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.6 (CVSS:3.0/E:P/RL:O/RC:C)
192.168.56.103 45
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 60843
BID 61776
BID 64225
CVE CVE-2013-4073
CVE CVE-2013-4248
CVE CVE-2013-6420
XREF EDB-ID:30395
192.168.56.103 46
77285 - PHP 5.3.x < 5.3.29 Multiple Vulnerabilities
Synopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP installed on the remote host is 5.3.x prior to 5.3.29. It is, therefore,
affected by the following vulnerabilities :
- A heap-based buffer overflow error exists in the file 'ext/date/lib/parse_iso_intervals.c' related to handling
DateInterval objects that allows denial of service attacks. (CVE-2013-6712)
- A boundary checking error exists related to the Fileinfo extension, Composite Document Format (CDF)
handling, and the function 'cdf_read_short_sector'. (CVE-2014-0207)
- A type-confusion error exists related to the Standard PHP Library (SPL) extension and the function
'unserialize'. (CVE-2014-3515)
- An error exists related to configuration scripts and temporary file handling that could allow insecure file usage.
(CVE-2014-3981)
- A heap-based buffer overflow error exists related to the function 'dns_get_record' that could allow execution of
arbitrary code. (CVE-2014-4049)
Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application's self-
reported version number.
Additionally, note that version 5.3.29 marks the end of support for the PHP 5.3.x branch.
See Also
http://php.net/archive/2014.php#id2014-08-14-1
http://www.php.net/ChangeLog-5.php#5.3.29
Solution
Risk Factor
192.168.56.103 47
High
7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 (CVSS:3.0/E:U/RL:O/RC:C)
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 (CVSS2#E:U/RL:OF/RC:C)
References
BID 64018
BID 67759
BID 67765
BID 67837
BID 68007
BID 68120
BID 68237
BID 68238
BID 68239
BID 68241
BID 68243
BID 68423
BID 69271
BID 73385
CVE CVE-2013-6712
CVE CVE-2014-0207
CVE CVE-2014-0237
CVE CVE-2014-0238
CVE CVE-2014-3478
CVE CVE-2014-3479
CVE CVE-2014-3480
CVE CVE-2014-3487
CVE CVE-2014-3515
CVE CVE-2014-3981
CVE CVE-2014-4049
CVE CVE-2014-4721
192.168.56.103 48
58966 - PHP < 5.3.11 Multiple Vulnerabilities
Synopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP installed on the remote host is earlier than 5.3.11, and as such is
potentially affected by multiple vulnerabilities :
- During the import of environment variables, temporary changes to the 'magic_quotes_gpc' directive are not
handled properly. This can lower the difficulty for SQL injection attacks. (CVE-2012-0831)
- The '$_FILES' variable can be corrupted because the names of uploaded files are not properly validated.
(CVE-2012-1172)
- The 'open_basedir' directive is not properly handled by the functions 'readline_write_history' and
'readline_read_history'.
- The 'header()' function does not detect multi-line headers with a CR. (Bug #60227 / CVE-2011-1398)
See Also
http://www.nessus.org/u?e81d4026
https://bugs.php.net/bug.php?id=61043
https://bugs.php.net/bug.php?id=54374
https://bugs.php.net/bug.php?id=60227
https://marc.info/?l=oss-security&m=134626481806571&w=2
http://www.php.net/archive/2012.php#id2012-04-26-1
http://www.php.net/ChangeLog-5.php#5.3.11
Solution
Risk Factor
High
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 (CVSS2#E:POC/RL:OF/RC:C)
192.168.56.103 49
References
BID 51954
BID 53403
BID 55297
CVE CVE-2011-1398
CVE CVE-2012-0831
CVE CVE-2012-1172
192.168.56.103 50
58988 - PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution
Synopsis
The remote web server uses a version of PHP that is affected by a remote code execution vulnerability.
Description
According to its banner, the version of PHP installed on the remote host is earlier than 5.3.12 / 5.4.2, and as
such is potentially affected by a remote code execution and information disclosure vulnerability.
An error in the file 'sapi/cgi/cgi_main.c' can allow a remote attacker to obtain PHP source code from the web
server or to potentially execute arbitrary code. In vulnerable configurations, PHP treats certain query string
parameters as command line arguments including switches such as '-s', '-d', and '-c'.
Note that this vulnerability is exploitable only when PHP is used in CGI-based configurations. Apache with
'mod_php' is not an exploitable configuration.
See Also
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
https://bugs.php.net/bug.php?id=61910
http://www.php.net/archive/2012.php#id2012-05-03-1
http://www.php.net/ChangeLog-5.php#5.3.12
http://www.php.net/ChangeLog-5.php#5.4.2
Solution
Risk Factor
High
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 (CVSS2#E:H/RL:OF/RC:C)
References
BID 53388
CVE CVE-2012-1823
XREF CERT:520827
192.168.56.103 51
Exploitable With
192.168.56.103 52
41028 - SNMP Agent Default Community Name (public)
Synopsis
Description
It is possible to obtain the default community name of the remote SNMP server.
An attacker may use this information to gain more knowledge about the remote host, or to change the
configuration of the remote system (if the default community allows such modifications).
Solution
Disable the SNMP service on the remote host if you do not use it.
Either filter incoming UDP packets going to this port, or change the default community string.
Risk Factor
High
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 (CVSS2#E:U/RL:OF/RC:C)
References
BID 2112
CVE CVE-1999-0517
192.168.56.103 53
34460 - Unsupported Web Server Detection
Synopsis
Description
According to its version, the remote web server is obsolete and no longer maintained by its vendor or provider.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it
may contain security vulnerabilities.
Solution
Remove the service if it is no longer needed. Otherwise, upgrade to a newer version if possible or switch to
another server.
Risk Factor
High
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
192.168.56.103 54
34460 - Unsupported Web Server Detection
Synopsis
Description
According to its version, the remote web server is obsolete and no longer maintained by its vendor or provider.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it
may contain security vulnerabilities.
Solution
Remove the service if it is no longer needed. Otherwise, upgrade to a newer version if possible or switch to
another server.
Risk Factor
High
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
192.168.56.103 55
10836 - AgoraCart agora.cgi cart_id Parameter XSS
Synopsis
The remote web server contains a CGI that is vulnerable to a cross-site scripting issue.
Description
Agora is a CGI-based, e-commerce package. Due to poor input validation, Agora allows an attacker to execute
cross-site scripting attacks.
Solution
Risk Factor
Medium
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 (CVSS2#E:H/RL:OF/RC:C)
References
BID 3702
CVE CVE-2001-1199
XREF CWE:20
XREF CWE:74
XREF CWE:79
XREF CWE:442
XREF CWE:629
XREF CWE:711
XREF CWE:712
XREF CWE:722
XREF CWE:725
XREF CWE:750
XREF CWE:751
XREF CWE:800
XREF CWE:801
XREF CWE:809
XREF CWE:811
192.168.56.103 56
XREF CWE:864
XREF CWE:900
XREF CWE:928
XREF CWE:931
XREF CWE:990
192.168.56.103 57
57791 - Apache 2.2.x < 2.2.22 Multiple Vulnerabilities
Synopsis
Description
According to its banner, the version of Apache 2.2.x installed on the remote host is prior to 2.2.22. It is, therefore,
potentially affected by the following vulnerabilities :
- When configured as a reverse proxy, improper use of the RewriteRule and ProxyPassMatch directives could
cause the web server to proxy requests to arbitrary hosts.
This could allow a remote attacker to indirectly send requests to intranet servers.
(CVE-2011-3368, CVE-2011-4317)
- A heap-based buffer overflow exists when mod_setenvif module is enabled and both a maliciously crafted
'SetEnvIf' directive and a maliciously crafted HTTP request header are used. (CVE-2011-3607)
- A format string handling error can allow the server to be crashed via maliciously crafted cookies.
(CVE-2012-0021)
- An error exists in 'scoreboard.c' that can allow local attackers to crash the server during shutdown.
(CVE-2012-0031)
- An error exists in 'protocol.c' that can allow 'HTTPOnly' cookies to be exposed to attackers through the
malicious use of either long or malformed HTTP headers. (CVE-2012-0053)
- An error in the mod_proxy_ajp module when used to connect to a backend server that takes an overly long
time to respond could lead to a temporary denial of service. (CVE-2012-4557)
Note that Nessus did not actually test for these flaws, but instead has relied on the version in the server's
banner.
See Also
https://archive.apache.org/dist/httpd/CHANGES_2.2.22
http://httpd.apache.org/security/vulnerabilities_22.html
Solution
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
192.168.56.103 58
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:P/RL:O/RC:C)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 49957
BID 50494
BID 50802
BID 51407
BID 51705
BID 51706
BID 56753
CVE CVE-2011-3368
CVE CVE-2011-3607
CVE CVE-2011-4317
CVE CVE-2012-0021
CVE CVE-2012-0031
CVE CVE-2012-0053
CVE CVE-2012-4557
192.168.56.103 59
62101 - Apache 2.2.x < 2.2.23 Multiple Vulnerabilities
Synopsis
Description
According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.23. It is, therefore,
potentially affected by the following vulnerabilities :
- The utility 'apachectl' can receive a zero-length directory name in the LD_LIBRARY_PATH via the 'envvars'
file. A local attacker with access to that utility could exploit this to load a malicious Dynamic Shared Object
(DSO), leading to arbitrary code execution.
(CVE-2012-0883)
- An input validation error exists related to 'mod_negotiation', 'Multiviews' and untrusted uploads that can allow
cross-site scripting attacks.
(CVE-2012-2687)
Note that Nessus has not tested for these flaws but has instead relied on the version in the server's banner.
