Scribd
Upload
17 views29 pages

Result

This document is a security scan report detailing the results of an automatic scan conducted on May 11, 2022. It highlights vulnerabilities found on the host 20.43.179.36, including one high, one medium, and one low threat level, along with numerous log entries. Recommendations for mitigation are provided for each identified issue to enhance security.

Uploaded by

erigs nux
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views29 pages

Result

This document is a security scan report detailing the results of an automatic scan conducted on May 11, 2022. It highlights vulnerabilities found on the host 20.43.179.36, including one high, one medium, and one low threat level, along with numerous log entries. Recommendations for mitigation are provided for each identified issue to enhance security.

Uploaded by

erigs nux
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 29

Scan Report

May 11, 2022

Summary
This document reports on the results of an automatic security scan. All dates are dis-
played using the timezone Coordinated Universal Time, which is abbreviated UTC. The
task was 627ba826bb910c004038c8e9-627ba826bb910c004038c8f1. The scan started at Wed
May 11 12:13:21 2022 UTC and ended at Wed May 11 13:32:56 2022 UTC. The report rst
summarises the results found. Then, for each host, the report describes every issue found.
Please consider the advice given in each description, in order to rectify the issue.

Contents

1 Result Overview 2
2 Results per Host 2
2.1 20.43.179.36 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1.1 High 443/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1.2 Medium 443/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.3 Low general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.1.4 Log 443/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.1.5 Log general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.1.6 Log 80/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

1
2 RESULTS PER HOST 2

1 Result Overview

Host High Medium Low Log False Positive


20.43.179.36 1 1 1 25 0
pamapersada.com
Total: 1 1 1 1 25 0

Vendor security updates are not trusted.


Overrides are o. Even when a result has an override, this report uses the actual threat of the
result.
Information on overrides is included in the report.
Notes are included in the report.
This report might not show details of all issues that were found.

This report contains all 28 results selected by the ltering described above. Before ltering
there were 28 results.

2 Results per Host


2.1 20.43.179.36

Host scan start Wed May 11 12:17:28 2022 UTC


Host scan end Wed May 11 13:32:50 2022 UTC

Service (Port) Threat Level


443/tcp High
443/tcp Medium
general/tcp Low
443/tcp Log
general/tcp Log
80/tcp Log

2.1.1 High 443/tcp

High (CVSS: 7.5)


NVT: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS

Summary
This routine reports all SSL/TLS cipher suites accepted by a service where attack vectors exists
only on HTTPS services.

Vulnerability Detection Result


'Vulnerable' cipher suites accepted by this service via the TLSv1.0 protocol:
. . . continues on next page . . .
2 RESULTS PER HOST 3

. . . continued from previous page . . .


TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
'Vulnerable' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)

Solution:
Solution type: Mitigation
The conguration of this services should be changed so that it does not accept the listed cipher
suites anymore.
Please see the references for more resources supporting you with this task.

Aected Software/OS
Services accepting vulnerable SSL/TLS cipher suites via HTTPS.

Vulnerability Insight
These rules are applied for the evaluation of the vulnerable cipher suites:
- 64-bit block cipher 3DES vulnerable to the SWEET32 attack (CVE-2016-2183).

Vulnerability Detection Method


Details: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS
OID:1.3.6.1.4.1.25623.1.0.108031
Version used: 2021-09-20T09:01:50Z

References
cve: CVE-2016-2183
cve: CVE-2016-6329
cve: CVE-2020-12872
url: https://bettercrypto.org/
url: https://mozilla.github.io/server-side-tls/ssl-config-generator/
url: https://sweet32.info/
cert-bund: CB-K21/1094
cert-bund: CB-K20/1023
cert-bund: CB-K20/0321
cert-bund: CB-K20/0314
cert-bund: CB-K20/0157
cert-bund: CB-K19/0618
cert-bund: CB-K19/0615
cert-bund: CB-K18/0296
cert-bund: CB-K17/1980
cert-bund: CB-K17/1871
cert-bund: CB-K17/1803
cert-bund: CB-K17/1753
cert-bund: CB-K17/1750
cert-bund: CB-K17/1709
cert-bund: CB-K17/1558
. . . continues on next page . . .
2 RESULTS PER HOST 4

