Scan Ubuntu With OSSEC + Postfix Prepare for PCI-DSS 0unmp9
-
Upload
yudi-goemon-prabowo -
Category
Documents
-
view
149 -
download
6
Transcript of Scan Ubuntu With OSSEC + Postfix Prepare for PCI-DSS 0unmp9
Nessus ReportNessus Scan Report
26/Sep/2013:04:40:53
HomeFeed: Commercial use of the report is prohibited
Any time Nessus is used in a commercial environment you MUST maintain an activesubscription to the ProfessionalFeed in order to be compliant with our license agreement:http://www.nessus.org/products/nessus-professionalfeed
Table Of ContentsHosts Summary (Executive).................................................................................................3
•10.42.14.159................................................................................................................................................................4
Vulnerabilities By Host......................................................................................................... 5
•10.42.14.159................................................................................................................................................................6
Vulnerabilities By Plugin.....................................................................................................20
•11229 (1) - Web Server info.php / phpinfo.php Detection........................................................................................ 21
•12213 (1) - TCP/IP Sequence Prediction Blind Reset Spoofing DoS...................................................................... 22
•62101 (1) - Apache 2.2 < 2.2.23 Multiple Vulnerabilities......................................................................................... 24
•64912 (1) - Apache 2.2 < 2.2.24 Multiple Cross-Site Scripting Vulnerabilities......................................................... 25
•67140 (1) - OpenSSH LoginGraceTime / MaxStartups DoS.................................................................................... 26
•68915 (1) - Apache 2.2 < 2.2.25 Multiple Vulnerabilities......................................................................................... 27
•11219 (2) - Nessus SYN scanner.............................................................................................................................28
•22964 (2) - Service Detection...................................................................................................................................29
•10107 (1) - HTTP Server Type and Version............................................................................................................ 30
•10114 (1) - ICMP Timestamp Request Remote Date Disclosure.............................................................................31
•10267 (1) - SSH Server Type and Version Information........................................................................................... 32
•10287 (1) - Traceroute Information...........................................................................................................................33
•10662 (1) - Web mirroring........................................................................................................................................ 34
•10881 (1) - SSH Protocol Versions Supported.........................................................................................................35
•11032 (1) - Web Server Directory Enumeration.......................................................................................................36
•11936 (1) - OS Identification.....................................................................................................................................37
•18261 (1) - Apache Banner Linux Distribution Disclosure........................................................................................38
•19506 (1) - Nessus Scan Information.......................................................................................................................39
•24260 (1) - HyperText Transfer Protocol (HTTP) Information..................................................................................40
•25220 (1) - TCP/IP Timestamps Supported............................................................................................................. 41
•43111 (1) - HTTP Methods Allowed (per directory)................................................................................................. 42
•45590 (1) - Common Platform Enumeration (CPE)..................................................................................................43
•54615 (1) - Device Type...........................................................................................................................................44
•66334 (1) - Patch Report..........................................................................................................................................45
Hosts Summary (Executive)
4
10.42.14.159Summary
Critical High Medium Low Info Total
0 0 6 0 18 24
Details
Severity Plugin Id Name
Medium (6.9) 62101 Apache 2.2 < 2.2.23 Multiple Vulnerabilities
Medium (5.1) 68915 Apache 2.2 < 2.2.25 Multiple Vulnerabilities
Medium (5.0) 11229 Web Server info.php / phpinfo.php Detection
Medium (5.0) 12213 TCP/IP Sequence Prediction Blind Reset Spoofing DoS
Medium (5.0) 67140 OpenSSH LoginGraceTime / MaxStartups DoS
Medium (4.3) 64912 Apache 2.2 < 2.2.24 Multiple Cross-Site Scripting Vulnerabilities
Info 10107 HTTP Server Type and Version
Info 10114 ICMP Timestamp Request Remote Date Disclosure
Info 10267 SSH Server Type and Version Information
Info 10287 Traceroute Information
Info 10662 Web mirroring
Info 10881 SSH Protocol Versions Supported
Info 11032 Web Server Directory Enumeration
Info 11219 Nessus SYN scanner
Info 11936 OS Identification
Info 18261 Apache Banner Linux Distribution Disclosure
Info 19506 Nessus Scan Information
Info 22964 Service Detection
Info 24260 HyperText Transfer Protocol (HTTP) Information
Info 25220 TCP/IP Timestamps Supported
Info 43111 HTTP Methods Allowed (per directory)
Info 45590 Common Platform Enumeration (CPE)
Info 54615 Device Type
Info 66334 Patch Report
Vulnerabilities By Host
6
10.42.14.159Scan Information
Start time: Thu Sep 26 04:38:18 2013
End time: Thu Sep 26 04:40:40 2013
Host Information
IP: 10.42.14.159
OS: Linux Kernel 3.5 on Ubuntu 12.10 (quantal)
Results Summary
Critical High Medium Low Info Total
0 0 6 0 20 26
Results Details0/icmp10114 - ICMP Timestamp Request Remote Date DisclosureSynopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set onthe targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authenticationprotocols.Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, butusually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
References
CVE CVE-1999-0524
XREF OSVDB:94
XREF CWE:200
Plugin Information:
Publication date: 1999/08/01, Modification date: 2012/06/18
Portsicmp/0
The difference between the local and remote clocks is 1 second.
