Result
Result
September 7, 2022
Summary
This document reports on the results of an automatic security scan. All dates are dis-
played using the timezone Coordinated Universal Time, which is abbreviated UTC. The
task was 63183e5e9156e4d26a7871f4-63183e5e9156e4d26a787238. The scan started at Wed
Sep 7 06:47:37 2022 UTC and ended at Wed Sep 7 07:15:07 2022 UTC. The report rst sum-
marises the results found. Then, for each host, the report describes every issue found. Please
consider the advice given in each description, in order to rectify the issue.
Contents
1 Result Overview 2
2.1 169.62.185.109 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1.1 Log 80/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1.2 Log general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.3 Log 443/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1
2 RESULTS PER HOST 2
1 Result Overview
This report contains all 23 results selected by the ltering described above. Before ltering
there were 25 results.
Summary
The script consolidates various information for CGI scanning.
This information is based on the following scripts / settings:
- HTTP-Version Detection (OID: 1.3.6.1.4.1.25623.1.0.100034)
- No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)
- Web mirroring / webmirror.nasl (OID: 1.3.6.1.4.1.25623.1.0.10662)
- Directory Scanner / DDI_Directory_Scanner.nasl (OID: 1.3.6.1.4.1.25623.1.0.11032)
- The congured 'cgi_path' within the 'Scanner Preferences' of the scan cong in use
. . . continues on next page . . .
2 RESULTS PER HOST 3
Solution:
Log Method
Details: CGI Scanning Consolidation
OID:1.3.6.1.4.1.25623.1.0.111038
Version used: 2022-08-26T10:12:16Z
References
url: https://community.greenbone.net/c/vulnerability-tests
Summary
All known security headers are being checked on the remote web server.
On completion a report will hand back whether a specic security header has been implemented
(including its value and if it is deprecated) or is missing on the target.
Solution:
Log Method
Details: HTTP Security Headers Detection
OID:1.3.6.1.4.1.25623.1.0.112081
. . . continues on next page . . .
2 RESULTS PER HOST 5
References
url: https://owasp.org/www-project-secure-headers/
url: https://owasp.org/www-project-secure-headers/#div-headers
url: https://securityheaders.com/
Summary
This VT tests if the remote web server does not reply with a 404 error code and checks if it is
replying to the scanners requests in a reasonable amount of time.
Solution:
Vulnerability Insight
This web server might show the following issues:
- it is [mis]congured in that it does not return '404 Not Found' error codes when a non-existent
le is requested, perhaps returning a site map, search page, authentication page or redirect
instead.
The Scanner might enabled some counter measures for that, however they might be insucient.
If a great number of security issues are reported for this port, they might not all be accurate.
- it doesn't response in a reasonable amount of time to various HTTP requests sent by this VT.
In order to keep the scan total time to a reasonable amount, the remote web server might not be
tested. If the remote server should be tested it has to be xed to have it reply to the scanners
requests in a reasonable amount of time.
Alternatively the 'Maximum response time (in seconds)' preference could be raised to a higher
value if longer scan times are accepted.
Log Method
Details: Response Time / No 404 Error Code Check
OID:1.3.6.1.4.1.25623.1.0.10386
Version used: 2020-11-27T13:32:50Z
Summary
. . . continues on next page . . .
2 RESULTS PER HOST 6
Solution:
Log Method
Details: Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: 2021-03-15T10:42:03Z
[ return to 169.62.185.109 ]
Summary
The script reports information on how the hostname of the target was determined.
Solution:
Log Method
Details: Hostname Determination Reporting
OID:1.3.6.1.4.1.25623.1.0.108449
Version used: 2022-07-27T10:11:28Z
Summary
The script reports information on how the hostname of the target was determined.
Solution:
Log Method
Details: Hostname Determination Reporting
OID:1.3.6.1.4.1.25623.1.0.108449
Version used: 2022-07-27T10:11:28Z
Summary
This script consolidates the OS information detected by several VTs and tries to nd the best
matching OS.
Furthermore it reports all previously collected information leading to this best matching OS. It
also reports possible additional information which might help to improve the OS detection.
If any of this information is wrong or could be improved please consider to report these to the
referenced community portal.
Solution:
Log Method
Details: OS Detection Consolidation and Reporting
OID:1.3.6.1.4.1.25623.1.0.105937
Version used: 2022-08-29T10:21:34Z
References
url: https://community.greenbone.net/c/vulnerability-tests
Summary
It was possible to discover an additional hostname of this server from its certicate Common or
Subject Alt Name.
