| Informational |
socks (1080/tcp) |
Synopsis :
A SOCKS server is running on this host.
Description :
The remote service is a SOCKS (SOCKetS) server, which allows client
applications to operate transparently through a firewall.
See also :
http://en.wikipedia.org/wiki/Socks5
Risk factor :
None
Plugin output :
A SOCKS5 server is running on this port
We could not determine its external interface address
It prefers the GSS API authentication.
SHALB ID : 11865 |
| Informational |
ftp (21/tcp) |
An FTP server is running on this port.
SHALB ID : 22964 |
| Informational |
ftp (21/tcp) |
Synopsis :
The remote FTP server allows credentials to be transmitted in clear
text.
Description :
The remote FTP does not encrypt its data and control connections. The
user name and password are transmitted in clear text and may be
intercepted by a network sniffer, or a man-in-the-middle attack.
Solution :
Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In
the latter case, configure the server such as data and control
connections must be encrypted.
Risk factor :
Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
SHALB ID : 34324 |
| Informational |
ftp (21/tcp) |
Synopsis :
An FTP server is listening on this port.
Description :
It is possible to obtain the banner of the remote FTP server by
connecting to the remote port.
Risk factor :
None
Plugin output :
The remote FTP banner is :
220 Serv-U FTP Server v6.2 for WinSock ready...
SHALB ID : 10092 |
| Informational |
general/icmp |
Here is the route recorded between 62.149.9.65 and 192.168.68.68 :
62.149.14.252
192.168.68.68
62.149.9.251
SHALB ID : 12264 |
| Informational |
general/tcp |
192.168.68.68 resolves as nonsecure.shalb.com.
SHALB ID : 12053 |
| Informational |
general/tcp |
Information about this scan :
ABSS version : 3.2.1
Plugin feed version : 200901292234
Type of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 62.149.9.65
Port scanner(s) : nessus_tcp_scanner synscan
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 0
Safe checks : no
Optimize the test : yes
Max hosts : 50
Max checks : 3
Recv timeout : 10
Backports : None
Scan Start Date : 2009/1/31 1:50
Scan duration : 927 sec
SHALB ID : 19506 |
| Informational |
general/tcp |
Remote operating system : Microsoft Windows Server 2003
Confidence Level : 80
Method : RDP
The remote host is running Microsoft Windows Server 2003
SHALB ID : 11936 |
| Informational |
general/udp |
For your information, here is the traceroute from 62.149.9.65 to 192.168.68.68 :
62.149.9.65
62.149.9.251
192.168.68.68
SHALB ID : 10287 |
| Vulnerability |
http (80/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple flaws.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2.7. Such versions may be affected by several
security issues :
- File truncation can occur when calling 'dba_replace()'
with an invalid argument.
- There is a buffer overflow in the bundled PCRE library
fixed by 7.8. (CVE-2008-2371)
- A buffer overflow in the 'imageloadfont()' function in
'ext/gd/gd.c' can be triggered when a specially crafted
font is given. (CVE-2008-3658)
- There is a buffer overflow in PHP's internal function
'memnstr()', which is exposed to userspace as
'explode()'. (CVE-2008-3659)
- When used as a FastCGI module, PHP segfaults when
opening a file whose name contains two dots (eg,
'file..php'). (CVE-2008-3660)
- Multiple directory traversal vulnerabilities in
functions such as 'posix_access()', 'chdir()', 'ftok()'
may allow a remote attacker to bypass 'safe_mode'
restrictions. (CVE-2008-2665 and CVE-2008-2666).
- A buffer overflow may be triggered when processing long
message headers in 'php_imap.c' due to use of an
obsolete API call. (CVE-2008-2829)
- A heap-based buffer overflow may be triggered via
a call to 'mb_check_encoding()', part of the 'mbstring'
extension. (CVE-2008-5557)
- Missing initialization of 'BG(page_uid)' and
'BG(page_gid)' when PHP is used as an Apache module
may allow for bypassing security restriction due to
SAPI 'php_getuid()' overloading. (CVE-2008-5624)
- Incorrect 'php_value' order for Apache configuration
may allow bypassing PHP's 'safe_mode' setting.