0/tcp12213 - TCP/IP Sequence Prediction Blind Reset Spoofing DoSSynopsis
It may be possible to send spoofed RST packets to the remote system.
Description
The remote host might be affected by a sequence number approximation vulnerability that may allow an attacker tosend spoofed RST packets to the remote host and close established connections. This may cause problems for somededicated services (BGP, a VPN over TCP, etc).
See Also
https://downloads.avaya.com/elmodocs2/security/ASA-2006-217.htm
7
http://www.kb.cert.org/vuls/id/JARL-5ZQR4D
http://www-01.ibm.com/support/docview.wss?uid=isg1IY55949
http://www-01.ibm.com/support/docview.wss?uid=isg1IY55950
http://www-01.ibm.com/support/docview.wss?uid=isg1IY62006
http://www.juniper.net/support/security/alerts/niscc-236929.txt
http://technet.microsoft.com/en-us/security/bulletin/ms05-019
http://technet.microsoft.com/en-us/security/bulletin/ms06-064
http://www.kb.cert.org/vuls/id/JARL-5YGQ9G
http://www.kb.cert.org/vuls/id/JARL-5ZQR7H
http://www.kb.cert.org/vuls/id/JARL-5YGQAJ
http://www.nessus.org/u?9a548ae4
http://isc.sans.edu/diary.html?date=2004-04-20
Solution
Contact the vendor for a patch or mitigation advice.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.1 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
References
BID 10183
CVE CVE-2004-0230
XREF OSVDB:4030
XREF CERT:415294
XREF EDB-ID:276
XREF EDB-ID:291
Plugin Information:
Publication date: 2004/04/25, Modification date: 2012/12/28
Portstcp/025220 - TCP/IP Timestamps SupportedSynopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptimeof the remote host can sometimes be computed.
See Also
8
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/05/16, Modification date: 2011/03/20
Portstcp/018261 - Apache Banner Linux Distribution DisclosureSynopsis
The name of the Linux distribution running on the remote host was found in the banner of the web server.
Description
This script extracts the banner of the Apache web server and attempts to determine which Linux distribution theremote host is running.
Solution
If you do not wish to display this information, edit httpd.conf and set the directive 'ServerTokens Prod' and restartApache.
Risk Factor
None
Plugin Information:
Publication date: 2005/05/15, Modification date: 2013/08/10
Portstcp/0
The linux distribution detected was : - Ubuntu 12.04 (precise) - Ubuntu 12.10 (quantal) - Ubuntu 13.04 (raring)
11936 - OS IdentificationSynopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...), it is possible to guess the name ofthe remote operating system in use. It is also sometimes possible to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2003/12/09, Modification date: 2013/09/03
Portstcp/0
Remote operating system : Linux Kernel 3.5 on Ubuntu 12.10 (quantal)Confidence Level : 95Method : SSH The remote host is running Linux Kernel 3.5 on Ubuntu 12.10 (quantal)
54615 - Device Type
9
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2011/05/23, Modification date: 2011/05/23
Portstcp/0
Remote device type : general-purposeConfidence level : 95
45590 - Common Platform Enumeration (CPE)Synopsis
It is possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matchesfor various hardware and software products found on a host.Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on theinformation available from the scan.
See Also
http://cpe.mitre.org/
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2010/04/21, Modification date: 2013/09/18
Portstcp/0
The remote operating system matched the following CPE : cpe:/o:canonical:ubuntu_linux:12.10 -> Canonical Ubuntu Linux 12.10 Following application CPE's matched on the remote system : cpe:/a:openbsd:openssh:6.0 -> OpenBSD OpenSSH 6.0 cpe:/a:apache:http_server:2.2.22 -> Apache Software Foundation Apache HTTP Server 2.2.22
66334 - Patch ReportSynopsis
The remote host is missing several patches
Description
The remote host is missing one or several security patches.This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.
Solution
Install the patches listed below
Risk Factor
10
None
Plugin Information:
Publication date: 2013/05/07, Modification date: 2013/09/13
Portstcp/0
. You need to take the following 2 actions: [ OpenSSH LoginGraceTime / MaxStartups DoS (67140) ] + Action to take: Upgrade to OpenSSH 6.2 and review the associated server configuration settings. [ Apache 2.2 < 2.2.25 Multiple Vulnerabilities (68915) ] + Action to take: Either ensure that the affected modules are not in use or upgrade to Apache version 2.2.25 or later. + Impact: Taking this action will resolve 6 different vulnerabilities (CVEs).
19506 - Nessus Scan InformationSynopsis
Information about the Nessus scan.