. . . continues on next page . . .
2 RESULTS PER HOST 8
Solution:
Log Method
Details: SSL/TLS: Hostname discovery from server certificate
OID:1.3.6.1.4.1.25623.1.0.111010
Version used: 2021-11-22T15:32:39Z
Summary
Collect information about the network route and network distance between the scanner host and
the target host.
Solution:
Vulnerability Insight
For internal networks, the distances are usually small, often less than 4 hosts between scanner
and target. For public targets the distance is greater and might be 10 hosts or more.
Log Method
A combination of the protocols ICMP and TCP is used to determine the route. This method is
applicable for IPv4 only and it is also known as 'traceroute'.
Details: Traceroute
OID:1.3.6.1.4.1.25623.1.0.51662
Version used: 2021-03-12T14:25:59Z
[ return to 169.62.185.109 ]
Summary
The script consolidates various information for CGI scanning.
This information is based on the following scripts / settings:
- HTTP-Version Detection (OID: 1.3.6.1.4.1.25623.1.0.100034)
- No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)
- Web mirroring / webmirror.nasl (OID: 1.3.6.1.4.1.25623.1.0.10662)
- Directory Scanner / DDI_Directory_Scanner.nasl (OID: 1.3.6.1.4.1.25623.1.0.11032)
- The congured 'cgi_path' within the 'Scanner Preferences' of the scan cong in use
- The congured 'Enable CGI scanning', 'Enable generic web application scanning' and 'Add
historic /scripts and /cgi-bin to directories for CGI scanning' within the 'Global variable settings'
of the scan cong in use
If you think any of this information is wrong please report it to the referenced community portal.
Solution:
Log Method
Details: CGI Scanning Consolidation
OID:1.3.6.1.4.1.25623.1.0.111038
Version used: 2022-08-26T10:12:16Z
References
url: https://community.greenbone.net/c/vulnerability-tests
Summary
All known security headers are being checked on the remote web server.
On completion a report will hand back whether a specic security header has been implemented
(including its value and if it is deprecated) or is missing on the target.
Solution:
Log Method
Details: HTTP Security Headers Detection
OID:1.3.6.1.4.1.25623.1.0.112081
Version used: 2021-07-14T06:19:43Z
References
url: https://owasp.org/www-project-secure-headers/
. . . continues on next page . . .
2 RESULTS PER HOST 12
Summary
This VT tests if the remote web server does not reply with a 404 error code and checks if it is
replying to the scanners requests in a reasonable amount of time.
Solution:
Vulnerability Insight
This web server might show the following issues:
- it is [mis]congured in that it does not return '404 Not Found' error codes when a non-existent
le is requested, perhaps returning a site map, search page, authentication page or redirect
instead.
The Scanner might enabled some counter measures for that, however they might be insucient.
If a great number of security issues are reported for this port, they might not all be accurate.
- it doesn't response in a reasonable amount of time to various HTTP requests sent by this VT.
In order to keep the scan total time to a reasonable amount, the remote web server might not be
tested. If the remote server should be tested it has to be xed to have it reply to the scanners
requests in a reasonable amount of time.
Alternatively the 'Maximum response time (in seconds)' preference could be raised to a higher
value if longer scan times are accepted.
Log Method
Details: Response Time / No 404 Error Code Check
OID:1.3.6.1.4.1.25623.1.0.10386
Version used: 2020-11-27T13:32:50Z
Summary
This routine attempts to guess which service is running on the remote ports. For instance, it
searches for a web server which could listen on another port than 80 or 443 and makes this
information available for other check routines.
Solution:
Log Method
Details: Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: 2021-03-15T10:42:03Z
Summary
This routine attempts to guess which service is running on the remote ports. For instance, it
searches for a web server which could listen on another port than 80 or 443 and makes this
information available for other check routines.
Solution:
Log Method
Details: Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: 2021-03-15T10:42:03Z
Summary
This script collects and reports the details of all SSL/TLS certicates.
This data will be used by other tests to verify server certicates.
Solution:
Log Method
Details: SSL/TLS: Collect and Report Certificate Details
OID:1.3.6.1.4.1.25623.1.0.103692
Version used: 2021-12-10T12:48:00Z
Summary
The remote web server is not enforcing HPKP.
Note: Most major browsers have dropped / deprecated support for this header in 2020.