See Also
https://archive.apache.org/dist/httpd/CHANGES_2.2.23
http://httpd.apache.org/security/vulnerabilities_22.html
Solution
Risk Factor
Medium
7.0 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.1 (CVSS:3.0/E:U/RL:O/RC:C)
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
192.168.56.103 60
5.1 (CVSS2#E:U/RL:OF/RC:C)
References
BID 53046
BID 55131
CVE CVE-2012-0883
CVE CVE-2012-2687
XREF CWE:20
XREF CWE:74
XREF CWE:79
XREF CWE:442
XREF CWE:629
XREF CWE:711
XREF CWE:712
XREF CWE:722
XREF CWE:725
XREF CWE:750
XREF CWE:751
XREF CWE:800
XREF CWE:801
XREF CWE:809
XREF CWE:811
XREF CWE:864
XREF CWE:900
XREF CWE:928
XREF CWE:931
XREF CWE:990
192.168.56.103 61
64912 - Apache 2.2.x < 2.2.24 Multiple XSS Vulnerabilities
Synopsis
Description
According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.24. It is, therefore,
potentially affected by the following cross-site scripting vulnerabilities :
- Errors exist related to the modules mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp and
unescaped hostnames and URIs that could allow cross- site scripting attacks. (CVE-2012-3499)
- An error exists related to the mod_proxy_balancer module's manager interface that could allow cross-site
scripting attacks. (CVE-2012-4558)
Note that Nessus did not actually test for these issues, but instead has relied on the version in the server's
banner.
See Also
https://archive.apache.org/dist/httpd/CHANGES_2.2.24
http://httpd.apache.org/security/vulnerabilities_22.html
Solution
Upgrade to Apache version 2.2.24 or later. Alternatively, ensure that the affected modules are not in use.
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 (CVSS2#E:U/RL:OF/RC:C)
192.168.56.103 62
References
BID 58165
CVE CVE-2012-3499
CVE CVE-2012-4558
XREF CWE:20
XREF CWE:74
XREF CWE:79
XREF CWE:442
XREF CWE:629
XREF CWE:711
XREF CWE:712
XREF CWE:722
XREF CWE:725
XREF CWE:750
XREF CWE:751
XREF CWE:800
XREF CWE:801
XREF CWE:809
XREF CWE:811
XREF CWE:864
XREF CWE:900
XREF CWE:928
XREF CWE:931
XREF CWE:990
192.168.56.103 63
68915 - Apache 2.2.x < 2.2.25 Multiple Vulnerabilities
Synopsis
The remote web server may be affected by multiple cross-site scripting vulnerabilities.
Description
According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.25. It is, therefore,
potentially affected by the following vulnerabilities :
- A flaw exists in the 'RewriteLog' function where it fails to sanitize escape sequences from being written to log
files, making it potentially vulnerable to arbitrary command execution. (CVE-2013-1862)
- A denial of service vulnerability exists relating to the 'mod_dav' module as it relates to MERGE requests.
(CVE-2013-1896)
Note that Nessus did not actually test for these issues, but instead has relied on the version in the server's
banner.
See Also
https://archive.apache.org/dist/httpd/CHANGES_2.2.25
http://httpd.apache.org/security/vulnerabilities_22.html
http://www.nessus.org/u?f050c342
Solution
Upgrade to Apache version 2.2.25 or later. Alternatively, ensure that the affected modules are not in use.
Risk Factor
Medium
5.6 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
4.9 (CVSS:3.0/E:U/RL:O/RC:C)
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 (CVSS2#E:U/RL:OF/RC:C)
192.168.56.103 64
References
BID 59826
BID 61129
CVE CVE-2013-1862
CVE CVE-2013-1896
192.168.56.103 65
73405 - Apache 2.2.x < 2.2.27 Multiple Vulnerabilities
Synopsis
Description
According to its banner, the version of Apache 2.2.x running on the remote host is a version prior to 2.2.27. It is,
therefore, potentially affected by the following vulnerabilities :
- A flaw exists with the 'mod_dav' module that is caused when tracking the length of CDATA that has leading
white space. A remote attacker with a specially crafted DAV WRITE request can cause the service to stop
responding.
(CVE-2013-6438)
- A flaw exists in 'mod_log_config' module that is caused when logging a cookie that has an unassigned value. A
remote attacker with a specially crafted request can cause the service to crash. (CVE-2014-0098)
Note that Nessus did not actually test for these issues, but instead has relied on the version in the server's
banner.
See Also
https://archive.apache.org/dist/httpd/CHANGES_2.2.27
http://httpd.apache.org/security/vulnerabilities_22.html
Solution
Upgrade to Apache version 2.2.27 or later. Alternatively, ensure that the affected modules are not in use.
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
192.168.56.103 66
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 66303
CVE CVE-2013-6438
CVE CVE-2014-0098
192.168.56.103 67
96450 - Apache 2.2.x < 2.2.32 Multiple Vulnerabilities (httpoxy)
Synopsis
Description
According to its banner, the version of Apache running on the remote host is 2.2.x prior to 2.2.32. It is, therefore,
affected by the following vulnerabilities :
- The Apache HTTP Server is affected by a man-in-the-middle vulnerability known as 'httpoxy' due to a failure
to properly resolve namespace conflicts in accordance with RFC 3875 section 4.1.18. The HTTP_PROXY
environment variable is set based on untrusted user data in the 'Proxy' header of HTTP requests. The
HTTP_PROXY environment variable is used by some web client libraries to specify a remote proxy server. An
unauthenticated, remote attacker can exploit this, via a crafted 'Proxy' header in an HTTP request, to redirect an
application's internal HTTP traffic to an arbitrary proxy server where it may be observed or manipulated.
(CVE-2016-5387)
- A flaw exists due to improper handling of whitespace patterns in user-agent headers. An unauthenticated,
remote attacker can exploit this, via a specially crafted user-agent header, to cause the program to incorrectly
process sequences of requests, resulting in interpreting responses incorrectly, polluting the cache, or disclosing
the content from one request to a second downstream user-agent. (CVE-2016-8743)
- A CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir (CVE-2016-4975)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.
See Also
https://httpd.apache.org/dev/dist/Announcement2.2.html
http://httpd.apache.org/security/vulnerabilities_22.html
https://github.com/apache/httpd/blob/2.2.x/CHANGES
https://www.apache.org/security/asf-httpoxy-response.txt
https://httpoxy.org
Solution
Note that the 'httpoxy' vulnerability can be mitigated by applying the workarounds or patches as referenced in the
vendor advisory asf-httpoxy-response.txt.
Risk Factor
Medium
192.168.56.103 68
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 (CVSS:3.0/E:U/RL:O/RC:C)
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 (CVSS2#E:U/RL:OF/RC:C)
References
BID 91816
BID 95077
BID 105093
CVE CVE-2016-4975
CVE CVE-2016-5387
CVE CVE-2016-8743
XREF CERT:797896
192.168.56.103 69
57792 - Apache HTTP Server httpOnly Cookie Information Disclosure
Synopsis
The web server running on the remote host is affected by an information disclosure vulnerability.
Description
The version of Apache HTTP Server running on the remote host is affected by an information disclosure
vulnerability. Sending a request with HTTP headers long enough to exceed the server limit causes the web
server to respond with an HTTP 400. By default, the offending HTTP header and value are displayed on the
400 error page. When used in conjunction with other attacks (e.g., cross-site scripting), this could result in the
compromise of httpOnly cookies.
See Also
http://fd.the-wildcat.de/apache_e36a9cf46c.php
http://www.nessus.org/u?e005199a
http://httpd.apache.org/security/vulnerabilities_22.html
http://svn.apache.org/viewvc?view=revision&revision=1235454
Solution
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.8 (CVSS:3.0/E:P/RL:O/RC:C)
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.4 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 51706
192.168.56.103 70
CVE CVE-2012-0053
XREF EDB-ID:18442
192.168.56.103 71
88098 - Apache Server ETag Header Information Disclosure
Synopsis
Description
The remote web server is affected by an information disclosure vulnerability due to the ETag header providing
sensitive information that could aid an attacker, such as the inode number of requested files.
See Also
http://httpd.apache.org/docs/2.2/mod/core.html#FileETag
Solution
Modify the HTTP ETag header of the web server to not include file inodes in the ETag header calculation. Refer
to the linked Apache documentation for more information.
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 6939
CVE CVE-2003-1418
XREF CWE:200
192.168.56.103 72
106232 - Apache ServerTokens Information Disclosure
Synopsis
Description
The HTTP headers sent by the remote web server disclose information that can aid an attacker, such as the
server version, operating system, and module versions.
See Also
https://www.owasp.org/index.php/SCG_WS_Apache
Solution
Risk Factor
Medium
192.168.56.103 73
96003 - Apache Tomcat 6.0.16 < 6.0.50 / 7.0.x < 7.0.75 / 8.0.x < 8.0.41 / 8.5.x < 8.5.9 / 9.0.x < 9.0.0.M15
NIO HTTP Connector Information Disclosure
Synopsis
Description
According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.16
prior to 6.0.50, 7.0.x prior to 7.0.75, 8.0.x prior to 8.0.41, 8.5.x prior to 8.5.9, or 9.0.x prior to 9.0.0.M15. It is
therefore, affected by an information disclosure vulnerability in error handling during send file processing by the
NIO HTTP connector, in which an error can cause the current Processor object to be added to the Processor
cache multiple times. This allows the same Processor to be used for concurrent requests. An unauthenticated,
remote attacker can exploit this issue, via a shared Processor, to disclose sensitive information, such as session
IDs, response bodies related to another request, etc.
Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-
reported version number.
See Also
http://www.nessus.org/u?3a06fd01
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.41
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.75
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.50
Solution
Upgrade to Apache Tomcat version 6.0.50 / 7.0.75 / 8.0.41 / 8.5.9 / 9.0.0.M15 or later. For the 6.0.x version
branch, the vulnerability was fixed in 6.0.49; however, that release candidate was not approved, and 6.0.50 is
still pending release.
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
192.168.56.103 74
CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 94828
CVE CVE-2016-8745
192.168.56.103 75
94578 - Apache Tomcat 6.0.x < 6.0.47 / 7.0.x < 7.0.72 / 8.0.x < 8.0.37 / 8.5.x < 8.5.5 / 9.0.x < 9.0.0.M10
Multiple Vulnerabilities
Synopsis
Description
According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x
prior to 6.0.47, 7.0.x prior to 7.0.72, 8.0.x prior to 8.0.37, 8.5.x prior to 8.5.5 or 9.0.x prior to 9.0.0.M10. It is,
therefore, affected by multiple vulnerabilities :
- An information disclosure vulnerability exists due to a failure to process passwords when paired with a non-
existent username. An unauthenticated, remote attacker can exploit this, via a timing attack, to enumerate user
account names. (CVE-2016-0762)
- A security bypass vulnerability exists that allows a local attacker to bypass a configured SecurityManager via a
utility method that is accessible to web applications. (CVE-2016-5018)
- An information disclosure vulnerability exists in the SecurityManager component due to a failure to properly
restrict access to system properties for the configuration files system property replacement feature.