Description
This script displays, for each tested host, information about the scan itself :- The version of the plugin set- The type of plugin feed (HomeFeed or ProfessionalFeed)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2005/08/26, Modification date: 2013/09/17
Portstcp/0
Information about this scan : Nessus version : 5.2.2Plugin feed version : 201309251115Type of plugin feed : HomeFeed (Non-commercial use only)Scanner IP : 10.42.12.28Port scanner(s) : nessus_syn_scanner Port range : 1-65535Thorough tests : noExperimental tests : noParanoia level : 2Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : None
11
CGI scanning : enabledWeb application tests : enabledWeb app tests - Test mode : singleWeb app tests - Try all HTTP methods : yesWeb app tests - Maximum run time : 10 minutes.Web app tests - Stop at first flaw : paramMax hosts : 20Max checks : 4Recv timeout : 15Backports : NoneAllow post-scan editing: YesScan Start Date : 2013/9/26 4:38Scan duration : 142 sec
0/udp10287 - Traceroute InformationSynopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 1999/11/27, Modification date: 2013/04/11
Portsudp/0
For your information, here is the traceroute from 10.42.12.28 to 10.42.14.159 : 10.42.12.2810.42.12.110.42.14.159
22/tcp67140 - OpenSSH LoginGraceTime / MaxStartups DoSSynopsis
The remote SSH service is susceptible to a remote denial of service attack.
Description
According to its banner, a version of OpenSSH earlier than version 6.2 is listening on this port. The defaultconfiguration of OpenSSH installs before 6.2 could allow a remote attacker to bypass the LoginGraceTime andMaxStartups thresholds by periodically making a large number of new TCP connections and thereby preventlegitimate users from gaining access to the service.Note that this plugin has not tried to exploit the issue or detect whether the remote service uses a vulnerableconfiguration. Instead, it has simply checked the version of OpenSSH running on the remote host.
See Also
http://www.openwall.com/lists/oss-security/2013/02/06/5
http://openssh.org/txt/release-6.2
http://tools.cisco.com/security/center/viewAlert.x?alertId=28883
Solution
Upgrade to OpenSSH 6.2 and review the associated server configuration settings.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
12
3.7 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
References
BID 58162
CVE CVE-2010-5107
XREF OSVDB:90007
Plugin Information:
Publication date: 2013/07/03, Modification date: 2013/07/03
Portstcp/22
Version source : SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1 Installed version : 6.0p1 Fixed version : 6.2
11219 - Nessus SYN scannerSynopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/08/07
Portstcp/22
Port 22/tcp was found to be open
22964 - Service DetectionSynopsis
The remote service could be identified.
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receivesan HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/08/19, Modification date: 2013/09/19
Portstcp/22
An SSH server is running on this port.
10267 - SSH Server Type and Version InformationSynopsis
An SSH server is listening on this port.
13
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication request.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 1999/10/12, Modification date: 2011/10/24
Portstcp/22
SSH version : SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1SSH supported authentication : publickey,password
10881 - SSH Protocol Versions SupportedSynopsis
A SSH server is running on the remote host.
Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2002/03/06, Modification date: 2012/04/04
Portstcp/22
The remote SSH daemon supports the following versions of theSSH protocol : - 1.99 - 2.0 SSHv2 host key fingerprint : d2:2b:99:ab:9b:5e:2e:62:96:4e:b8:57:d2:0c:3d:9c
80/tcp11229 - Web Server info.php / phpinfo.php DetectionSynopsis
The remote web server contains a PHP script that is prone to an information disclosure attack.
Description
Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo()' fordebugging purposes. Various PHP applications may also include such a file. By accessing such a file, a remoteattacker can discover a large amount of information about the remote web server, including :- The username of the user who installed php and if they are a SUDO user.- The IP address of the host.- The version of the operating system.- The web server version.- The root directory of the web server.- Configuration information about the remote PHP installation.
Solution
Remove the affected file(s).
Risk Factor
Medium
14
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin Information:
Publication date: 2003/02/12, Modification date: 2013/01/25
Portstcp/80
Nessus discovered the following URL that calls phpinfo() : - http://10.42.14.159/info.php
62101 - Apache 2.2 < 2.2.23 Multiple VulnerabilitiesSynopsis
The remote web server may be affected by multiple vulnerabilities.
Description
According to its banner, the version of Apache 2.2 installed on the remote host is earlier than 2.2.23. It is, therefore,potentially affected by the following vulnerabilities:- The utility 'apachectl' can receive a zero-length directory name in the LD_LIBRARY_PATH via the 'envvars'file. A local attacker with access to that utility could exploit this to load a malicious Dynamic Shared Object (DSO),leading to arbitrary code execution.(CVE-2012-0883)- An input validation error exists related to 'mod_negotiation', 'Multiviews' and untrusted uploads that can allow cross-site scripting attacks.(CVE-2012-2687)Note that Nessus did not actually test for these flaws, but instead has relied on the version in the server's banner.