. . . continued from previous page . . .


cert-bund: CB-K17/1273
cert-bund: CB-K17/1202
cert-bund: CB-K17/1196
cert-bund: CB-K17/1055
cert-bund: CB-K17/1026
cert-bund: CB-K17/0939
cert-bund: CB-K17/0917
cert-bund: CB-K17/0915
cert-bund: CB-K17/0877
cert-bund: CB-K17/0796
cert-bund: CB-K17/0724
cert-bund: CB-K17/0661
cert-bund: CB-K17/0657
cert-bund: CB-K17/0582
cert-bund: CB-K17/0581
cert-bund: CB-K17/0506
cert-bund: CB-K17/0504
cert-bund: CB-K17/0467
cert-bund: CB-K17/0345
cert-bund: CB-K17/0098
cert-bund: CB-K17/0089
cert-bund: CB-K17/0086
cert-bund: CB-K17/0082
cert-bund: CB-K16/1837
cert-bund: CB-K16/1830
cert-bund: CB-K16/1635
cert-bund: CB-K16/1630
cert-bund: CB-K16/1624
cert-bund: CB-K16/1622
cert-bund: CB-K16/1500
cert-bund: CB-K16/1465
cert-bund: CB-K16/1307
cert-bund: CB-K16/1296
dfn-cert: DFN-CERT-2021-1618
dfn-cert: DFN-CERT-2021-0775
dfn-cert: DFN-CERT-2021-0770
dfn-cert: DFN-CERT-2021-0274
dfn-cert: DFN-CERT-2020-2141
dfn-cert: DFN-CERT-2020-0368
dfn-cert: DFN-CERT-2019-1455
dfn-cert: DFN-CERT-2019-0068
dfn-cert: DFN-CERT-2018-1296
dfn-cert: DFN-CERT-2018-0323
dfn-cert: DFN-CERT-2017-2070
dfn-cert: DFN-CERT-2017-1954
dfn-cert: DFN-CERT-2017-1885
dfn-cert: DFN-CERT-2017-1831
. . . continues on next page . . .
2 RESULTS PER HOST 5

. . . continued from previous page . . .


dfn-cert: DFN-CERT-2017-1821
dfn-cert: DFN-CERT-2017-1785
dfn-cert: DFN-CERT-2017-1626
dfn-cert: DFN-CERT-2017-1326
dfn-cert: DFN-CERT-2017-1239
dfn-cert: DFN-CERT-2017-1238
dfn-cert: DFN-CERT-2017-1090
dfn-cert: DFN-CERT-2017-1060
dfn-cert: DFN-CERT-2017-0968
dfn-cert: DFN-CERT-2017-0947
dfn-cert: DFN-CERT-2017-0946
dfn-cert: DFN-CERT-2017-0904
dfn-cert: DFN-CERT-2017-0816
dfn-cert: DFN-CERT-2017-0746
dfn-cert: DFN-CERT-2017-0677
dfn-cert: DFN-CERT-2017-0675
dfn-cert: DFN-CERT-2017-0611
dfn-cert: DFN-CERT-2017-0609
dfn-cert: DFN-CERT-2017-0522
dfn-cert: DFN-CERT-2017-0519
dfn-cert: DFN-CERT-2017-0482
dfn-cert: DFN-CERT-2017-0351
dfn-cert: DFN-CERT-2017-0090
dfn-cert: DFN-CERT-2017-0089
dfn-cert: DFN-CERT-2017-0088
dfn-cert: DFN-CERT-2017-0086
dfn-cert: DFN-CERT-2016-1943
dfn-cert: DFN-CERT-2016-1937
dfn-cert: DFN-CERT-2016-1732
dfn-cert: DFN-CERT-2016-1726
dfn-cert: DFN-CERT-2016-1715
dfn-cert: DFN-CERT-2016-1714
dfn-cert: DFN-CERT-2016-1588
dfn-cert: DFN-CERT-2016-1555
dfn-cert: DFN-CERT-2016-1391
dfn-cert: DFN-CERT-2016-1378