An attacker can exploit this, via a specially crafted web application, to bypass SecurityManager restrictions and
disclose system properties. (CVE-2016-6794)
- A security bypass vulnerability exists that allows a local attacker to bypass a configured SecurityManager by
changing the configuration parameters for a JSP servlet.
(CVE-2016-6796)
- A security bypass vulnerability exists due to a failure to limit web application access to global JNDI resources.
A local attacker can exploit this to gain unauthorized access to resources. (CVE-2016-6797)
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-
reported version number.
See Also
http://www.nessus.org/u?5c3fa418
http://www.nessus.org/u?be50738a
http://www.nessus.org/u?47795ca8
http://www.nessus.org/u?afe6a582
Solution
Upgrade to Apache Tomcat version 6.0.47 / 7.0.72 / 8.0.37 / 8.5.5 / 9.0.0.M10 or later. Note that versions 6.0.46
and 7.0.71 also resolve the vulnerabilities; however, these versions were never officially released by the vendor.
Risk Factor
Medium
192.168.56.103 76
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 93939
BID 93940
BID 93942
BID 93943
BID 93944
CVE CVE-2016-0762
CVE CVE-2016-5018
CVE CVE-2016-6794
CVE CVE-2016-6796
CVE CVE-2016-6797
192.168.56.103 77
99367 - Apache Tomcat 6.0.x < 6.0.53 / 7.0.x < 7.0.77 / 8.0.x < 8.0.43 Pipelined Requests Information
Disclosure
Synopsis
Description
According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x
prior to 6.0.53, 7.0.x prior to 7.0.77, or 8.0.x prior to 8.0.43. It is therefore, affected by a flaw in the handling
of pipelined requests when send file processing is used that results in the pipelined request being lost when
processing of the previous request has completed, causing responses to be sent for the wrong request. An
unauthenticated, remote attacker can exploit this to disclose sensitive information.
Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-
reported version number.
See Also
https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.53
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.77
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.43
Solution
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
192.168.56.103 78
References
BID 97529
CVE CVE-2017-5647
192.168.56.103 79
121120 - Apache Tomcat 7.0.x < 7.0.76 / 8.0.x < 8.0.42 / 8.5.x < 8.5.12 / 9.0.x < 9.0.0.M18 Improper
Access Control
Synopsis
The remote Apache Tomcat server is affected by an improper access control vulnerability.
Description
According to its self-reported version number, the Apache Tomcat instance listening on the remote host is
7.0.x prior to 7.0.76, 8.0.x < 8.0.42, 8.5.x < 8.5.12 or 9.0.x < 9.0.0.M18. It is, therefore, affected by the following
vulnerability:
- An improper access control vulnerability exists when calls to application listeners do not use the appropriate
facade object. This allows untrusted applications to potentially access and modify information associated with
other web applications.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.
See Also
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.76
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.42
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.12
http://www.nessus.org/u?3f871212
Solution
Risk Factor
Medium
9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
References
CVE CVE-2017-5648
192.168.56.103 80
100681 - Apache Tomcat 7.0.x < 7.0.78 / 8.0.x < 8.0.44 / 8.5.x < 8.5.15 / 9.0.x < 9.0.0.M21 Remote Error
Page Manipulation
Synopsis
The remote Apache Tomcat server is affected by a remote error page manipulation vulnerability.
Description
According to its self-reported version number, the Apache Tomcat service running on the remote host is 7.0.x
prior to 7.0.78, 8.0.x prior to 8.0.44, 8.5.x prior to 8.5.15, or 9.0.x prior to 9.0.0.M21.
It is, therefore, affected by an implementation flaw in the error page reporting mechanism in which it does not
conform to the Java Servlet Specification that requires static error pages to be processed as an HTTP GET
request nothwithstanding the HTTP request method that was originally used when the error occurred. Depending
on the original request and the configuration of the Default Servlet, an unauthenticated, remote attacker can
exploit this issue to replace or remove custom error pages.
Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-
reported version number.
See Also
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.78
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.44
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.15
http://www.nessus.org/u?a774a43b
Solution
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
192.168.56.103 81
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 98888
CVE CVE-2017-5664
192.168.56.103 82
102588 - Apache Tomcat 8.0.0.RC1 < 8.0.45 Cache Poisoning
Synopsis
Description
The version of Apache Tomcat installed on the remote host is 8.0.0.RC1 or later but prior to 8.0.45. It is,
therefore, affected by a flaw in the CORS filter where the HTTP Vary header is not properly added. This allows a
remote attacker to conduct client-side and server-side cache poisoning attacks.
Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-
reported version number.
See Also
http://www.nessus.org/u?7318cfac
Solution
Risk Factor
Medium
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.2 (CVSS:3.0/E:U/RL:O/RC:C)
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
BID 100280
CVE CVE-2017-7674
192.168.56.103 83
106976 - Apache Tomcat 8.0.0.RC1 < 8.0.50 Security Constraint Weakness
Synopsis
The remote Apache Tomcat server is affected by a flaw in the Security Constraints.
Description
The version of Apache Tomcat installed on the remote host is 8.0.x prior to 8.0.50. It is, therefore, affected by a
security constraints flaw which could expose resources to unauthorized users.
See Also
http://www.nessus.org/u?d6e5f446
Solution
Risk Factor
Medium
3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
3.2 (CVSS:3.0/E:U/RL:O/RC:C)
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2018-1304
CVE CVE-2018-1305
192.168.56.103 84
121124 - Apache Tomcat 8.0.x < 8.0.52 / 8.5.x < 8.5.31 / 9.0.x < 9.0.8 Denial of Service
Synopsis
Description
According to its self-reported version number, the Apache Tomcat instance listening on the remote host is 8.0.x
< 8.0.52, 8.5.x < 8.5.31 or 9.0.x < 9.0.8. It is, therefore, affected by the following vulnerability:
- A denial of service (DoS) vulnerability exists in Tomcat due to improper overflow handling in the UTF-8
decoder. An unauthenticated, remote attacker can exploit this issue to cause an infinite loop in the decoder,
leading to a denial of service condition.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.
See Also
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.52
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.31
http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.8
Solution
Risk Factor
Medium
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
References
CVE CVE-2018-1336
192.168.56.103 85
12085 - Apache Tomcat Default Files
Synopsis
Description
The default error page, default index page, example JSPs and/or example servlets are installed on the remote
Apache Tomcat server. These files should be removed as they may help an attacker uncover information about
the remote Tomcat install or host itself.
See Also
http://www.nessus.org/u?4cb3b4dd
https://www.owasp.org/index.php/Securing_tomcat
Solution
Delete the default index page and remove the example JSP and servlets. Follow the Tomcat or OWASP
instructions to replace or modify the default error page.
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
192.168.56.103 86
35450 - DNS Server Spoofed Request Amplification DDoS
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone
('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote
attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the
remote DNS server.
See Also
https://isc.sans.edu/diary/DNS+queries+for+/5713
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2006-0987
192.168.56.103 87
101025 - Elasticsearch Unrestricted Access Information Disclosure
Synopsis
The search engine running on the remote web server is affected by an information disclosure vulnerability.
Description
The Elasticsearch application running on the remote web server is affected by an information disclosure
vulnerability due to a failure to restrict resources via authentication. An unauthenticated, remote attacker can
exploit this to disclose sensitive information from the database.
See Also
http://www.nessus.org/u?d055e692
http://www.nessus.org/u?b80612a1
Solution
Enable native user authentication or integrate with an external user management system such as LDAP and
Active Directory.
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
192.168.56.103 88
11213 - HTTP TRACE / TRACK Methods Allowed
Synopsis
Description
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods
that are used to debug web server connections.
See Also
https://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
http://www.apacheweek.com/issues/03-01-24
https://download.oracle.com/sunalerts/1000718.1.html
Solution
Disable these methods. Refer to the plugin output for more information.
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 9506
BID 9561
BID 11604
BID 33374
192.168.56.103 89
BID 37995
CVE CVE-2003-1567
CVE CVE-2004-2320
CVE CVE-2010-0386
XREF CERT:288308
XREF CERT:867593
XREF CWE:16
XREF CWE:200
192.168.56.103 90
90510 - MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock)
(uncredentialed check)
Synopsis
Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Security Account Manager
(SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level
negotiation over Remote Procedure Call (RPC) channels. A man-in-the-middle attacker able to intercept
communications between a client and a server hosting a SAM database can exploit this to force the
authentication level to downgrade, allowing the attacker to impersonate an authenticated user and access the
SAM database.
See Also
http://www.nessus.org/u?52ade1e9
http://badlock.org/
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.
Risk Factor
Medium
6.8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)
5.9 (CVSS:3.0/E:U/RL:O/RC:C)
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
192.168.56.103 91
References
BID 86002
CVE CVE-2016-0128
MSKB 3148527
MSKB 3149090
MSKB 3147461
MSKB 3147458
XREF MSFT:MS16-047
XREF CERT:813296
XREF IAVA:2016-A-0093
192.168.56.103 92
90510 - MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock)
(uncredentialed check)
Synopsis
Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Security Account Manager
(SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level
negotiation over Remote Procedure Call (RPC) channels. A man-in-the-middle attacker able to intercept
communications between a client and a server hosting a SAM database can exploit this to force the
authentication level to downgrade, allowing the attacker to impersonate an authenticated user and access the
SAM database.
See Also
http://www.nessus.org/u?52ade1e9
http://badlock.org/
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and
10.