See Also
http://www.apache.org/dist/httpd/CHANGES_2.2.23
http://httpd.apache.org/security/vulnerabilities_22.html
Solution
Upgrade to Apache version 2.2.23 or later.
Risk Factor
Medium
CVSS Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
5.7 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
References
BID 53046
BID 55131
CVE CVE-2012-0883
CVE CVE-2012-2687
XREF OSVDB:81359
XREF OSVDB:84818
Plugin Information:
Publication date: 2012/09/14, Modification date: 2013/07/20
Portstcp/80
15
Version source : Server: Apache/2.2.22 Installed version : 2.2.22 Fixed version : 2.2.23
64912 - Apache 2.2 < 2.2.24 Multiple Cross-Site Scripting VulnerabilitiesSynopsis
The remote web server may be affected by multiple cross-site scripting vulnerabilities.
Description
According to its banner, the version of Apache 2.2 installed on the remote host is earlier than 2.2.24. It is, therefore,potentially affected by the following cross-site scripting vulnerabilities :- Errors exist related to the modules mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp andunescaped hostnames and URIs that could allow cross- site scripting attacks. (CVE-2012-3499)- An error exists related to the mod_proxy_balancer module's manager interface that could allow cross-site scriptingattacks. (CVE-2012-4558)Note that Nessus did not actually test for these issues, but instead has relied on the version in the server's banner.
See Also
http://www.apache.org/dist/httpd/CHANGES_2.2.24
http://httpd.apache.org/security/vulnerabilities_22.html
Solution
Either ensure that the affected modules are not in use or upgrade to Apache version 2.2.24 or later.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
3.2 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
References
BID 58165
CVE CVE-2012-3499
CVE CVE-2012-4558
XREF OSVDB:90556
XREF OSVDB:90557
Plugin Information:
Publication date: 2013/02/27, Modification date: 2013/09/15
Portstcp/80
Version source : Server: Apache/2.2.22 Installed version : 2.2.22 Fixed version : 2.2.24
68915 - Apache 2.2 < 2.2.25 Multiple VulnerabilitiesSynopsis
The remote web server may be affected by multiple cross-site scripting vulnerabilities.
Description
According to its banner, the version of Apache 2.2 installed on the remote host is earlier than 2.2.25. It is, therefore,potentially affected by the following vulnerabilities :- A flaw exists in the 'RewriteLog' function where it fails to sanitize escape sequences from being written to log files,making it potentially vulnerable to arbitrary command execution. (CVE-2013-1862)- A denial of service vulnerability exists relating to the 'mod_dav' module as it relates to MERGE requests.(CVE-2013-1896)
16
Note that Nessus did not actually test for these issues, but instead has relied on the version in the server's banner.
See Also
http://www.apache.org/dist/httpd/CHANGES_2.2.25
http://httpd.apache.org/security/vulnerabilities_22.html
http://www.nessus.org/u?f050c342
Solution
Either ensure that the affected modules are not in use or upgrade to Apache version 2.2.25 or later.
Risk Factor
Medium
CVSS Base Score
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
4.2 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
STIG Severity
I
References
BID 59826
BID 61129
CVE CVE-2013-1862
CVE CVE-2013-1896
XREF OSVDB:93366
XREF OSVDB:95498
XREF IAVA:2013-A-0146
Plugin Information:
Publication date: 2013/07/16, Modification date: 2013/09/15
Portstcp/80
Version source : Server: Apache/2.2.22 Installed version : 2.2.22 Fixed version : 2.2.25
11219 - Nessus SYN scannerSynopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
17
Publication date: 2009/02/04, Modification date: 2013/08/07
Portstcp/80
Port 80/tcp was found to be open
22964 - Service DetectionSynopsis
The remote service could be identified.
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receivesan HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/08/19, Modification date: 2013/09/19
Portstcp/80
A web server is running on this port.
11032 - Web Server Directory EnumerationSynopsis
It is possible to enumerate directories on the web server.
Description
This plugin attempts to determine the presence of various common directories on the remote web server. By sendinga request for a directory, the web server response code indicates if it is a valid directory or not.
See Also
http://projects.webappsec.org/Predictable-Resource-Location
Solution
n/a
Risk Factor
None
References
XREF OWASP:OWASP-CM-006
Plugin Information:
Publication date: 2002/06/26, Modification date: 2013/04/02
Portstcp/80
The following directories were discovered:/cgi-bin, /icons While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with companysecurity standards
10662 - Web mirroringSynopsis
Nessus crawled the remote web site.
Description
This script makes a mirror of the remote web site(s) and extracts the list of CGIs that are used by the remote host.
18
It is suggested that you change the number of pages to mirror in the 'Options' section of the client.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2001/05/04, Modification date: 2013/04/11
Portstcp/80
Webmirror performed 9 queries in 1s (9.000 queries per second)
10107 - HTTP Server Type and VersionSynopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2000/01/04, Modification date: 2013/06/03
Portstcp/80
The remote web server type is : Apache/2.2.22 (Ubuntu) You can set the directive 'ServerTokens Prod' to limit the informationemanating from the server in its response headers.