[ return to 20.43.179.36 ]

2.1.2 Medium 443/tcp

Medium (CVSS: 4.3)


NVT: SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection

Summary
. . . continues on next page . . .
2 RESULTS PER HOST 6

. . . continued from previous page . . .


It was possible to detect the usage of the deprecated TLSv1.0 and/or TLSv1.1 protocol on this
system.

Vulnerability Detection Result


In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and
,→ TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers c
,→an be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1
,→.25623.1.0.802067) VT.

Impact
An attacker might be able to use the known cryptographic aws to eavesdrop the connection
between clients and the service to get access to sensitive data transferred within the secured
connection.
Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates
anymore.

Solution:
Solution type: Mitigation
It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the
TLSv1.2+ protocols. Please see the references for more information.

Aected Software/OS
All services providing an encrypted communication using the TLSv1.0 and/or TLSv1.1 protocols.

Vulnerability Insight
The TLSv1.0 and TLSv1.1 protocols contain known cryptographic aws like:
- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)
- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded
Legacy Encryption (FREAK)

Vulnerability Detection Method


Check the used TLS protocols of the services provided by this system.
Details: SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection
OID:1.3.6.1.4.1.25623.1.0.117274
Version used: 2021-07-19T08:11:48Z

References
cve: CVE-2011-3389
cve: CVE-2015-0204
url: https://ssl-config.mozilla.org/
url: https://bettercrypto.org/
url: https://datatracker.ietf.org/doc/rfc8996/
url: https://vnhacker.blogspot.com/2011/09/beast.html
url: https://web.archive.org/web/20201108095603/https://censys.io/blog/freak
url: https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters
,→-report-2014
. . . continues on next page . . .
2 RESULTS PER HOST 7

. . . continued from previous page . . .


cert-bund: CB-K18/0799
cert-bund: CB-K16/1289
cert-bund: CB-K16/1096
cert-bund: CB-K15/1751
cert-bund: CB-K15/1266
cert-bund: CB-K15/0850
cert-bund: CB-K15/0764
cert-bund: CB-K15/0720
cert-bund: CB-K15/0548
cert-bund: CB-K15/0526
cert-bund: CB-K15/0509
cert-bund: CB-K15/0493
cert-bund: CB-K15/0384
cert-bund: CB-K15/0365
cert-bund: CB-K15/0364
cert-bund: CB-K15/0302
cert-bund: CB-K15/0192
cert-bund: CB-K15/0079
cert-bund: CB-K15/0016
cert-bund: CB-K14/1342
cert-bund: CB-K14/0231
cert-bund: CB-K13/0845
cert-bund: CB-K13/0796
cert-bund: CB-K13/0790
dfn-cert: DFN-CERT-2020-0177
dfn-cert: DFN-CERT-2020-0111
dfn-cert: DFN-CERT-2019-0068
dfn-cert: DFN-CERT-2018-1441
dfn-cert: DFN-CERT-2018-1408
dfn-cert: DFN-CERT-2016-1372
dfn-cert: DFN-CERT-2016-1164
dfn-cert: DFN-CERT-2016-0388
dfn-cert: DFN-CERT-2015-1853
dfn-cert: DFN-CERT-2015-1332
dfn-cert: DFN-CERT-2015-0884
dfn-cert: DFN-CERT-2015-0800
dfn-cert: DFN-CERT-2015-0758
dfn-cert: DFN-CERT-2015-0567
dfn-cert: DFN-CERT-2015-0544
dfn-cert: DFN-CERT-2015-0530
dfn-cert: DFN-CERT-2015-0396
dfn-cert: DFN-CERT-2015-0375
dfn-cert: DFN-CERT-2015-0374
dfn-cert: DFN-CERT-2015-0305
dfn-cert: DFN-CERT-2015-0199
dfn-cert: DFN-CERT-2015-0079
dfn-cert: DFN-CERT-2015-0021
. . . continues on next page . . .
2 RESULTS PER HOST 8