Risk Factor
Medium
6.8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)
5.9 (CVSS:3.0/E:U/RL:O/RC:C)
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
192.168.56.103 93
References
BID 86002
CVE CVE-2016-0128
MSKB 3148527
MSKB 3149090
MSKB 3147461
MSKB 3147458
XREF MSFT:MS16-047
XREF CERT:813296
XREF IAVA:2016-A-0093
192.168.56.103 94
110192 - Oracle GlassFish Server Path Traversal
Synopsis
Description
The instance of Oracle GlassFish Server running on the remote host is affected by an authenticated and
unauthenticated path traversal vulnerability. Remote attacker can exploit this issue, via a specially crafted HTTP
request, to access arbitrary files on the remote host.
See Also
http://www.nessus.org/u?159578ad
Solution
Risk Factor
Medium
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
7.2 (CVSS:3.0/E:F/RL:U/RC:X)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.8 (CVSS2#E:F/RL:U/RC:ND)
References
CVE CVE-2017-1000028
XREF EDB-ID:39441
192.168.56.103 95
63621 - PHP 5.3.x < 5.3.21 cURL X.509 Certificate Domain Name Matching MiTM Weakness
Synopsis
The remote web server uses a version of PHP that is potentially vulnerable to man-in-the-middle attacks.
Description
According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.21. It is, therefore,
potentially affected by a weakness in the cURL extension that can allow SSL spoofing and man-in-the-middle
attacks.
When attempting to validate a certificate, the cURL library (libcurl) fails to verify that a server hostname matches
a domain name in an X.509 certificate's 'Subject Common Name' (CN) or 'SubjectAltName'.
Note that this plugin does not attempt to verify whether the PHP install has been built with the cURL extention,
but instead relies only on PHP's self-reported version number.
See Also
http://www.php.net/ChangeLog-5.php#5.3.21
https://bugs.php.net/bug.php?id=63352
https://bugs.php.net/bug.php?id=63795
Solution
Risk Factor
Medium
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
192.168.56.103 96
66842 - PHP 5.3.x < 5.3.26 Multiple Vulnerabilities
Synopsis
The remote web server uses a version of PHP that is potentially affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.26. It is, therefore,
potentially affected by the following vulnerabilities:
- An integer overflow error exists related to the value of 'JEWISH_SDN_MAX' in the file 'ext/calendar/jewish.c'
that could allow denial of service attacks. (Bug #64895)
Note that this plugin does not attempt to exploit these vulnerabilities, but instead relies only on PHP's self-
reported version number.
See Also
http://www.nessus.org/u?60cbc5f0
http://www.nessus.org/u?8456482e
http://www.php.net/ChangeLog-5.php#5.3.26
Solution
Risk Factor
Medium
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 60411
BID 60731
CVE CVE-2013-2110
192.168.56.103 97
CVE CVE-2013-4635
192.168.56.103 98
67259 - PHP 5.3.x < 5.3.27 Multiple Vulnerabilities
Synopsis
The remote web server uses a version of PHP that is potentially affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.27. It is, therefore,
potentially affected by the following vulnerabilities:
- A heap corruption error exists in numerous functions in the file 'ext/xml/xml.c'. (CVE-2013-4113 / Bug #65236)
Note that this plugin does not attempt to exploit these vulnerabilities, but instead relies only on PHP's self-
reported version number.
See Also
https://bugs.php.net/bug.php?id=64949
https://bugs.php.net/bug.php?id=65236
http://www.php.net/ChangeLog-5.php#5.3.27
Solution
Risk Factor
Medium
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 (CVSS2#E:U/RL:OF/RC:C)
References
BID 61128
CVE CVE-2013-4113
192.168.56.103 99
73289 - PHP PHP_RSHUTDOWN_FUNCTION Security Bypass
Synopsis
The remote web server uses a version of PHP that is potentially affected by a security bypass vulnerability.
Description
According to its banner, the version of PHP 5.x installed on the remote host is 5.x prior to 5.3.11 or 5.4.x prior to
5.4.1 and thus, is potentially affected by a security bypass vulnerability.
An error exists related to the function 'PHP_RSHUTDOWN_FUNCTION' in the libxml extension and the
'stream_close' method that could allow a remote attacker to bypass 'open_basedir' protections and obtain
sensitive information.
Note that this plugin has not attempted to exploit this issue, but has instead relied only on PHP's self-reported
version number.
See Also
http://www.nessus.org/u?bcc428c2
https://bugs.php.net/bug.php?id=61367
Solution
Risk Factor
Medium
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 65673
CVE CVE-2012-1171
192.168.56.103 100
94437 - SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
Synopsis
Description
The remote host supports the use of a block cipher with 64-bit blocks in one or more cipher suites. It is,
therefore, affected by a vulnerability, known as SWEET32, due to the use of weak 64-bit block ciphers. A man-
in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect
a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the
secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session.
Proof-of-concepts have shown that attackers can recover authentication cookies from an HTTPS session in as
little as 30 hours.
Note that the ability to send a large number of requests over the same TLS connection between the client and
server is an important requirement for carrying out this attack. If the number of requests allowed for a single
connection were limited, this would mitigate the vulnerability. This plugin requires report paranoia as Nessus has
not checked for such a mitigation.
See Also
https://sweet32.info
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
Solution
Reconfigure the affected application, if possible, to avoid use of all 64-bit block ciphers. Alternatively, place
limitations on the number of requests that are allowed to be processed over the same TLS connection to mitigate
this vulnerability.
Risk Factor
Medium
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
192.168.56.103 101
CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 92630
BID 92631
CVE CVE-2016-2183
CVE CVE-2016-6329
192.168.56.103 102
94437 - SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
Synopsis
Description
The remote host supports the use of a block cipher with 64-bit blocks in one or more cipher suites. It is,
therefore, affected by a vulnerability, known as SWEET32, due to the use of weak 64-bit block ciphers. A man-
in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect
a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the
secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session.
Proof-of-concepts have shown that attackers can recover authentication cookies from an HTTPS session in as
little as 30 hours.
Note that the ability to send a large number of requests over the same TLS connection between the client and
server is an important requirement for carrying out this attack. If the number of requests allowed for a single
connection were limited, this would mitigate the vulnerability. This plugin requires report paranoia as Nessus has
not checked for such a mitigation.
See Also
https://sweet32.info
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
Solution
Reconfigure the affected application, if possible, to avoid use of all 64-bit block ciphers. Alternatively, place
limitations on the number of requests that are allowed to be processed over the same TLS connection to mitigate
this vulnerability.
Risk Factor
Medium
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
192.168.56.103 103
CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 92630
BID 92631
CVE CVE-2016-2183
CVE CVE-2016-6329
192.168.56.103 104
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the
chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate
authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when
intermediate certificates are missing that would connect the top of the certificate chain to a known public
certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur
either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's
'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could
not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its
issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that
Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify
the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks
against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
192.168.56.103 105
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the
chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate
authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when
intermediate certificates are missing that would connect the top of the certificate chain to a known public
certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur
either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's
'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could
not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its
issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that
Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify
the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks
against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
192.168.56.103 106
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the
chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate
authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when
intermediate certificates are missing that would connect the top of the certificate chain to a known public
certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur
either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's
'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could
not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its
issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that
Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify
the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks
against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
192.168.56.103 107
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the
chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate
authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when
intermediate certificates are missing that would connect the top of the certificate chain to a known public
certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur
either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's
'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could
not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its
issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that
Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify
the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks
against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
192.168.56.103 108
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the
chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate
authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when
intermediate certificates are missing that would connect the top of the certificate chain to a known public
certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur
either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's
'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could
not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its
issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that
Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify
the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks
against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
192.168.56.103 109
51192 - SSL Certificate Cannot Be Trusted
Synopsis
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the
chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate
authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when
intermediate certificates are missing that would connect the top of the certificate chain to a known public
certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur
either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's
'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could
not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its
issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that
Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify
the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks
against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
192.168.56.103 110
35291 - SSL Certificate Signed Using Weak Hashing Algorithm
Synopsis
An SSL certificate in the certificate chain has been signed using a weak hash algorithm.
Description
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing
algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision
attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an
attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as
vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been
ignored.
See Also
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
http://www.nessus.org/u?e120eea1
http://www.nessus.org/u?5d894816
http://www.nessus.org/u?51db68aa
http://www.nessus.org/u?9dc7bfba
Solution
Risk Factor
Medium
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.7 (CVSS:3.0/E:P/RL:O/RC:C)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
192.168.56.103 111
CVSS Temporal Score
3.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 11849
BID 33065
CVE CVE-2004-2761
XREF CERT:836068
XREF CWE:310
192.168.56.103 112
35291 - SSL Certificate Signed Using Weak Hashing Algorithm
Synopsis
An SSL certificate in the certificate chain has been signed using a weak hash algorithm.
Description
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing
algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision
attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an
attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as
vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been
ignored.
See Also
https://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?9bb87bf2
http://www.nessus.org/u?e120eea1
http://www.nessus.org/u?5d894816
http://www.nessus.org/u?51db68aa
http://www.nessus.org/u?9dc7bfba
Solution
Risk Factor
Medium
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.7 (CVSS:3.0/E:P/RL:O/RC:C)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
192.168.56.103 113
CVSS Temporal Score
3.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 11849
BID 33065
CVE CVE-2004-2761
XREF CERT:836068
XREF CWE:310
192.168.56.103 114
45411 - SSL Certificate with Wrong Hostname
Synopsis
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
192.168.56.103 115
45411 - SSL Certificate with Wrong Hostname
Synopsis
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
192.168.56.103 116
45411 - SSL Certificate with Wrong Hostname
Synopsis
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
192.168.56.103 117
45411 - SSL Certificate with Wrong Hostname
Synopsis
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
192.168.56.103 118
45411 - SSL Certificate with Wrong Hostname
Synopsis
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
192.168.56.103 119
45411 - SSL Certificate with Wrong Hostname
Synopsis
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
192.168.56.103 120
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards
medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses
the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same
physical network.
See Also
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://sweet32.info
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
CVE CVE-2016-2183
192.168.56.103 121
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards
medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses
the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same
physical network.