Solution:
Solution type: Workaround
Enable HPKP or add / congure the required directives correctly following the guides linked in
the references.
. . . continues on next page . . .
2 RESULTS PER HOST 15
Log Method
Details: SSL/TLS: HTTP Public Key Pinning (HPKP) Missing
OID:1.3.6.1.4.1.25623.1.0.108247
Version used: 2021-01-26T13:20:44Z
References
url: https://owasp.org/www-project-secure-headers/
url: https://owasp.org/www-project-secure-headers/#public-key-pinning-extension-
,→for-http-hpkp
url: https://tools.ietf.org/html/rfc7469
url: https://securityheaders.io/
url: https://httpd.apache.org/docs/current/mod/mod_headers.html#header
url: https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
Summary
The remote web server is not enforcing HSTS.
Solution:
Solution type: Workaround
Enable HSTS or add / congure the required directives correctly following the guides linked in
the references.
. . . continues on next page . . .
2 RESULTS PER HOST 16
Log Method
Details: SSL/TLS: HTTP Strict Transport Security (HSTS) Missing
OID:1.3.6.1.4.1.25623.1.0.105879
Version used: 2021-01-26T13:20:44Z
References
url: https://owasp.org/www-project-secure-headers/
url: https://owasp.org/www-project-cheat-sheets/cheatsheets/HTTP_Strict_Transpor
,→t_Security_Cheat_Sheet.html
url: https://owasp.org/www-project-secure-headers/#http-strict-transport-securit
,→y-hsts
url: https://tools.ietf.org/html/rfc6797
url: https://securityheaders.io/
url: https://httpd.apache.org/docs/current/mod/mod_headers.html#header
url: https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
Summary
This routine identies services supporting the following extensions to TLS:
- Application-Layer Protocol Negotiation (ALPN)
- Next Protocol Negotiation (NPN).
Based on the availability of this extensions the supported Network Protocols by this service are
gathered and reported.
Solution:
Log Method
Details: SSL/TLS: NPN / ALPN Extension and Protocol Support Detection
OID:1.3.6.1.4.1.25623.1.0.108099
. . . continues on next page . . .
2 RESULTS PER HOST 17
References
url: https://tools.ietf.org/html/rfc7301
url: https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04
Summary
This routine reports all Medium SSL/TLS cipher suites accepted by a service.
Solution:
Vulnerability Insight
Any cipher suite considered to be secure for only the next 10 years is considered as medium.
Log Method
Details: SSL/TLS: Report Medium Cipher Suites
OID:1.3.6.1.4.1.25623.1.0.902816
Version used: 2021-12-01T13:10:37Z
Summary
This routine reports all Non Weak SSL/TLS cipher suites accepted by a service.
Solution:
Log Method
Details: SSL/TLS: Report Non Weak Cipher Suites
OID:1.3.6.1.4.1.25623.1.0.103441
Version used: 2021-12-01T09:24:41Z
Summary
This routine reports all SSL/TLS cipher suites accepted by a service which are supporting Perfect
Forward Secrecy (PFS).
Solution:
Log Method
Details: SSL/TLS: Report Perfect Forward Secrecy (PFS) Cipher Suites
OID:1.3.6.1.4.1.25623.1.0.105018
Version used: 2021-12-09T13:40:52Z
Summary
This routine reports all SSL/TLS cipher suites accepted by a service.
Solution:
Vulnerability Insight
Notes:
- As the VT 'SSL/TLS: Check Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.900234)
might run into a timeout the actual reporting of all accepted cipher suites takes place in this VT
instead.
- SSLv2 ciphers are not getting reported as the protocol itself is deprecated, needs to be considered
as weak and is reported separately as deprecated.
Log Method
Details: SSL/TLS: Report Supported Cipher Suites
OID:1.3.6.1.4.1.25623.1.0.802067
Version used: 2022-08-25T10:12:37Z
Summary
Enumeration and reporting of SSL/TLS protocol versions supported by a remote service.
Solution:
Log Method
Sends multiple connection requests to the remote service and attempts to determine the SSL/TLS
protocol versions supported by the service from the replies.
Note: The supported SSL/TLS protocol versions included in the report of this VT are reported
independently from the allowed / supported SSL/TLS ciphers.
Details: SSL/TLS: Version Detection
OID:1.3.6.1.4.1.25623.1.0.105782
Version used: 2021-12-06T15:42:24Z
[ return to 169.62.185.109 ]