. . . continued from previous page . . .


dfn-cert: DFN-CERT-2014-1414
dfn-cert: DFN-CERT-2013-1847
dfn-cert: DFN-CERT-2013-1792
dfn-cert: DFN-CERT-2012-1979
dfn-cert: DFN-CERT-2012-1829
dfn-cert: DFN-CERT-2012-1530
dfn-cert: DFN-CERT-2012-1380
dfn-cert: DFN-CERT-2012-1377
dfn-cert: DFN-CERT-2012-1292
dfn-cert: DFN-CERT-2012-1214
dfn-cert: DFN-CERT-2012-1213
dfn-cert: DFN-CERT-2012-1180
dfn-cert: DFN-CERT-2012-1156
dfn-cert: DFN-CERT-2012-1155
dfn-cert: DFN-CERT-2012-1039
dfn-cert: DFN-CERT-2012-0956
dfn-cert: DFN-CERT-2012-0908
dfn-cert: DFN-CERT-2012-0868
dfn-cert: DFN-CERT-2012-0867
dfn-cert: DFN-CERT-2012-0848
dfn-cert: DFN-CERT-2012-0838
dfn-cert: DFN-CERT-2012-0776
dfn-cert: DFN-CERT-2012-0722
dfn-cert: DFN-CERT-2012-0638
dfn-cert: DFN-CERT-2012-0627
dfn-cert: DFN-CERT-2012-0451
dfn-cert: DFN-CERT-2012-0418
dfn-cert: DFN-CERT-2012-0354
dfn-cert: DFN-CERT-2012-0234
dfn-cert: DFN-CERT-2012-0221
dfn-cert: DFN-CERT-2012-0177
dfn-cert: DFN-CERT-2012-0170
dfn-cert: DFN-CERT-2012-0146
dfn-cert: DFN-CERT-2012-0142
dfn-cert: DFN-CERT-2012-0126
dfn-cert: DFN-CERT-2012-0123
dfn-cert: DFN-CERT-2012-0095
dfn-cert: DFN-CERT-2012-0051
dfn-cert: DFN-CERT-2012-0047
dfn-cert: DFN-CERT-2012-0021
dfn-cert: DFN-CERT-2011-1953
dfn-cert: DFN-CERT-2011-1946
dfn-cert: DFN-CERT-2011-1844
dfn-cert: DFN-CERT-2011-1826
dfn-cert: DFN-CERT-2011-1774
dfn-cert: DFN-CERT-2011-1743
dfn-cert: DFN-CERT-2011-1738
. . . continues on next page . . .
2 RESULTS PER HOST 9

. . . continued from previous page . . .


dfn-cert: DFN-CERT-2011-1706
dfn-cert: DFN-CERT-2011-1628
dfn-cert: DFN-CERT-2011-1627
dfn-cert: DFN-CERT-2011-1619
dfn-cert: DFN-CERT-2011-1482

[ return to 20.43.179.36 ]

2.1.3 Low general/tcp

Low (CVSS: 2.6)


NVT: TCP timestamps

Summary
The remote host implements TCP timestamps and therefore allows to compute the uptime.

Vulnerability Detection Result


It was detected that the host implements RFC1323/RFC7323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 395739622
Packet 2: 3085262235

Impact
A side eect of this feature is that the uptime of the remote host can sometimes be computed.