43111 - HTTP Methods Allowed (per directory)Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests'is set to 'yes'in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receivesa response code of 400, 403, 405, or 501.Note that the plugin output is only informational and does not necessarily indicate the presence of any securityvulnerabilities.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2009/12/10, Modification date: 2013/05/09
Portstcp/80
Based on the response to an OPTIONS request :
19
- HTTP methods GET HEAD OPTIONS POST are allowed on : / /icons /manager /recipe Based on tests of each method : - HTTP methods ACL BASELINE-CONTROL BCOPY BDELETE BMOVE BPROPFIND BPROPPATCH CHECKIN CHECKOUT COPY DEBUG DELETE GET HEAD INDEX LABEL LOCK MERGE MKACTIVITY MKCOL MKWORKSPACE MOVE NOTIFY OPTIONS ORDERPATCH PATCH POLL POST PROPFIND PROPPATCH PUT REPORT RPC_IN_DATA RPC_OUT_DATA SEARCH SUBSCRIBE UNCHECKOUT UNLOCK UNSUBSCRIBE UPDATE VERSION-CONTROL X-MS-ENUMATTS are allowed on : /cgi-bin - HTTP methods GET HEAD OPTIONS POST are allowed on : / /icons /manager /recipe - Invalid/unknown HTTP methods are allowed on : /cgi-bin
24260 - HyperText Transfer Protocol (HTTP) InformationSynopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive andHTTP pipelining are enabled, etc...This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/01/30, Modification date: 2011/05/31
Portstcp/80
Protocol version : HTTP/1.1SSL : noKeep-Alive : yesOptions allowed : (Not implemented)Headers : Date: Wed, 25 Sep 2013 21:40:20 GMT Server: Apache/2.2.22 (Ubuntu) Last-Modified: Thu, 05 Sep 2013 16:38:50 GMT ETag: "2c14-b1-4e5a58e89f052" Accept-Ranges: bytes Content-Length: 177 Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html
Vulnerabilities By Plugin
21
11229 (1) - Web Server info.php / phpinfo.php DetectionSynopsis
The remote web server contains a PHP script that is prone to an information disclosure attack.
Description
Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo()' fordebugging purposes. Various PHP applications may also include such a file. By accessing such a file, a remoteattacker can discover a large amount of information about the remote web server, including :- The username of the user who installed php and if they are a SUDO user.- The IP address of the host.- The version of the operating system.- The web server version.- The root directory of the web server.- Configuration information about the remote PHP installation.
Solution
Remove the affected file(s).
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin Information:
Publication date: 2003/02/12, Modification date: 2013/01/25
Hosts10.42.14.159 (tcp/80)
Nessus discovered the following URL that calls phpinfo() : - http://10.42.14.159/info.php
22
12213 (1) - TCP/IP Sequence Prediction Blind Reset Spoofing DoSSynopsis
It may be possible to send spoofed RST packets to the remote system.
Description
The remote host might be affected by a sequence number approximation vulnerability that may allow an attacker tosend spoofed RST packets to the remote host and close established connections. This may cause problems for somededicated services (BGP, a VPN over TCP, etc).
See Also
https://downloads.avaya.com/elmodocs2/security/ASA-2006-217.htm
http://www.kb.cert.org/vuls/id/JARL-5ZQR4D
http://www-01.ibm.com/support/docview.wss?uid=isg1IY55949
http://www-01.ibm.com/support/docview.wss?uid=isg1IY55950
http://www-01.ibm.com/support/docview.wss?uid=isg1IY62006
http://www.juniper.net/support/security/alerts/niscc-236929.txt
http://technet.microsoft.com/en-us/security/bulletin/ms05-019
http://technet.microsoft.com/en-us/security/bulletin/ms06-064
http://www.kb.cert.org/vuls/id/JARL-5YGQ9G
http://www.kb.cert.org/vuls/id/JARL-5ZQR7H
http://www.kb.cert.org/vuls/id/JARL-5YGQAJ
http://www.nessus.org/u?9a548ae4
http://isc.sans.edu/diary.html?date=2004-04-20
Solution
Contact the vendor for a patch or mitigation advice.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.1 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
References
BID 10183
CVE CVE-2004-0230
XREF OSVDB:4030
XREF CERT:415294
XREF EDB-ID:276
XREF EDB-ID:291
Plugin Information:
23
Publication date: 2004/04/25, Modification date: 2012/12/28
Hosts10.42.14.159 (tcp/0)
24
62101 (1) - Apache 2.2 < 2.2.23 Multiple VulnerabilitiesSynopsis
The remote web server may be affected by multiple vulnerabilities.