See Also
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://sweet32.info
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
CVE CVE-2016-2183
192.168.56.103 122
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host
is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack
against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is
signed by an unrecognized certificate authority.
Solution
Risk Factor
Medium
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
192.168.56.103 123
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host
is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack
against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is
signed by an unrecognized certificate authority.
Solution
Risk Factor
Medium
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
192.168.56.103 124
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host
is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack
against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is
signed by an unrecognized certificate authority.
Solution
Risk Factor
Medium
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
192.168.56.103 125
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host
is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack
against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is
signed by an unrecognized certificate authority.
Solution
Risk Factor
Medium
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
192.168.56.103 126
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host
is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack
against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is
signed by an unrecognized certificate authority.
Solution
Risk Factor
Medium
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
192.168.56.103 127
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host
is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack
against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is
signed by an unrecognized certificate authority.
Solution
Risk Factor
Medium
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
192.168.56.103 128
88490 - Web Server Error Page Information Disclosure
Synopsis
The remote web server discloses information via a default error page.
Description
The default error page sent by the remote web server discloses information that can aid an attacker, such as the
server version and languages used by the web server.
Solution
Modify the web server to not disclose detailed information about the underlying web server, or use a custom
error page instead.
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
192.168.56.103 129
88099 - Web Server HTTP Header Information Disclosure
Synopsis
Description
The HTTP headers sent by the remote web server disclose information that can aid an attacker, such as the
server version and languages used by the web server.
Solution
Modify the HTTP headers of the web server to not disclose detailed information about the underlying web server.
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
192.168.56.103 130
112046 - Elasticsearch ESA-2018-11
Synopsis
The remote web server hosts a Java application that is affected by an unauthorised information disclosure
vulnerability.
Description
A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-
cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be
inadvertently logged.
See Also
https://www.elastic.co/community/security
Solution
All users of Elasticsearch should upgrade to version 6.3.0. This update will prevent the repository-azure plugin to
expose Azure credentials in Elasticsearch logs.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.
Risk Factor
Low
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
References
CVE CVE-2018-3827
192.168.56.103 131
34324 - FTP Supports Cleartext Authentication
Synopsis
Description
The remote FTP server allows the user's name and password to be transmitted in cleartext, which could be
intercepted by a network sniffer or a man-in-the-middle attack.
Solution
Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In the latter case, configure the server so
that control connections are encrypted.
Risk Factor
Low
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
References
XREF CWE:522
XREF CWE:523
XREF CWE:928
XREF CWE:930
192.168.56.103 132
70658 - SSH Server CBC Mode Ciphers Enabled
Synopsis
Description
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to
recover the plaintext message from the ciphertext.
Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software
versions.
Solution
Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR
or GCM cipher mode encryption.
Risk Factor
Low
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
1.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 32319
CVE CVE-2008-5161
XREF CERT:958563
XREF CWE:200
192.168.56.103 133
71049 - SSH Weak MAC Algorithms Enabled
Synopsis
The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms.
Description
The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are
considered weak.
Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software
versions.
Solution
Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.
Risk Factor
Low
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
192.168.56.103 134
31705 - SSL Anonymous Cipher Suites Supported
Synopsis
Description
The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a
service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify
the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
See Also
http://www.nessus.org/u?3a040ada
Solution
Risk Factor
Low
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.2 (CVSS:3.0/E:U/RL:O/RC:C)
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
1.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 28482
CVE CVE-2007-1858
192.168.56.103 135
31705 - SSL Anonymous Cipher Suites Supported
Synopsis
Description
The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a
service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify
the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
See Also
http://www.nessus.org/u?3a040ada
Solution
Risk Factor
Low
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.2 (CVSS:3.0/E:U/RL:O/RC:C)
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
1.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 28482
CVE CVE-2007-1858
192.168.56.103 136
65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
Synopsis
Description
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small
biases are introduced into the stream, decreasing its randomness.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of
millions) ciphertexts, the attacker may be able to derive the plaintext.
See Also
http://www.nessus.org/u?ac7327a0
http://cr.yp.to/talks/2013.03.12/slides.pdf
http://www.isg.rhul.ac.uk/tls/
https://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf
Solution
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-
GCM suites subject to browser and web server support.
Risk Factor
Low
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.4 (CVSS:3.0/E:U/RL:X/RC:C)
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
2.2 (CVSS2#E:U/RL:ND/RC:C)
192.168.56.103 137
References
BID 58796
BID 73684
CVE CVE-2013-2566
CVE CVE-2015-2808
192.168.56.103 138
83875 - SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
Synopsis
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024
bits.
Description
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to
1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time
(depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or
potentially violate the integrity of connections.
See Also
https://weakdh.org/
Solution
Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.
Risk Factor
Low
3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
References
BID 74733
CVE CVE-2015-4000
192.168.56.103 139
83875 - SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
Synopsis
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024
bits.
Description
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to
1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time
(depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or
potentially violate the integrity of connections.
See Also
https://weakdh.org/
Solution
Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.
Risk Factor
Low
3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
References
BID 74733
CVE CVE-2015-4000
192.168.56.103 140
83875 - SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
Synopsis
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024
bits.
Description
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to
1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time
(depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or
potentially violate the integrity of connections.
See Also
https://weakdh.org/
Solution
Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.
Risk Factor
Low
3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
References
BID 74733
CVE CVE-2015-4000
192.168.56.103 141
83875 - SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
Synopsis
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024
bits.
Description
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to
1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time
(depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or
potentially violate the integrity of connections.
See Also
https://weakdh.org/
Solution
Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.
Risk Factor
Low
3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
References
BID 74733
CVE CVE-2015-4000
192.168.56.103 142
83875 - SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
Synopsis
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024
bits.
Description
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to
1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time
(depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or
potentially violate the integrity of connections.
See Also
https://weakdh.org/
Solution
Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.
Risk Factor
Low
3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
References
BID 74733
CVE CVE-2015-4000
192.168.56.103 143
21186 - AJP Connector Detection
Synopsis
Description
The remote host is running an AJP (Apache JServ Protocol) connector, a service by which a standalone web
server such as Apache communicates over TCP with a Java servlet container such as Tomcat.
See Also
http://tomcat.apache.org/connectors-doc/
http://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html
Solution
n/a
Risk Factor
None
192.168.56.103 144
21186 - AJP Connector Detection
Synopsis
Description
The remote host is running an AJP (Apache JServ Protocol) connector, a service by which a standalone web
server such as Apache communicates over TCP with a Java servlet container such as Tomcat.
See Also
http://tomcat.apache.org/connectors-doc/
http://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html
Solution
n/a
Risk Factor
None
192.168.56.103 145
48204 - Apache HTTP Server Version
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the
version number from the banner.
See Also
https://httpd.apache.org/
Solution
n/a
Risk Factor
None
192.168.56.103 146
48204 - Apache HTTP Server Version
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the
version number from the banner.
See Also
https://httpd.apache.org/
Solution
n/a
Risk Factor
None
192.168.56.103 147
48204 - Apache HTTP Server Version
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the
version number from the banner.
See Also
https://httpd.apache.org/
Solution
n/a
Risk Factor
None
192.168.56.103 148
39446 - Apache Tomcat Detection
Synopsis
Description
See Also
https://tomcat.apache.org/
Solution
n/a
Risk Factor
None
192.168.56.103 149
39446 - Apache Tomcat Detection
Synopsis
Description
See Also
https://tomcat.apache.org/
Solution
n/a
Risk Factor
None
192.168.56.103 150
10761 - COM+ Internet Services (CIS) Server Detection
Synopsis
Description
COM+ Internet Services are RPC over HTTP tunneling and require IIS to operate. CIS ports shouldn't be visible
on internet but only behind a firewall.
See Also
http://www.nessus.org/u?d02f7e6e
https://support.microsoft.com/en-us/support/kb/articles/q282/2/61.asp
Solution
Risk Factor
None
192.168.56.103 151
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration)
matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on
the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
192.168.56.103 152
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is
possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
192.168.56.103 153
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is
possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
192.168.56.103 154
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is
possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
192.168.56.103 155
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is
possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
192.168.56.103 156
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is
possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
192.168.56.103 157
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is
possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
192.168.56.103 158
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is
possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
192.168.56.103 159
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is
possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
192.168.56.103 160
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is
possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
192.168.56.103 161
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is
possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
192.168.56.103 162
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is
possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
192.168.56.103 163
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is
possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
192.168.56.103 164
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is
possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
192.168.56.103 165
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is
possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
192.168.56.103 166
10736 - DCE Services Enumeration
Synopsis
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is
possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
192.168.56.103 167
11002 - DNS Server Detection
Synopsis
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames
and IP addresses.
See Also
https://en.wikipedia.org/wiki/Domain_Name_System
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
192.168.56.103 168
11002 - DNS Server Detection
Synopsis
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames
and IP addresses.
See Also
https://en.wikipedia.org/wiki/Domain_Name_System
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
192.168.56.103 169
11951 - DNS Server Fingerprinting
Synopsis
Description
This script attempts to identify the remote DNS server type and version by sending various invalid requests to
the remote DNS server and analyzing the error codes returned.
See Also
http://cr.yp.to/surveys/dns1.html
Solution
n/a
Risk Factor
None
192.168.56.103 170
84239 - Debugging Log Report
Synopsis
This plugin gathers the logs written by other plugins and reports them.
Description
Logs generated by other plugins are reported by this plugin. Plugin debugging must be enabled in the policy in
order for this plugin to run.
Solution
n/a
Risk Factor
None
192.168.56.103 171
54615 - Device Type
Synopsis
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,
router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
192.168.56.103 172
109941 - Elasticsearch Detection
Synopsis
Description
The remote host is running Elasticsearch, a distributed search engine service written in Java and possibly a
security extension called X-Pack.
See Also
https://www.elastic.co/products/elasticsearch
Solution
n/a
Risk Factor
None
192.168.56.103 173
117530 - Errors in nessusd.dump
Synopsis
This plugin parses information from the nessusd.dump log file and reports on errors.
Description
This plugin parses information from the nessusd.dump log file and reports on errors.