Solution:
Solution type: Mitigation
To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
/etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options
when initiating TCP connections, but use them if the TCP peer that is initiating communication
includes them in their synchronize (SYN) segment.
See the references for more information.

Aected Software/OS
TCP implementations that implement RFC1323/RFC7323.

Vulnerability Insight
The remote host implements TCP timestamps, as dened by RFC1323/RFC7323.

Vulnerability Detection Method


Special IP packets are forged and sent with a little delay in between to the target IP. The
responses are searched for a timestamps. If found, the timestamps are reported.
. . . continues on next page . . .
2 RESULTS PER HOST 10

. . . continued from previous page . . .


Details: TCP timestamps
OID:1.3.6.1.4.1.25623.1.0.80091
Version used: 2020-08-24T08:40:10Z

References
url: http://www.ietf.org/rfc/rfc1323.txt
url: http://www.ietf.org/rfc/rfc7323.txt
url: https://web.archive.org/web/20151213072445/http://www.microsoft.com/en-us/d
,→ownload/details.aspx?id=9152

[ return to 20.43.179.36 ]

2.1.4 Log 443/tcp

Log (CVSS: 0.0)


NVT: CGI Scanning Consolidation

Summary
The script consolidates various information for CGI scanning.
This information is based on the following scripts / settings:
- HTTP-Version Detection (OID: 1.3.6.1.4.1.25623.1.0.100034)
- No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)
- Web mirroring / webmirror.nasl (OID: 1.3.6.1.4.1.25623.1.0.10662)
- Directory Scanner / DDI_Directory_Scanner.nasl (OID: 1.3.6.1.4.1.25623.1.0.11032)
- The congured 'cgi_path' within the 'Scanner Preferences' of the scan cong in use
- The congured 'Enable CGI scanning', 'Enable generic web application scanning' and 'Add
historic /scripts and /cgi-bin to directories for CGI scanning' within the 'Global variable settings'
of the scan cong in use
If you think any of this information is wrong please report it to the referenced community portal.

Vulnerability Detection Result


The Hostname/IP "20.43.179.36" was used to access the remote host.
Generic web application scanning is disabled for this host via the "Enable gener
,→ic web application scanning" option within the "Global variable settings" of t
,→he scan config in use.
Requests to this service are done via HTTP/1.1.
This service seems to be able to host PHP scripts.
This service seems to be able to host ASP scripts.
The User-Agent "Mozilla/5.0 [en] (X11, U; OpenVAS-VT 21.4.3)" was used to access
,→ the remote host.
Historic /scripts and /cgi-bin are not added to the directories used for CGI sca
,→nning. You can enable this again with the "Add historic /scripts and /cgi-bin
,→to directories for CGI scanning" option within the "Global variable settings"
,→of the scan config in use.
The following directories were used for CGI scanning:
https://20.43.179.36/
. . . continues on next page . . .
2 RESULTS PER HOST 11

. . . continued from previous page . . .


While this is not, in and of itself, a bug, you should manually inspect these di
,→rectories to ensure that they are in compliance with company security standard
,→s

Solution:

Log Method
Details: CGI Scanning Consolidation
OID:1.3.6.1.4.1.25623.1.0.111038
Version used: 2022-03-24T09:16:49Z

References
url: https://community.greenbone.net/c/vulnerability-tests

Log (CVSS: 0.0)


NVT: HTTP Security Headers Detection

Summary
All known security headers are being checked on the remote web server.
On completion a report will hand back whether a specic security header has been implemented
(including its value and if it is deprecated) or is missing on the target.