Description
According to its banner, the version of Apache 2.2 installed on the remote host is earlier than 2.2.23. It is, therefore,potentially affected by the following vulnerabilities:- The utility 'apachectl' can receive a zero-length directory name in the LD_LIBRARY_PATH via the 'envvars'file. A local attacker with access to that utility could exploit this to load a malicious Dynamic Shared Object (DSO),leading to arbitrary code execution.(CVE-2012-0883)- An input validation error exists related to 'mod_negotiation', 'Multiviews' and untrusted uploads that can allow cross-site scripting attacks.(CVE-2012-2687)Note that Nessus did not actually test for these flaws, but instead has relied on the version in the server's banner.
See Also
http://www.apache.org/dist/httpd/CHANGES_2.2.23
http://httpd.apache.org/security/vulnerabilities_22.html
Solution
Upgrade to Apache version 2.2.23 or later.
Risk Factor
Medium
CVSS Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
5.7 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
References
BID 53046
BID 55131
CVE CVE-2012-0883
CVE CVE-2012-2687
XREF OSVDB:81359
XREF OSVDB:84818
Plugin Information:
Publication date: 2012/09/14, Modification date: 2013/07/20
Hosts10.42.14.159 (tcp/80)
Version source : Server: Apache/2.2.22 Installed version : 2.2.22 Fixed version : 2.2.23
25
64912 (1) - Apache 2.2 < 2.2.24 Multiple Cross-Site Scripting VulnerabilitiesSynopsis
The remote web server may be affected by multiple cross-site scripting vulnerabilities.
Description
According to its banner, the version of Apache 2.2 installed on the remote host is earlier than 2.2.24. It is, therefore,potentially affected by the following cross-site scripting vulnerabilities :- Errors exist related to the modules mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp andunescaped hostnames and URIs that could allow cross- site scripting attacks. (CVE-2012-3499)- An error exists related to the mod_proxy_balancer module's manager interface that could allow cross-site scriptingattacks. (CVE-2012-4558)Note that Nessus did not actually test for these issues, but instead has relied on the version in the server's banner.
See Also
http://www.apache.org/dist/httpd/CHANGES_2.2.24
http://httpd.apache.org/security/vulnerabilities_22.html
Solution
Either ensure that the affected modules are not in use or upgrade to Apache version 2.2.24 or later.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
3.2 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
References
BID 58165
CVE CVE-2012-3499
CVE CVE-2012-4558
XREF OSVDB:90556
XREF OSVDB:90557
Plugin Information:
Publication date: 2013/02/27, Modification date: 2013/09/15
Hosts10.42.14.159 (tcp/80)
Version source : Server: Apache/2.2.22 Installed version : 2.2.22 Fixed version : 2.2.24
26
67140 (1) - OpenSSH LoginGraceTime / MaxStartups DoSSynopsis
The remote SSH service is susceptible to a remote denial of service attack.
Description
According to its banner, a version of OpenSSH earlier than version 6.2 is listening on this port. The defaultconfiguration of OpenSSH installs before 6.2 could allow a remote attacker to bypass the LoginGraceTime andMaxStartups thresholds by periodically making a large number of new TCP connections and thereby preventlegitimate users from gaining access to the service.Note that this plugin has not tried to exploit the issue or detect whether the remote service uses a vulnerableconfiguration. Instead, it has simply checked the version of OpenSSH running on the remote host.
See Also
http://www.openwall.com/lists/oss-security/2013/02/06/5
http://openssh.org/txt/release-6.2
http://tools.cisco.com/security/center/viewAlert.x?alertId=28883
Solution
Upgrade to OpenSSH 6.2 and review the associated server configuration settings.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
3.7 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
References
BID 58162
CVE CVE-2010-5107
XREF OSVDB:90007
Plugin Information:
Publication date: 2013/07/03, Modification date: 2013/07/03
Hosts10.42.14.159 (tcp/22)
Version source : SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1 Installed version : 6.0p1 Fixed version : 6.2
27
68915 (1) - Apache 2.2 < 2.2.25 Multiple VulnerabilitiesSynopsis
The remote web server may be affected by multiple cross-site scripting vulnerabilities.
Description
According to its banner, the version of Apache 2.2 installed on the remote host is earlier than 2.2.25. It is, therefore,potentially affected by the following vulnerabilities :- A flaw exists in the 'RewriteLog' function where it fails to sanitize escape sequences from being written to log files,making it potentially vulnerable to arbitrary command execution. (CVE-2013-1862)- A denial of service vulnerability exists relating to the 'mod_dav' module as it relates to MERGE requests.(CVE-2013-1896)Note that Nessus did not actually test for these issues, but instead has relied on the version in the server's banner.
See Also
http://www.apache.org/dist/httpd/CHANGES_2.2.25
http://httpd.apache.org/security/vulnerabilities_22.html
http://www.nessus.org/u?f050c342
Solution
Either ensure that the affected modules are not in use or upgrade to Apache version 2.2.25 or later.