(CVE-2008-5625)
- The ZipArchive:extractTo() method in the ZipArchive
extension fails to filter directory traversal
sequences from file names. (CVE-2008-5658)
See also :
http://securityreason.com/achievement_securityalert/57
http://securityreason.com/achievement_securityalert/58
http://securityreason.com/achievement_securityalert/59
http://www.sektioneins.de/advisories/SE-2008-06.txt
http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0238.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0239.html
http://www.openwall.com/lists/oss-security/2008/08/08/2
http://www.openwall.com/lists/oss-security/2008/08/13/8
http://archives.neohapsis.com/archives/fulldisclosure/2008-11/0433.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0089.html
http://bugs.php.net/bug.php?id=42862
http://bugs.php.net/bug.php?id=45151
http://bugs.php.net/bug.php?id=45722
http://www.php.net/releases/5_2_7.php
http://www.php.net/ChageLog-5.php#5.2.7
Solution :
Upgrade to PHP version 5.2.8 or later.
Note that 5.2.7 was been removed from distribution because of a
regression in that version that results in the 'magic_quotes_gpc'
setting remaining off even if it was set to on.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658
BID : 29796, 29797, 29829, 30087, 30649, 31612, 32383, 32625, 32688, 32948, 33498
Other references : OSVDB:46584, OSVDB:46638, OSVDB:46639, OSVDB:46641, OSVDB:46690, OSVDB:47796, OSVDB:47797, OSVDB:47798
SHALB ID : 35043 |
| Vulnerability |
http (80/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple flaws.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2.4. Such versions may be affected by various
issues, including but not limited to several overflows.
See also :
http://www.php.net/releases/5_2_4.php
Solution :
Upgrade to PHP version 5.2.4 or later.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2007-2872, CVE-2007-3378, CVE-2007-3806
BID : 24661, 24261, 24922, 25498
SHALB ID : 25971 |
| Vulnerability |
http (80/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple buffer overflows.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2. Such versions may be affected by several
buffer overflows.
To exploit these issues, an attacker would need the ability to upload
an arbitrary PHP script on the remote server, or to be able to
manipulate several variables processed by some PHP functions such as
htmlentities().
See also :
http://www.php.net/releases/5_2_0.php
Solution :
Upgrade to PHP version 5.2.0 or later.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2006-5465
BID : 20879
Other references : OSVDB:30178, OSVDB:30179
SHALB ID : 31649 |
| Vulnerability |
http (80/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple flaws.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2.1. Such versions may be affected by several
issues, including buffer overflows, format string vulnerabilities,
arbitrary code execution, 'safe_mode' and 'open_basedir' bypasses, and
clobbering of super-globals.
See also :
http://www.php.net/releases/5_2_1.php
Solution :
Upgrade to PHP version 5.2.1 or later.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2006-6383, CVE-2007-0905, CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-1376, CVE-2007-1380, CVE-2007-1453, CVE-2007-1700, CVE-2007-1701, CVE-2007-1824, CVE-2007-1825, CVE-2007-1884, CVE-2007-1885, CVE-2007-1886, CVE-2007-1887, CVE-2007-1890
BID : 21508, 22496, 22805, 22806, 22862, 22922, 23119, 23120, 23219, 23233, 23234, 23235, 23236, 23237, 23238
Other references : OSVDB:32776, OSVDB:32781, OSVDB:33955, OSVDB:34767
SHALB ID : 24907 |
| Vulnerability |
http (80/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple flaws.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2.6. Such versions may be affected by the
following issues :
- A stack buffer overflow in FastCGI SAPI.
- An integer overflow in printf().
- An security issue arising from improper calculation
of the length of PATH_TRANSLATED in cgi_main.c.
- A safe_mode bypass in cURL.
- Incomplete handling of multibyte chars inside
escapeshellcmd().
- Issues in the bundled PCRE fixed by version 7.6.