Vulnerability Detection Result


Missing Headers | More Information
--------------------------------------------------------------------------------
,→------------------------------------------------------------------------------
,→------------------------------------------------------------------------------
,→----------
Content-Security-Policy | https://owasp.org/www-project-secure-headers
,→/#content-security-policy
Cross-Origin-Embedder-Policy | https://scotthelme.co.uk/coop-and-coep/, Not
,→e: This is an upcoming header
Cross-Origin-Opener-Policy | https://scotthelme.co.uk/coop-and-coep/, Not
,→e: This is an upcoming header
Cross-Origin-Resource-Policy | https://scotthelme.co.uk/coop-and-coep/, Not
,→e: This is an upcoming header
Document-Policy | https://w3c.github.io/webappsec-feature-poli
,→cy/document-policy#document-policy-http-header
Expect-CT | https://owasp.org/www-project-secure-headers
,→/#expect-ct, Note: This is an upcoming header
Feature-Policy | https://owasp.org/www-project-secure-headers
,→/#feature-policy, Note: The Feature Policy header has been renamed to Permissi
,→ons Policy
Permissions-Policy | https://w3c.github.io/webappsec-feature-poli
,→cy/#permissions-policy-http-header-field
Public-Key-Pins | Please check the output of the VTs including
. . . continues on next page . . .
2 RESULTS PER HOST 12

. . . continued from previous page . . .


,→ 'SSL/TLS:' and 'HPKP' in their name for more information and configuration he
,→lp. Note: Most major browsers have dropped / deprecated support for this heade
,→r in 2020.
Referrer-Policy | https://owasp.org/www-project-secure-headers
,→/#referrer-policy
Sec-Fetch-Dest | https://developer.mozilla.org/en-US/docs/Web
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-Mode | https://developer.mozilla.org/en-US/docs/Web
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-Site | https://developer.mozilla.org/en-US/docs/Web
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-User | https://developer.mozilla.org/en-US/docs/Web
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Strict-Transport-Security | Please check the output of the VTs including
,→ 'SSL/TLS:' and 'HSTS' in their name for more information and configuration he
,→lp.
X-Content-Type-Options | https://owasp.org/www-project-secure-headers
,→/#x-content-type-options
X-Frame-Options | https://owasp.org/www-project-secure-headers
,→/#x-frame-options
X-Permitted-Cross-Domain-Policies | https://owasp.org/www-project-secure-headers
,→/#x-permitted-cross-domain-policies
X-XSS-Protection | https://owasp.org/www-project-secure-headers
,→/#x-xss-protection, Note: Most major browsers have dropped / deprecated suppor
,→t for this header in 2020.

Solution:

Log Method
Details: HTTP Security Headers Detection
OID:1.3.6.1.4.1.25623.1.0.112081
Version used: 2021-07-14T06:19:43Z

References
url: https://owasp.org/www-project-secure-headers/
url: https://owasp.org/www-project-secure-headers/#div-headers
url: https://securityheaders.com/

Log (CVSS: 0.0)


NVT: HTTP Server Banner Enumeration

Summary
. . . continues on next page . . .
2 RESULTS PER HOST 13

. . . continued from previous page . . .


This script tries to detect / enumerate dierent HTTP server banner (e.g. from a frontend,
backend or proxy server) by sending various dierent HTTP requests (valid and invalid ones).

Vulnerability Detection Result


It was possible to enumerate the following HTTP server banner(s):
Server banner | Enumeration technique
--------------------------------------------------------------------------------
,→------------
Server: Microsoft-Azure-Application-Gateway/v2 | Valid HTTP 0.9 GET request to '
,→/index.html'

Solution:

Log Method
Details: HTTP Server Banner Enumeration
OID:1.3.6.1.4.1.25623.1.0.108708
Version used: 2021-01-11T11:29:35Z

Log (CVSS: 0.0)


NVT: HTTP Server type and version

Summary
This script detects and reports the HTTP Server's banner which might provide the type and
version of it.