Solution
n/a
Risk Factor
None
192.168.56.103 174
35716 - Ethernet Card Manufacturer Detection
Synopsis
Description
Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are
registered by IEEE.
See Also
https://standards.ieee.org/faqs/regauth.html
http://www.nessus.org/u?794673b4
Solution
n/a
Risk Factor
None
192.168.56.103 175
86420 - Ethernet MAC Addresses
Synopsis
This plugin gathers MAC addresses from various sources and consolidates them into a list.
Description
This plugin gathers MAC addresses discovered from both remote probing of the host (e.g. SNMP and Netbios)
and from running local checks (e.g. ifconfig). It then consolidates the MAC addresses into a single, unique, and
uniform list.
Solution
n/a
Risk Factor
None
192.168.56.103 176
10092 - FTP Server Detection
Synopsis
Description
It is possible to obtain the banner of the remote FTP server by connecting to a remote port.
Solution
n/a
Risk Factor
None
192.168.56.103 177
84502 - HSTS Missing From HTTPS Server
Synopsis
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). The lack of HSTS allows
downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
https://tools.ietf.org/html/rfc6797
Solution
Risk Factor
None
192.168.56.103 178
84502 - HSTS Missing From HTTPS Server
Synopsis
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). The lack of HSTS allows
downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
https://tools.ietf.org/html/rfc6797
Solution
Risk Factor
None
192.168.56.103 179
84502 - HSTS Missing From HTTPS Server
Synopsis
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). The lack of HSTS allows
downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
https://tools.ietf.org/html/rfc6797
Solution
Risk Factor
None
192.168.56.103 180
43111 - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response.
If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests
for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind
submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications
tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it
receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any security
vulnerabilities.
See Also
http://www.nessus.org/u?d9c03a9a
http://www.nessus.org/u?b019cbdb
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Solution
n/a
Risk Factor
None
192.168.56.103 181
43111 - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response.
If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests
for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind
submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications
tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it
receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any security
vulnerabilities.
See Also
http://www.nessus.org/u?d9c03a9a
http://www.nessus.org/u?b019cbdb
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Solution
n/a
Risk Factor
None
192.168.56.103 182
43111 - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response.
If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests
for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind
submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications
tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it
receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any security
vulnerabilities.
See Also
http://www.nessus.org/u?d9c03a9a
http://www.nessus.org/u?b019cbdb
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Solution
n/a
Risk Factor
None
192.168.56.103 183
43111 - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response.
If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests
for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind
submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications
tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it
receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any security
vulnerabilities.
See Also
http://www.nessus.org/u?d9c03a9a
http://www.nessus.org/u?b019cbdb
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Solution
n/a
Risk Factor
None
192.168.56.103 184
43111 - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response.
If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests
for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind
submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications
tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it
receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any security
vulnerabilities.
See Also
http://www.nessus.org/u?d9c03a9a
http://www.nessus.org/u?b019cbdb
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Solution
n/a
Risk Factor
None
192.168.56.103 185
43111 - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response.
If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests
for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind
submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications
tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it
receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any security
vulnerabilities.
See Also
http://www.nessus.org/u?d9c03a9a
http://www.nessus.org/u?b019cbdb
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Solution
n/a
Risk Factor
None
192.168.56.103 186
43111 - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response.
If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests
for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind
submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications
tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it
receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any security
vulnerabilities.
See Also
http://www.nessus.org/u?d9c03a9a
http://www.nessus.org/u?b019cbdb
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Solution
n/a
Risk Factor
None
192.168.56.103 187
43111 - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response.
If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests
for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind
submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications
tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it
receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any security
vulnerabilities.
See Also
http://www.nessus.org/u?d9c03a9a
http://www.nessus.org/u?b019cbdb
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Solution
n/a
Risk Factor
None
192.168.56.103 188
43111 - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response.
If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests
for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind
submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications
tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it
receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any security
vulnerabilities.
See Also
http://www.nessus.org/u?d9c03a9a
http://www.nessus.org/u?b019cbdb
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Solution
n/a
Risk Factor
None
192.168.56.103 189
43111 - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response.
If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests
for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind
submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications
tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it
receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any security
vulnerabilities.
See Also
http://www.nessus.org/u?d9c03a9a
http://www.nessus.org/u?b019cbdb
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Solution
n/a
Risk Factor
None
192.168.56.103 190
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
192.168.56.103 191
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
192.168.56.103 192
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
192.168.56.103 193
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
192.168.56.103 194
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
192.168.56.103 195
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
192.168.56.103 196
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
192.168.56.103 197
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
192.168.56.103 198
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
192.168.56.103 199
10107 - HTTP Server Type and Version
Synopsis
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
192.168.56.103 200
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive
and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
192.168.56.103 201
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive
and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
192.168.56.103 202
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive
and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
192.168.56.103 203
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive
and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
192.168.56.103 204
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive
and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
192.168.56.103 205
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive
and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
192.168.56.103 206
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive
and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
192.168.56.103 207
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive
and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
192.168.56.103 208
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive
and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
192.168.56.103 209
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive
and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
192.168.56.103 210
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive
and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
192.168.56.103 211
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is
set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based
authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but
usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
References
CVE CVE-1999-0524
XREF CWE:200
192.168.56.103 212
14788 - IP Protocols Scan
Synopsis
Description
See Also
http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
Solution
n/a
Risk Factor
None
192.168.56.103 213
43829 - Kerberos Information Disclosure
Synopsis
Description
Nessus was able to retrieve the realm name and/or server time of the remote Kerberos server.
Solution
n/a
Risk Factor
None
192.168.56.103 214
25701 - LDAP Crafted Search Request Server Information Disclosure
Synopsis
Description
By sending a search request with a filter set to 'objectClass=*', it is possible to extract information about the
remote LDAP server.
Solution
n/a
Risk Factor
None
192.168.56.103 215
25701 - LDAP Crafted Search Request Server Information Disclosure
Synopsis
Description
By sending a search request with a filter set to 'objectClass=*', it is possible to extract information about the
remote LDAP server.
Solution
n/a
Risk Factor
None
192.168.56.103 216
20870 - LDAP Server Detection
Synopsis
Description
The remote host is running a Lightweight Directory Access Protocol (LDAP) server. LDAP is a protocol for
providing access to directory services over TCP/IP.
See Also
https://en.wikipedia.org/wiki/LDAP
Solution
n/a
Risk Factor
None
192.168.56.103 217
20870 - LDAP Server Detection
Synopsis
Description
The remote host is running a Lightweight Directory Access Protocol (LDAP) server. LDAP is a protocol for
providing access to directory services over TCP/IP.
See Also
https://en.wikipedia.org/wiki/LDAP
Solution
n/a
Risk Factor
None
192.168.56.103 218
53513 - Link-Local Multicast Name Resolution (LLMNR) Detection
Synopsis
Description
The remote device answered to a Link-local Multicast Name Resolution (LLMNR) request. This protocol provides
a name lookup service similar to NetBIOS or DNS. It is enabled by default on modern Windows versions.
See Also
http://www.nessus.org/u?51eae65d
http://technet.microsoft.com/en-us/library/bb878128.aspx
Solution
Make sure that use of this software conforms to your organization's acceptable use and security policies.
Risk Factor
None
192.168.56.103 219
71216 - ManageEngine Desktop Central Detection
Synopsis
The remote web server hosts a desktop and mobile device management application.
Description
The remote web server hosts ManageEngine Desktop Central, a Java-based desktop and mobile device
management web application.
See Also
https://www.manageengine.com/products/desktop-central/
Solution
n/a
Risk Factor
None
192.168.56.103 220
71216 - ManageEngine Desktop Central Detection
Synopsis
The remote web server hosts a desktop and mobile device management application.
Description
The remote web server hosts ManageEngine Desktop Central, a Java-based desktop and mobile device
management web application.
See Also
https://www.manageengine.com/products/desktop-central/
Solution
n/a
Risk Factor
None
192.168.56.103 221
71216 - ManageEngine Desktop Central Detection
Synopsis
The remote web server hosts a desktop and mobile device management application.
Description
The remote web server hosts ManageEngine Desktop Central, a Java-based desktop and mobile device
management web application.
See Also
https://www.manageengine.com/products/desktop-central/
Solution
n/a
Risk Factor
None
192.168.56.103 222
10394 - Microsoft Windows SMB Log In Possible
Synopsis
Description
The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It
was possible to log into it using one of the following accounts :
- NULL session
- Guest account
- Supplied credentials
See Also
https://support.microsoft.com/en-us/help/143474/restricting-information-available-to-anonymous-logon-users
https://support.microsoft.com/en-us/help/246261
Solution
n/a
Risk Factor
None
192.168.56.103 223
10785 - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure
Synopsis
Description
Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending
an authentication request to port 139 or 445. Note that this plugin requires SMB1 to be enabled on the host.
Solution
n/a
Risk Factor
None
192.168.56.103 224
26917 - Microsoft Windows SMB Registry : Nessus Cannot Access the Windows Registry
Synopsis
Description
If you intend to use Nessus to perform registry-based checks, the registry checks will not work because the
'Remote Registry Access'
service (winreg) has been disabled on the remote host or can not be connected to with the supplied credentials.
Solution
n/a
Risk Factor
None
192.168.56.103 225
11011 - Microsoft Windows SMB Service Detection
Synopsis
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB)
protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
192.168.56.103 226
11011 - Microsoft Windows SMB Service Detection
Synopsis
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB)
protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
192.168.56.103 227
100871 - Microsoft Windows SMB Versions Supported (remote check)
Synopsis
It was possible to obtain information about the version of SMB running on the remote host.
Description
Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request
to port 139 or 445.
Note that this plugin is a remote check and does not work on agents.
Solution
n/a
Risk Factor
None
192.168.56.103 228
106716 - Microsoft Windows SMB2 Dialects Supported (remote check)
Synopsis
It was possible to obtain information about the dialects of SMB2 available on the remote host.
Description
Nessus was able to obtain the set of SMB2 dialects running on the remote host by sending an authentication
request to port 139 or 445.