Risk Factor
Medium
CVSS Base Score
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
4.2 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
STIG Severity
I
References
BID 59826
BID 61129
CVE CVE-2013-1862
CVE CVE-2013-1896
XREF OSVDB:93366
XREF OSVDB:95498
XREF IAVA:2013-A-0146
Plugin Information:
Publication date: 2013/07/16, Modification date: 2013/09/15
Hosts10.42.14.159 (tcp/80)
Version source : Server: Apache/2.2.22 Installed version : 2.2.22 Fixed version : 2.2.25
28
11219 (2) - Nessus SYN scannerSynopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/08/07
Hosts10.42.14.159 (tcp/22)
Port 22/tcp was found to be open
10.42.14.159 (tcp/80)
Port 80/tcp was found to be open
29
22964 (2) - Service DetectionSynopsis
The remote service could be identified.
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receivesan HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/08/19, Modification date: 2013/09/19
Hosts10.42.14.159 (tcp/22)
An SSH server is running on this port.
10.42.14.159 (tcp/80)
A web server is running on this port.
30
10107 (1) - HTTP Server Type and VersionSynopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2000/01/04, Modification date: 2013/06/03
Hosts10.42.14.159 (tcp/80)
The remote web server type is : Apache/2.2.22 (Ubuntu) You can set the directive 'ServerTokens Prod' to limit the informationemanating from the server in its response headers.
31
10114 (1) - ICMP Timestamp Request Remote Date DisclosureSynopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set onthe targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authenticationprotocols.Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, butusually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
References
CVE CVE-1999-0524
XREF OSVDB:94
XREF CWE:200
Plugin Information:
Publication date: 1999/08/01, Modification date: 2012/06/18
Hosts10.42.14.159 (icmp/0)
The difference between the local and remote clocks is 1 second.
32
10267 (1) - SSH Server Type and Version InformationSynopsis
An SSH server is listening on this port.
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication request.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 1999/10/12, Modification date: 2011/10/24
Hosts10.42.14.159 (tcp/22)
SSH version : SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1SSH supported authentication : publickey,password
33
10287 (1) - Traceroute InformationSynopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 1999/11/27, Modification date: 2013/04/11
Hosts10.42.14.159 (udp/0)
For your information, here is the traceroute from 10.42.12.28 to 10.42.14.159 : 10.42.12.2810.42.12.110.42.14.159
34
10662 (1) - Web mirroringSynopsis
Nessus crawled the remote web site.
Description
This script makes a mirror of the remote web site(s) and extracts the list of CGIs that are used by the remote host.It is suggested that you change the number of pages to mirror in the 'Options' section of the client.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2001/05/04, Modification date: 2013/04/11
Hosts10.42.14.159 (tcp/80)
Webmirror performed 9 queries in 1s (9.000 queries per second)
35
10881 (1) - SSH Protocol Versions SupportedSynopsis
A SSH server is running on the remote host.
Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2002/03/06, Modification date: 2012/04/04
Hosts10.42.14.159 (tcp/22)
The remote SSH daemon supports the following versions of theSSH protocol : - 1.99 - 2.0 SSHv2 host key fingerprint : d2:2b:99:ab:9b:5e:2e:62:96:4e:b8:57:d2:0c:3d:9c
36
11032 (1) - Web Server Directory EnumerationSynopsis
It is possible to enumerate directories on the web server.
Description
This plugin attempts to determine the presence of various common directories on the remote web server. By sendinga request for a directory, the web server response code indicates if it is a valid directory or not.
See Also
http://projects.webappsec.org/Predictable-Resource-Location
Solution
n/a
Risk Factor
None
References
XREF OWASP:OWASP-CM-006
Plugin Information:
Publication date: 2002/06/26, Modification date: 2013/04/02
Hosts10.42.14.159 (tcp/80)
The following directories were discovered:/cgi-bin, /icons While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with companysecurity standards
37
11936 (1) - OS IdentificationSynopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...), it is possible to guess the name ofthe remote operating system in use. It is also sometimes possible to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2003/12/09, Modification date: 2013/09/03
Hosts10.42.14.159 (tcp/0)
Remote operating system : Linux Kernel 3.5 on Ubuntu 12.10 (quantal)Confidence Level : 95Method : SSH The remote host is running Linux Kernel 3.5 on Ubuntu 12.10 (quantal)
38
18261 (1) - Apache Banner Linux Distribution DisclosureSynopsis
The name of the Linux distribution running on the remote host was found in the banner of the web server.
Description
This script extracts the banner of the Apache web server and attempts to determine which Linux distribution theremote host is running.
Solution
If you do not wish to display this information, edit httpd.conf and set the directive 'ServerTokens Prod' and restartApache.
Risk Factor
None
Plugin Information:
Publication date: 2005/05/15, Modification date: 2013/08/10
Hosts10.42.14.159 (tcp/0)
The linux distribution detected was : - Ubuntu 12.04 (precise) - Ubuntu 12.10 (quantal) - Ubuntu 13.04 (raring)
39
19506 (1) - Nessus Scan InformationSynopsis
Information about the Nessus scan.