See also :
http://archives.neohapsis.com/archives/bugtraq/2008-03/0321.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0107.html
http://www.php.net/releases/5_2_6.php
Solution :
Upgrade to PHP version 5.2.6 or later.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2007-4850, CVE-2008-0599, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051
BID : 27413, 28392, 29009
Other references : OSVDB:43219, OSVDB:44057, OSVDB:44906, OSVDB:44907, OSVDB:44908, Secunia:30048
SHALB ID : 32123 |
| Vulnerability |
http (80/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple flaws.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2.5. Such versions may be affected by various
issues, including but not limited to several buffer overflows.
See also :
http://www.php.net/releases/5_2_5.php
Solution :
Upgrade to PHP version 5.2.5 or later.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2007-4887, CVE-2007-5898, CVE-2007-5900
BID : 26403
Other references : OSVDB:38680, OSVDB:38681, OSVDB:38682, OSVDB:38683, OSVDB:38684, OSVDB:38685
SHALB ID : 28181 |
| Warning |
http (80/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple flaws.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2.3. Such versions may be affected by several
issues, including an integer overflow, 'safe_mode' and 'open_basedir'
bypass, and a denial of service vulnerability.
See also :
http://www.php.net/releases/5_2_3.php
Solution :
Upgrade to PHP version 5.2.3 or later.
Risk factor :
Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE : CVE-2007-1900, CVE-2007-2756, CVE-2007-2872, CVE-2007-3007
BID : 23359, 24089, 24259, 24261
Other references : OSVDB:33962, OSVDB:35788, OSVDB:36083, OSVDB:36084, OSVDB:36643
SHALB ID : 25368 |
| Warning |
http (80/tcp) |
Synopsis :
The remote web server is vulnerable to a cross-site scripting attack.
Description :
The mod_proxy_ftp module in the version of Apache installed on the
remote host fails to properly sanitize user-supplied URL input before
using it to generate dynamic HTML output. Using specially crafted
requests for FTP URLs with globbing characters (such as asterisk,
tilde, opening square bracket, etc), an attacker may be able to
leverage this issue to inject arbitrary HTML and script code into a
user's browser to be executed within the security context of the
affected site.
See also :
http://www.rapid7.com/advisories/R7-0033
http://www.securityfocus.com/archive/1/495180/100/0/threaded
http://www.apache.org/dist/httpd/CHANGES_2.2.10
http://httpd.apache.org/security/vulnerabilities_22.html
Solution :
Either disable the affected module or upgrade to Apache version 2.2.10
or later.
Risk factor :
Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE : CVE-2008-2939
BID : 30560
Other references : OSVDB:47474
SHALB ID : 34433 |
| Warning |
http (80/tcp) |
Synopsis :
The remote web server may be affected by several issues.
Description :
According to its banner, the version of Apache 2.2 installed on the
remote host is older than 2.2.9. Such versions may be affected by
several issues, including :
- Improper handling of excessive forwarded interim
responses may cause denial-of-service conditions in
mod_proxy_http (CVE-2008-2364).
- A cross-site request forgery vulnerability in the
balancer-manager interface of mod_proxy_balancer
(CVE-2007-6420).
Note that the remote web server may not actually be affected by these
vulnerabilities. ABSS did not try to determine whether the affected
modules are in use or to check for the issues themselves.
See also :
http://www.apache.org/dist/httpd/CHANGES_2.2.9
http://httpd.apache.org/security/vulnerabilities_22.html
Solution :
Either ensure that the affected modules are not in use or upgrade to
Apache version 2.2.9 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE : CVE-2007-6420, CVE-2008-2364
BID : 27236, 29653
Other references : OSVDB:42937, OSVDB:46085, Secunia:30621
SHALB ID : 33477 |
| Warning |
http (80/tcp) |
Synopsis :
Debugging functions are enabled on the remote web server.
Description :
The remote webserver supports the TRACE and/or TRACK methods. TRACE
and TRACK are HTTP methods which are used to debug web server
connections.
In addition, it has been shown that servers supporting the TRACE
method are subject to cross-site scripting attacks, dubbed XST for
"Cross-Site Tracing", when used in conjunction with various weaknesses
in browsers. An attacker may use this flaw to trick your legitimate
web users to give him their credentials.