Solution
n/a
Risk Factor
None
192.168.56.103 229
10719 - MySQL Server Detection
Synopsis
Description
Solution
n/a
Risk Factor
None
192.168.56.103 230
19506 - Nessus Scan Information
Synopsis
Description
This plugin displays, for each tested host, information about the scan itself :
Solution
n/a
Risk Factor
None
192.168.56.103 231
10884 - Network Time Protocol (NTP) Server Detection
Synopsis
Description
An NTP server is listening on port 123. If not securely configured, it may provide information about its version,
current date, current time, and possibly system information.
See Also
http://www.ntp.org
Solution
n/a
Risk Factor
None
192.168.56.103 232
110723 - No Credentials Provided
Synopsis
Nessus was able to find common ports used for local checks, however, no credentials were provided in the scan
policy.
Description
Nessus was unable to execute credentialed checks because no credentials were provided.
Solution
n/a
Risk Factor
None
192.168.56.103 233
11936 - OS Identification
Synopsis
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the
name of the remote operating system in use. It is also possible sometimes to guess the version of the operating
system.
Solution
n/a
Risk Factor
None
192.168.56.103 234
50845 - OpenSSL Detection
Synopsis
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote
service is using the OpenSSL library to encrypt traffic.
Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions
(RFC 4366).
See Also
https://www.openssl.org/
Solution
n/a
Risk Factor
None
192.168.56.103 235
55930 - Oracle GlassFish HTTP Server Version
Synopsis
It was possible to obtain the version number of the remote Oracle GlassFish HTTP server.
Description
The remote host is running an Oracle GlassFish HTTP Server, a Java EE application server. It was possible to
read the version number from the HTTP response headers.
See Also
http://www.nessus.org/u?85f4fd5a
Solution
n/a
Risk Factor
None
192.168.56.103 236
55930 - Oracle GlassFish HTTP Server Version
Synopsis
It was possible to obtain the version number of the remote Oracle GlassFish HTTP server.
Description
The remote host is running an Oracle GlassFish HTTP Server, a Java EE application server. It was possible to
read the version number from the HTTP response headers.
See Also
http://www.nessus.org/u?85f4fd5a
Solution
n/a
Risk Factor
None
192.168.56.103 237
55930 - Oracle GlassFish HTTP Server Version
Synopsis
It was possible to obtain the version number of the remote Oracle GlassFish HTTP server.
Description
The remote host is running an Oracle GlassFish HTTP Server, a Java EE application server. It was possible to
read the version number from the HTTP response headers.
See Also
http://www.nessus.org/u?85f4fd5a
Solution
n/a
Risk Factor
None
192.168.56.103 238
55929 - Oracle GlassFish Server Administration Console
Synopsis
It was possible to access the administration console of the remote Oracle GlassFish application server.
Description
The remote host is running the Oracle GlassFish application server, and has the administration console listening
on an external IP.
See Also
http://www.nessus.org/u?85f4fd5a
Solution
n/a
Risk Factor
None
192.168.56.103 239
48243 - PHP Version Detection
Synopsis
It was possible to obtain the version number of the remote PHP installation.
Description
Nessus was able to determine the version of PHP available on the remote web server.
Solution
n/a
Risk Factor
None
192.168.56.103 240
66334 - Patch Report
Synopsis
Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to
install to make sure the remote host is up-to-date.
Solution
Risk Factor
None
192.168.56.103 241
26024 - PostgreSQL Server Detection
Synopsis
Description
See Also
https://www.postgresql.org/
Solution
Risk Factor
None
192.168.56.103 242
22227 - RMI Registry Detection
Synopsis
Description
The remote host is running an RMI registry, which acts as a bootstrap naming service for registering and
retrieving remote objects with simple names in the Java Remote Method Invocation (RMI) system.
See Also
https://docs.oracle.com/javase/1.5.0/docs/guide/rmi/spec/rmiTOC.html
http://www.nessus.org/u?b6fd7659
Solution
n/a
Risk Factor
None
192.168.56.103 243
35296 - SNMP Protocol Version Detection
Synopsis
This plugin reports the protocol version negotiated with the remote SNMP agent.
Description
By sending an SNMP 'get-next-request', it is possible to determine the protocol version of the remote SNMP
agent.
See Also
https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this
port.
Risk Factor
None
192.168.56.103 244
34022 - SNMP Query Routing Information Disclosure
Synopsis
The list of IP routes on the remote host can be obtained via SNMP.
Description
It is possible to obtain the routing information on the remote host by sending SNMP requests with the OID
1.3.6.1.2.1.4.21
An attacker may use this information to gain more knowledge about the network topology.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this
port.
Risk Factor
None
192.168.56.103 245
10550 - SNMP Query Running Process List Disclosure
Synopsis
The list of processes running on the remote host can be obtained via SNMP.
Description
It is possible to obtain the list of running processes on the remote host by sending SNMP requests with the OID
1.3.6.1.2.1.25.4.2.1.2
An attacker may use this information to gain more knowledge about the target host.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this
port.
Risk Factor
None
192.168.56.103 246
10800 - SNMP Query System Information Disclosure
Synopsis
The System Information of the remote host can be obtained via SNMP.
Description
It is possible to obtain the system information about the remote host by sending SNMP requests with the OID
1.3.6.1.2.1.1.1.
An attacker may use this information to gain more knowledge about the target host.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this
port.
Risk Factor
None
192.168.56.103 247
10551 - SNMP Request Network Interfaces Enumeration
Synopsis
The list of network interfaces cards of the remote host can be obtained via SNMP.
Description
It is possible to obtain the list of the network interfaces installed on the remote host by sending SNMP requests
with the OID 1.3.6.1.2.1.2.1.0
An attacker may use this information to gain more knowledge about the target host.
Solution
Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this
port.
Risk Factor
None
192.168.56.103 248
40448 - SNMP Supported Protocols Detection
Synopsis
This plugin reports all the protocol versions successfully negotiated with the remote SNMP agent.
Description
Extend the SNMP settings data already gathered by testing for\ SNMP versions other than the highest
negotiated.
Solution
n/a
Risk Factor
None
192.168.56.103 249
70657 - SSH Algorithms and Languages Supported
Synopsis
Description
This script detects which algorithms and languages are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
192.168.56.103 250
100158 - SSH Combined Host Command Logging (Plugin Debugging)
Synopsis
If plugin debugging is enabled, this plugin writes the SSH commands run on the host to a combined log file in a
machine readable format.
Description
If plugin debugging is enabled, this plugin writes the SSH commands run on the host to a combined log file in a
machine readable format.
This log file resides on the scanner host itself.
Solution
n/a
Risk Factor
None
192.168.56.103 251
10267 - SSH Server Type and Version Information
Synopsis
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication request.
Solution
n/a
Risk Factor
None
192.168.56.103 252
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
192.168.56.103 253
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
192.168.56.103 254
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
192.168.56.103 255
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
192.168.56.103 256
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
192.168.56.103 257
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
192.168.56.103 258
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
192.168.56.103 259
56984 - SSL / TLS Versions Supported
Synopsis
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
192.168.56.103 260
45410 - SSL Certificate 'commonName' Mismatch
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute
does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that
matches the common name in the certificate.
Risk Factor
None
192.168.56.103 261
45410 - SSL Certificate 'commonName' Mismatch
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute
does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that
matches the common name in the certificate.
Risk Factor
None
192.168.56.103 262
45410 - SSL Certificate 'commonName' Mismatch
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute
does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that
matches the common name in the certificate.
Risk Factor
None
192.168.56.103 263
45410 - SSL Certificate 'commonName' Mismatch
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute
does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that
matches the common name in the certificate.
Risk Factor
None
192.168.56.103 264
45410 - SSL Certificate 'commonName' Mismatch
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute
does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that
matches the common name in the certificate.
Risk Factor
None
192.168.56.103 265
45410 - SSL Certificate 'commonName' Mismatch
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute
does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that
matches the common name in the certificate.
Risk Factor
None
192.168.56.103 266
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
192.168.56.103 267
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
192.168.56.103 268
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
192.168.56.103 269
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
192.168.56.103 270
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
192.168.56.103 271
10863 - SSL Certificate Information
Synopsis
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
192.168.56.103 272
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with
subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
192.168.56.103 273
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with
subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
192.168.56.103 274
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with
subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
192.168.56.103 275
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with
subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
192.168.56.103 276
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with
subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
192.168.56.103 277
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with
subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
192.168.56.103 278
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with
subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
192.168.56.103 279
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with
subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
192.168.56.103 280
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
http://www.nessus.org/u?3a040ada
Solution
n/a
Risk Factor
None
192.168.56.103 281
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
http://www.nessus.org/u?3a040ada
Solution
n/a
Risk Factor
None
192.168.56.103 282
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
http://www.nessus.org/u?3a040ada
Solution
n/a
Risk Factor
None
192.168.56.103 283
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
http://www.nessus.org/u?3a040ada
Solution
n/a
Risk Factor
None
192.168.56.103 284
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
http://www.nessus.org/u?3a040ada
Solution
n/a
Risk Factor
None
192.168.56.103 285
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
http://www.nessus.org/u?3a040ada
Solution
n/a
Risk Factor
None
192.168.56.103 286
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
http://www.nessus.org/u?3a040ada
Solution
n/a
Risk Factor
None
192.168.56.103 287
21643 - SSL Cipher Suites Supported
Synopsis
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
http://www.nessus.org/u?3a040ada
Solution
n/a
Risk Factor
None
192.168.56.103 288
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
192.168.56.103 289
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
192.168.56.103 290
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
192.168.56.103 291
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
192.168.56.103 292
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
192.168.56.103 293
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
192.168.56.103 294
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use
and security policies.
Risk Factor
None
192.168.56.103 295
35297 - SSL Service Requests Client Certificate
Synopsis
Description
The remote service encrypts communications using SSL/TLS, requests a client certificate, and may require a
valid certificate in order to establish a connection to the underlying service.
Solution
n/a
Risk Factor
None
192.168.56.103 296
35297 - SSL Service Requests Client Certificate
Synopsis
Description
The remote service encrypts communications using SSL/TLS, requests a client certificate, and may require a
valid certificate in order to establish a connection to the underlying service.