Vulnerability Detection Result


The remote HTTP Server banner is:
Server: Microsoft-Azure-Application-Gateway/v2

Solution:

Log Method
Details: HTTP Server type and version
OID:1.3.6.1.4.1.25623.1.0.10107
Version used: 2020-08-24T15:18:35Z

Log (CVSS: 0.0)


NVT: Services

Summary
This routine attempts to guess which service is running on the remote ports. For instance, it
searches for a web server which could listen on another port than 80 or 443 and makes this
information available for other check routines.
. . . continues on next page . . .
2 RESULTS PER HOST 14

. . . continued from previous page . . .

Vulnerability Detection Result


A TLScustom server answered on this port

Solution:

Log Method
Details: Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: 2021-03-15T10:42:03Z

Log (CVSS: 0.0)


NVT: Services

Summary
This routine attempts to guess which service is running on the remote ports. For instance, it
searches for a web server which could listen on another port than 80 or 443 and makes this
information available for other check routines.

Vulnerability Detection Result


A web server is running on this port through SSL

Solution:

Log Method
Details: Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: 2021-03-15T10:42:03Z

Log (CVSS: 0.0)


NVT: SSL/TLS: Collect and Report Certicate Details

Summary
This script collects and reports the details of all SSL/TLS certicates.
This data will be used by other tests to verify server certicates.

Vulnerability Detection Result


The following certificate details of the remote service were collected.
Certificate details:
fingerprint (SHA-1) | 4996C3E55F23ECA96CF88C23737095E864018A14
fingerprint (SHA-256) | 2ECBEE3B71AF0D95530D10ECC91AACE59C9306747EDBF4
,→4A248215AB4A6A5617
issued by | CN=Go Daddy Secure Certificate Authority - G2,
. . . continues on next page . . .
2 RESULTS PER HOST 15

. . . continued from previous page . . .


,→OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=A
,→rizona,C=US
public key size (bits) | 2048
serial | 0086A45E8A67E0B441
signature algorithm | sha256WithRSAEncryption
subject | CN=*.pamapersada.com
subject alternative names (SAN) | pamapersada.com, *.pamapersada.com
valid from | 2022-04-18 09:53:56 UTC
valid until | 2023-05-20 04:09:38 UTC

Solution:

Log Method
Details: SSL/TLS: Collect and Report Certificate Details
OID:1.3.6.1.4.1.25623.1.0.103692
Version used: 2021-12-10T12:48:00Z

Log (CVSS: 0.0)


NVT: SSL/TLS: HTTP Public Key Pinning (HPKP) Missing

Summary
The remote web server is not enforcing HPKP.
Note: Most major browsers have dropped / deprecated support for this header in 2020.

Vulnerability Detection Result


The remote web server is not enforcing HPKP.
HTTP-Banner:
HTTP/1.1 404 Not Found
Server: Microsoft-Azure-Application-Gateway/v2
Date: ***replaced***
Content-Type: text/html
Content-Length: ***replaced***
Connection: close

Solution:
Solution type: Workaround
Enable HPKP or add / congure the required directives correctly following the guides linked in
the references.
Note: Some web servers are not sending headers on specic status codes by default. Please review
your web server or application conguration to always send these headers on every response
independently from the status code.
- Apache: Use 'Header always set' instead of 'Header set'.
- nginx: Append the 'always' keyword to each 'add_header' directive.
For dierent applications or web severs please refer to the related documentation for a similar
conguration possibility.
. . . continues on next page . . .
2 RESULTS PER HOST 16

. . . continued from previous page . . .

Log Method
Details: SSL/TLS: HTTP Public Key Pinning (HPKP) Missing
OID:1.3.6.1.4.1.25623.1.0.108247
Version used: 2021-01-26T13:20:44Z

References
url: https://owasp.org/www-project-secure-headers/
url: https://owasp.org/www-project-secure-headers/#public-key-pinning-extension-
,→for-http-hpkp
url: https://tools.ietf.org/html/rfc7469
url: https://securityheaders.io/
url: https://httpd.apache.org/docs/current/mod/mod_headers.html#header
url: https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header

Log (CVSS: 0.0)


NVT: SSL/TLS: HTTP Strict Transport Security (HSTS) Missing

Summary
The remote web server is not enforcing HSTS.