See also :
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
http://www.apacheweek.com/issues/03-01-24
http://www.kb.cert.org/vuls/id/867593
Solution :
Disable these methods.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Solution :
Add the following lines for each virtual host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2
support disabling the TRACE method natively via the 'TraceEnable'
directive.
Plugin output :
The server response from a TRACE request is :
TRACE /064fyk3w.html HTTP/1.1
Host: nonsecure.shalb.com
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Date: Fri, 30 Jan 2009 23:57:31 GMT
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept-Charset: iso-8859-1,*,utf-8
Pragma: no-cache
Accept-Language: en
Connection: Keep-Alive
CVE : CVE-2004-2320
BID : 9506, 9561, 11604
Other references : OSVDB:877, OSVDB:3726
SHALB ID : 11213 |
| Informational |
http (80/tcp) |
A web server is running on this port.
SHALB ID : 22964 |
| Informational |
http (80/tcp) |
Synopsis :
Some information about the remote HTTP configuration can be extracted.
Description :
This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem
Risk factor :
None
Plugin output :
Protocol version : HTTP/1.1
SSL : no
Pipelining : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
Date: Fri, 30 Jan 2009 23:58:13 GMT
Server: Apache/2.2.3 (Win32) DAV/2 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_autoindex_color PHP/5.1.6
X-Powered-By: PHP/5.1.6
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
SHALB ID : 24260 |
| Informational |
http (80/tcp) |
Synopsis :
The remote server is running with WebDAV enabled.
Description :
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.
If you do not use this extension, you should disable it.
Solution :
http://support.microsoft.com/default.aspx?kbid=241520
Risk factor :
None
SHALB ID : 11424 |
| Informational |
http (80/tcp) |
Synopsis :
The remote web server contains a 'robots.txt' file.
Description :
The remote host contains a file named 'robots.txt' that is intended to
prevent web 'robots' from visiting certain directories in a web site for
maintenance or indexing purposes. A malicious user may also be able to
use the contents of this file to learn of sensitive documents or
directories on the affected site and either retrieve them directly or
target them for other attacks.
See also :
http://www.robotstxt.org/wc/exclusion.html
Solution :
Review the contents of the site's robots.txt file, use Robots META tags
instead of entries in the robots.txt file, and/or adjust the web
server's access controls to limit access to sensitive material.
Risk factor :
None
Other references : OSVDB:238
SHALB ID : 10302 |
| Informational |
http (80/tcp) |
Synopsis :
The remote web server may be affected by several issues.
Description :
According to its banner, the version of Apache 2.2 installed on the
remote host is older than 2.2.8. Such versions may be affected by
several issues, including :
- A cross-site scripting issue involving mod_imagemap
(CVE-2007-5000).
- A cross-site scripting issue involving 413 error pages
via a malformed HTTP method (PR 44014 / CVE-2007-6203).
- A cross-site scripting issue in mod_status involving
the refresh parameter (CVE-2007-6388).
- A cross-site scripting issue in mod_proxy_balancer
involving the worker route and worker redirect
string of the balancer manager (CVE-2007-6421).
- A denial of service issue in the balancer_handler
function in mod_proxy_balancer can be triggered by
an authenticated user when a threaded Multi-
Processing Module is used (CVE-2007-6422).
- A cross-site scripting issue using UTF-7 encoding
in mod_proxy_ftp exists because it does not
define a charset (CVE-2008-0005).
Note that the remote web server may not actually be affected by these
vulnerabilities. ABSS did not try to determine whether the affected
modules are in use or to check for the issues themselves.
See also :
http://www.apache.org/dist/httpd/CHANGES_2.2.8
http://httpd.apache.org/security/vulnerabilities_22.html
Solution :
Either ensure that the affected modules are not in use or upgrade to
Apache version 2.2.8 or later.
Risk factor :
Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P)
CVE : CVE-2007-5000, CVE-2007-6203, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005
BID : 26663, 26838, 27234, 27236, 27237
Other references : OSVDB:39003, OSVDB:39134, OSVDB:40262, OSVDB:40263, OSVDB:40264, OSVDB:42214, OSVDB:42937
SHALB ID : 31118 |
| Informational |
http (80/tcp) |
Synopsis :
A web server is running on the remote host.