Solution
n/a
Risk Factor
None
192.168.56.103 297
51891 - SSL Session Resume Supported
Synopsis
Description
This script detects whether a host allows resuming SSL sessions by performing a full SSL handshake to receive
a session ID, and then reconnecting with the previously used session ID. If the server accepts the session ID in
the second connection, the server maintains a cache of sessions that can be resumed.
Solution
n/a
Risk Factor
None
192.168.56.103 298
96982 - Server Message Block (SMB) Protocol Version 1 Enabled (uncredentialed check)
Synopsis
Description
The remote Windows host supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends
that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB
versions. Additionally, the Shadow Brokers group reportedly has an exploit that affects SMB; however, it is
unknown if the exploit affects SMBv1 or another version. In response to this, US-CERT recommends that users
disable SMBv1 per SMB best practices to mitigate these potential issues.
See Also
https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
https://support.microsoft.com/en-us/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-
in-windows-and
http://www.nessus.org/u?8dcab5e4
http://www.nessus.org/u?234f8ef8
http://www.nessus.org/u?4c7e0cf3
Solution
Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by
blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 /
139 and UDP ports 137 / 138 on all network boundary devices.
Risk Factor
None
192.168.56.103 299
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 300
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 301
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 302
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 303
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 304
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 305
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 306
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 307
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 308
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 309
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 310
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 311
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 312
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 313
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 314
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 315
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 316
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 317
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 318
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 319
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 320
22964 - Service Detection
Synopsis
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
192.168.56.103 321
25220 - TCP/IP Timestamps Supported
Synopsis
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the
uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
192.168.56.103 322
104743 - TLS Version 1.0 Protocol Detection
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic
design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.1
and 1.2 are designed against these flaws and should be used whenever possible.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and
the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any
known exploits.
Solution
Enable support for TLS 1.1 and 1.2, and disable support for TLS 1.0.
Risk Factor
None
192.168.56.103 323
104743 - TLS Version 1.0 Protocol Detection
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic
design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.1
and 1.2 are designed against these flaws and should be used whenever possible.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and
the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any
known exploits.
Solution
Enable support for TLS 1.1 and 1.2, and disable support for TLS 1.0.
Risk Factor
None
192.168.56.103 324
104743 - TLS Version 1.0 Protocol Detection
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic
design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.1
and 1.2 are designed against these flaws and should be used whenever possible.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and
the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any
known exploits.
Solution
Enable support for TLS 1.1 and 1.2, and disable support for TLS 1.0.
Risk Factor
None
192.168.56.103 325
104743 - TLS Version 1.0 Protocol Detection
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic
design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.1
and 1.2 are designed against these flaws and should be used whenever possible.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and
the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any
known exploits.
Solution
Enable support for TLS 1.1 and 1.2, and disable support for TLS 1.0.
Risk Factor
None
192.168.56.103 326
104743 - TLS Version 1.0 Protocol Detection
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic
design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.1
and 1.2 are designed against these flaws and should be used whenever possible.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and
the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any
known exploits.
Solution
Enable support for TLS 1.1 and 1.2, and disable support for TLS 1.0.
Risk Factor
None
192.168.56.103 327
104743 - TLS Version 1.0 Protocol Detection
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic
design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.1
and 1.2 are designed against these flaws and should be used whenever possible.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and
the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any
known exploits.
Solution
Enable support for TLS 1.1 and 1.2, and disable support for TLS 1.0.
Risk Factor
None
192.168.56.103 328
104743 - TLS Version 1.0 Protocol Detection
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic
design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.1
and 1.2 are designed against these flaws and should be used whenever possible.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and
the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any
known exploits.
Solution
Enable support for TLS 1.1 and 1.2, and disable support for TLS 1.0.
Risk Factor
None
192.168.56.103 329
104743 - TLS Version 1.0 Protocol Detection
Synopsis
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic
design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.1
and 1.2 are designed against these flaws and should be used whenever possible.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and
the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any
known exploits.
Solution
Enable support for TLS 1.1 and 1.2, and disable support for TLS 1.0.
Risk Factor
None
192.168.56.103 330
121010 - TLS Version 1.1 Protocol Detection
Synopsis
Description
PCI DSS v3.2 still allows TLS 1.1 as of June 30, 2018, but strongly recommends the use of TLS 1.2. A proposal
is currently before the IETF to fully deprecate TLS 1.1 and many vendors have already proactively done this.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
192.168.56.103 331
121010 - TLS Version 1.1 Protocol Detection
Synopsis
Description
PCI DSS v3.2 still allows TLS 1.1 as of June 30, 2018, but strongly recommends the use of TLS 1.2. A proposal
is currently before the IETF to fully deprecate TLS 1.1 and many vendors have already proactively done this.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
192.168.56.103 332
121010 - TLS Version 1.1 Protocol Detection
Synopsis
Description
PCI DSS v3.2 still allows TLS 1.1 as of June 30, 2018, but strongly recommends the use of TLS 1.2. A proposal
is currently before the IETF to fully deprecate TLS 1.1 and many vendors have already proactively done this.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
192.168.56.103 333
121010 - TLS Version 1.1 Protocol Detection
Synopsis
Description
PCI DSS v3.2 still allows TLS 1.1 as of June 30, 2018, but strongly recommends the use of TLS 1.2. A proposal
is currently before the IETF to fully deprecate TLS 1.1 and many vendors have already proactively done this.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
192.168.56.103 334
121010 - TLS Version 1.1 Protocol Detection
Synopsis
Description
PCI DSS v3.2 still allows TLS 1.1 as of June 30, 2018, but strongly recommends the use of TLS 1.2. A proposal
is currently before the IETF to fully deprecate TLS 1.1 and many vendors have already proactively done this.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
192.168.56.103 335
121010 - TLS Version 1.1 Protocol Detection
Synopsis
Description
PCI DSS v3.2 still allows TLS 1.1 as of June 30, 2018, but strongly recommends the use of TLS 1.2. A proposal
is currently before the IETF to fully deprecate TLS 1.1 and many vendors have already proactively done this.
See Also
https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
http://www.nessus.org/u?c8ae820d
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
192.168.56.103 336
64814 - Terminal Services Use SSL/TLS
Synopsis
Description
Solution
n/a
Risk Factor
None
192.168.56.103 337
10287 - Traceroute Information
Synopsis
Description
Solution
n/a
Risk Factor
None
192.168.56.103 338
11154 - Unknown Service Detection: Banner Retrieval
Synopsis
Description
Nessus was unable to identify a service on the remote host even though it returned a banner of some type.
Solution
n/a
Risk Factor
None
192.168.56.103 339
11154 - Unknown Service Detection: Banner Retrieval
Synopsis
Description
Nessus was unable to identify a service on the remote host even though it returned a banner of some type.
Solution
n/a
Risk Factor
None
192.168.56.103 340
11154 - Unknown Service Detection: Banner Retrieval
Synopsis
Description
Nessus was unable to identify a service on the remote host even though it returned a banner of some type.
Solution
n/a
Risk Factor
None
192.168.56.103 341
20094 - VMware Virtual Machine Detection
Synopsis
Description
According to the MAC address of its network adapter, the remote host is a VMware virtual machine.
Solution
Since it is physically accessible through the network, ensure that its configuration matches your organization's
security policy.
Risk Factor
None
192.168.56.103 342
20108 - Web Server / Application favicon.ico Vendor Fingerprinting
Synopsis
The remote web server contains a graphic image that is prone to information disclosure.
Description
The 'favicon.ico' file found on the remote web server belongs to a popular web server. This may be used to
fingerprint the web server.
Solution
Remove the 'favicon.ico' file or create a custom one for your site.
Risk Factor
None
192.168.56.103 343
10386 - Web Server No 404 Error Code Check
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent
file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of
security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
192.168.56.103 344
11422 - Web Server Unconfigured - Default Install Page Present
Synopsis
Description
The remote web server uses its default welcome page. Therefore, it's probable that this server is not used at all
or is serving content that is meant to be hidden.
Solution
Risk Factor
None
192.168.56.103 345
11424 - WebDAV Detection
Synopsis
Description
Solution
http://support.microsoft.com/default.aspx?kbid=241520
Risk Factor
None
192.168.56.103 346
10150 - Windows NetBIOS / SMB Remote Host Information Disclosure
Synopsis
Description
The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB
requests.
Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.
Solution
n/a
Risk Factor
None
192.168.56.103 347
10940 - Windows Terminal Services Enabled
Synopsis
Description
Terminal Services allows a Windows user to remotely obtain a graphical login (and therefore act as a local user
on the remote host).
If an attacker gains a valid login and password, this service could be used to gain further access on the remote
host. An attacker may also use this service to mount a dictionary attack against the remote host to try to log in
remotely.
Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for
attackers to steal the credentials of legitimate users by impersonating the Windows server.
Solution
Disable Terminal Services if you do not use it, and do not allow this service to run across the Internet.
Risk Factor
None
192.168.56.103 348
Remediations
Suggested Remediations
Taking the following actions across 1 hosts would resolve 65% of the vulnerabilities on the network.
PHP 5.3.x < 5.3.29 Multiple Vulnerabilities: Upgrade to PHP version 5.3.29 or later. 36 1
Apache 2.2.x < 2.2.34 Multiple Vulnerabilities: Upgrade to Apache version 2.2.34 or later. 28 1
Apache Tomcat 8.0.x < 8.0.52 / 8.5.x < 8.5.31 / 9.0.x < 9.0.8 Denial of Service: Upgrade to 20 1
Apache Tomcat version 8.0.52 / 8.5.31 / 9.0.8 or later.
Elasticsearch ESA-2015-06: Users should upgrade to 1.6.1 or 1.7.0. Alternately, ensure that 2 1
only trusted applications have access to the transport protocol port.
Elasticsearch ESA-2018-11: All users of Elasticsearch should upgrade to version 6.3.0. This 1 1
update will prevent the repository-azure plugin to expose Azure credentials in Elasticsearch
logs. Note that Nessus has not tested for these issues but has instead relied only on the
application's self-reported version number.