Description
This script displays, for each tested host, information about the scan itself :- The version of the plugin set- The type of plugin feed (HomeFeed or ProfessionalFeed)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2005/08/26, Modification date: 2013/09/17
Hosts10.42.14.159 (tcp/0)
Information about this scan : Nessus version : 5.2.2Plugin feed version : 201309251115Type of plugin feed : HomeFeed (Non-commercial use only)Scanner IP : 10.42.12.28Port scanner(s) : nessus_syn_scanner Port range : 1-65535Thorough tests : noExperimental tests : noParanoia level : 2Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : NoneCGI scanning : enabledWeb application tests : enabledWeb app tests - Test mode : singleWeb app tests - Try all HTTP methods : yesWeb app tests - Maximum run time : 10 minutes.Web app tests - Stop at first flaw : paramMax hosts : 20Max checks : 4Recv timeout : 15Backports : NoneAllow post-scan editing: YesScan Start Date : 2013/9/26 4:38Scan duration : 142 sec
40
24260 (1) - HyperText Transfer Protocol (HTTP) InformationSynopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive andHTTP pipelining are enabled, etc...This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/01/30, Modification date: 2011/05/31
Hosts10.42.14.159 (tcp/80)
Protocol version : HTTP/1.1SSL : noKeep-Alive : yesOptions allowed : (Not implemented)Headers : Date: Wed, 25 Sep 2013 21:40:20 GMT Server: Apache/2.2.22 (Ubuntu) Last-Modified: Thu, 05 Sep 2013 16:38:50 GMT ETag: "2c14-b1-4e5a58e89f052" Accept-Ranges: bytes Content-Length: 177 Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html
41
25220 (1) - TCP/IP Timestamps SupportedSynopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptimeof the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/05/16, Modification date: 2011/03/20
Hosts10.42.14.159 (tcp/0)
42
43111 (1) - HTTP Methods Allowed (per directory)Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests'is set to 'yes'in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receivesa response code of 400, 403, 405, or 501.Note that the plugin output is only informational and does not necessarily indicate the presence of any securityvulnerabilities.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2009/12/10, Modification date: 2013/05/09
Hosts10.42.14.159 (tcp/80)
Based on the response to an OPTIONS request : - HTTP methods GET HEAD OPTIONS POST are allowed on : / /icons /manager /recipe Based on tests of each method : - HTTP methods ACL BASELINE-CONTROL BCOPY BDELETE BMOVE BPROPFIND BPROPPATCH CHECKIN CHECKOUT COPY DEBUG DELETE GET HEAD INDEX LABEL LOCK MERGE MKACTIVITY MKCOL MKWORKSPACE MOVE NOTIFY OPTIONS ORDERPATCH PATCH POLL POST PROPFIND PROPPATCH PUT REPORT RPC_IN_DATA RPC_OUT_DATA SEARCH SUBSCRIBE UNCHECKOUT UNLOCK UNSUBSCRIBE UPDATE VERSION-CONTROL X-MS-ENUMATTS are allowed on : /cgi-bin - HTTP methods GET HEAD OPTIONS POST are allowed on : / /icons /manager /recipe - Invalid/unknown HTTP methods are allowed on : /cgi-bin
43
45590 (1) - Common Platform Enumeration (CPE)Synopsis
It is possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matchesfor various hardware and software products found on a host.Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on theinformation available from the scan.
See Also
http://cpe.mitre.org/
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2010/04/21, Modification date: 2013/09/18
Hosts10.42.14.159 (tcp/0)
The remote operating system matched the following CPE : cpe:/o:canonical:ubuntu_linux:12.10 -> Canonical Ubuntu Linux 12.10 Following application CPE's matched on the remote system : cpe:/a:openbsd:openssh:6.0 -> OpenBSD OpenSSH 6.0 cpe:/a:apache:http_server:2.2.22 -> Apache Software Foundation Apache HTTP Server 2.2.22
44
54615 (1) - Device TypeSynopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2011/05/23, Modification date: 2011/05/23
Hosts10.42.14.159 (tcp/0)
Remote device type : general-purposeConfidence level : 95
45
66334 (1) - Patch ReportSynopsis
The remote host is missing several patches
Description
The remote host is missing one or several security patches.This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.
Solution
Install the patches listed below
Risk Factor
None
Plugin Information:
Publication date: 2013/05/07, Modification date: 2013/09/13
Hosts10.42.14.159 (tcp/0)
. You need to take the following 2 actions: [ OpenSSH LoginGraceTime / MaxStartups DoS (67140) ] + Action to take: Upgrade to OpenSSH 6.2 and review the associated server configuration settings. [ Apache 2.2 < 2.2.25 Multiple Vulnerabilities (68915) ] + Action to take: Either ensure that the affected modules are not in use or upgrade to Apache version 2.2.25 or later. + Impact: Taking this action will resolve 6 different vulnerabilities (CVEs).