Description :
This plugin attempts to determine the type and the version of
the remote web server.
Risk factor :
None
Plugin output :
The remote web server type is :
Apache/2.2.3 (Win32) DAV/2 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_autoindex_color PHP/5.1.6
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
SHALB ID : 10107 |
| Vulnerability |
https (443/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple flaws.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2.7. Such versions may be affected by several
security issues :
- File truncation can occur when calling 'dba_replace()'
with an invalid argument.
- There is a buffer overflow in the bundled PCRE library
fixed by 7.8. (CVE-2008-2371)
- A buffer overflow in the 'imageloadfont()' function in
'ext/gd/gd.c' can be triggered when a specially crafted
font is given. (CVE-2008-3658)
- There is a buffer overflow in PHP's internal function
'memnstr()', which is exposed to userspace as
'explode()'. (CVE-2008-3659)
- When used as a FastCGI module, PHP segfaults when
opening a file whose name contains two dots (eg,
'file..php'). (CVE-2008-3660)
- Multiple directory traversal vulnerabilities in
functions such as 'posix_access()', 'chdir()', 'ftok()'
may allow a remote attacker to bypass 'safe_mode'
restrictions. (CVE-2008-2665 and CVE-2008-2666).
- A buffer overflow may be triggered when processing long
message headers in 'php_imap.c' due to use of an
obsolete API call. (CVE-2008-2829)
- A heap-based buffer overflow may be triggered via
a call to 'mb_check_encoding()', part of the 'mbstring'
extension. (CVE-2008-5557)
- Missing initialization of 'BG(page_uid)' and
'BG(page_gid)' when PHP is used as an Apache module
may allow for bypassing security restriction due to
SAPI 'php_getuid()' overloading. (CVE-2008-5624)
- Incorrect 'php_value' order for Apache configuration
may allow bypassing PHP's 'safe_mode' setting.
(CVE-2008-5625)
- The ZipArchive:extractTo() method in the ZipArchive
extension fails to filter directory traversal
sequences from file names. (CVE-2008-5658)
See also :
http://securityreason.com/achievement_securityalert/57
http://securityreason.com/achievement_securityalert/58
http://securityreason.com/achievement_securityalert/59
http://www.sektioneins.de/advisories/SE-2008-06.txt
http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0238.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0239.html
http://www.openwall.com/lists/oss-security/2008/08/08/2
http://www.openwall.com/lists/oss-security/2008/08/13/8
http://archives.neohapsis.com/archives/fulldisclosure/2008-11/0433.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0089.html
http://bugs.php.net/bug.php?id=42862
http://bugs.php.net/bug.php?id=45151
http://bugs.php.net/bug.php?id=45722
http://www.php.net/releases/5_2_7.php
http://www.php.net/ChageLog-5.php#5.2.7
Solution :
Upgrade to PHP version 5.2.8 or later.
Note that 5.2.7 was been removed from distribution because of a
regression in that version that results in the 'magic_quotes_gpc'
setting remaining off even if it was set to on.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658
BID : 29796, 29797, 29829, 30087, 30649, 31612, 32383, 32625, 32688, 32948, 33498
Other references : OSVDB:46584, OSVDB:46638, OSVDB:46639, OSVDB:46641, OSVDB:46690, OSVDB:47796, OSVDB:47797, OSVDB:47798
SHALB ID : 35043 |
| Vulnerability |
https (443/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple flaws.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2.4. Such versions may be affected by various
issues, including but not limited to several overflows.
See also :
http://www.php.net/releases/5_2_4.php
Solution :
Upgrade to PHP version 5.2.4 or later.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2007-2872, CVE-2007-3378, CVE-2007-3806
BID : 24661, 24261, 24922, 25498
SHALB ID : 25971 |
| Vulnerability |
https (443/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple buffer overflows.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2. Such versions may be affected by several
buffer overflows.
To exploit these issues, an attacker would need the ability to upload
an arbitrary PHP script on the remote server, or to be able to
manipulate several variables processed by some PHP functions such as
htmlentities().
See also :
http://www.php.net/releases/5_2_0.php
Solution :
Upgrade to PHP version 5.2.0 or later.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2006-5465
BID : 20879
Other references : OSVDB:30178, OSVDB:30179
SHALB ID : 31649 |
| Vulnerability |
https (443/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple flaws.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2.1. Such versions may be affected by several
issues, including buffer overflows, format string vulnerabilities,
arbitrary code execution, 'safe_mode' and 'open_basedir' bypasses, and
clobbering of super-globals.
See also :
http://www.php.net/releases/5_2_1.php
Solution :
Upgrade to PHP version 5.2.1 or later.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2006-6383, CVE-2007-0905, CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-1376, CVE-2007-1380, CVE-2007-1453, CVE-2007-1700, CVE-2007-1701, CVE-2007-1824, CVE-2007-1825, CVE-2007-1884, CVE-2007-1885, CVE-2007-1886, CVE-2007-1887, CVE-2007-1890
BID : 21508, 22496, 22805, 22806, 22862, 22922, 23119, 23120, 23219, 23233, 23234, 23235, 23236, 23237, 23238
Other references : OSVDB:32776, OSVDB:32781, OSVDB:33955, OSVDB:34767
SHALB ID : 24907 |
| Vulnerability |
https (443/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple flaws.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2.6. Such versions may be affected by the
following issues :
- A stack buffer overflow in FastCGI SAPI.
- An integer overflow in printf().
- An security issue arising from improper calculation
of the length of PATH_TRANSLATED in cgi_main.c.
- A safe_mode bypass in cURL.
- Incomplete handling of multibyte chars inside
escapeshellcmd().
- Issues in the bundled PCRE fixed by version 7.6.
See also :
http://archives.neohapsis.com/archives/bugtraq/2008-03/0321.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0107.html
http://www.php.net/releases/5_2_6.php
Solution :
Upgrade to PHP version 5.2.6 or later.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2007-4850, CVE-2008-0599, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051
BID : 27413, 28392, 29009
Other references : OSVDB:43219, OSVDB:44057, OSVDB:44906, OSVDB:44907, OSVDB:44908, Secunia:30048
SHALB ID : 32123 |
| Vulnerability |
https (443/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple flaws.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2.5. Such versions may be affected by various
issues, including but not limited to several buffer overflows.
See also :
http://www.php.net/releases/5_2_5.php
Solution :
Upgrade to PHP version 5.2.5 or later.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2007-4887, CVE-2007-5898, CVE-2007-5900
BID : 26403
Other references : OSVDB:38680, OSVDB:38681, OSVDB:38682, OSVDB:38683, OSVDB:38684, OSVDB:38685
SHALB ID : 28181 |
| Warning |
https (443/tcp) |
Synopsis :
The remote service encrypts traffic using a protocol with known
weaknesses.
Description :
The remote service accepts connections encrypted using SSL 2.0, which
reportedly suffers from several cryptographic flaws and has been
deprecated for several years. An attacker may be able to exploit
these issues to conduct man-in-the-middle attacks or decrypt
communications between the affected service and clients.
See also :
http://www.schneier.com/paper-ssl.pdf
Solution :
Consult the application's documentation to disable SSL 2.0 and use SSL
3.0 or TLS 1.0 instead.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
SHALB ID : 20007 |
| Warning |
https (443/tcp) |
Synopsis :
The remote web server is vulnerable to a cross-site scripting attack.
Description :
The mod_proxy_ftp module in the version of Apache installed on the
remote host fails to properly sanitize user-supplied URL input before
using it to generate dynamic HTML output. Using specially crafted
requests for FTP URLs with globbing characters (such as asterisk,
tilde, opening square bracket, etc), an attacker may be able to
leverage this issue to inject arbitrary HTML and script code into a
user's browser to be executed within the security context of the
affected site.
See also :
http://www.rapid7.com/advisories/R7-0033
http://www.securityfocus.com/archive/1/495180/100/0/threaded
http://www.apache.org/dist/httpd/CHANGES_2.2.10
http://httpd.apache.org/security/vulnerabilities_22.html
Solution :
Either disable the affected module or upgrade to Apache version 2.2.10
or
|
|