Vulnerability Detection Result


The remote web server is not enforcing HSTS.
HTTP-Banner:
HTTP/1.1 404 Not Found
Server: Microsoft-Azure-Application-Gateway/v2
Date: ***replaced***
Content-Type: text/html
Content-Length: ***replaced***
Connection: close

Solution:
Solution type: Workaround
Enable HSTS or add / congure the required directives correctly following the guides linked in
the references.
Note: Some web servers are not sending headers on specic status codes by default. Please review
your web server or application conguration to always send these headers on every response
independently from the status code.
- Apache: Use 'Header always set' instead of 'Header set'.
- nginx: Append the 'always' keyword to each 'add_header' directive.
For dierent applications or web severs please refer to the related documentation for a similar
conguration possibility.

Log Method
Details: SSL/TLS: HTTP Strict Transport Security (HSTS) Missing
. . . continues on next page . . .
2 RESULTS PER HOST 17

. . . continued from previous page . . .


OID:1.3.6.1.4.1.25623.1.0.105879
Version used: 2021-01-26T13:20:44Z

References
url: https://owasp.org/www-project-secure-headers/
url: https://owasp.org/www-project-cheat-sheets/cheatsheets/HTTP_Strict_Transpor
,→t_Security_Cheat_Sheet.html
url: https://owasp.org/www-project-secure-headers/#http-strict-transport-securit
,→y-hsts
url: https://tools.ietf.org/html/rfc6797
url: https://securityheaders.io/
url: https://httpd.apache.org/docs/current/mod/mod_headers.html#header
url: https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header

Log (CVSS: 0.0)


NVT: SSL/TLS: NPN / ALPN Extension and Protocol Support Detection

Summary
This routine identies services supporting the following extensions to TLS:
- Application-Layer Protocol Negotiation (ALPN)
- Next Protocol Negotiation (NPN).
Based on the availability of this extensions the supported Network Protocols by this service are
gathered and reported.

Vulnerability Detection Result


The remote service advertises support for the following Network Protocol(s) via
,→the NPN extension:
SSL/TLS Protocol:Network Protocol
TLSv1.0:HTTP/1.1
TLSv1.1:HTTP/1.1
TLSv1.2:HTTP/1.1
The remote service advertises support for the following Network Protocol(s) via
,→the ALPN extension:
SSL/TLS Protocol:Network Protocol
TLSv1.0:HTTP/1.1
TLSv1.1:HTTP/1.1
TLSv1.2:HTTP/1.1

Solution:

Log Method
Details: SSL/TLS: NPN / ALPN Extension and Protocol Support Detection
OID:1.3.6.1.4.1.25623.1.0.108099
Version used: 2021-02-12T06:42:15Z

References
. . . continues on next page . . .
2 RESULTS PER HOST 18

. . . continued from previous page . . .


url: https://tools.ietf.org/html/rfc7301
url: https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04

Log (CVSS: 0.0)


NVT: SSL/TLS: Report Medium Cipher Suites

Summary
This routine reports all Medium SSL/TLS cipher suites accepted by a service.

Vulnerability Detection Result


'Medium' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
'Medium' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
'Medium' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384

Solution:

Vulnerability Insight
Any cipher suite considered to be secure for only the next 10 years is considered as medium.

Log Method
Details: SSL/TLS: Report Medium Cipher Suites
OID:1.3.6.1.4.1.25623.1.0.902816
Version used: 2021-12-01T13:10:37Z
2 RESULTS PER HOST 19

Log (CVSS: 0.0)


NVT: SSL/TLS: Report Non Weak Cipher Suites

Summary
This routine reports all Non Weak SSL/TLS cipher suites accepted by a service.

Vulnerability Detection Result


'Non Weak' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
'Non Weak' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
'Non Weak' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384

Solution:

Log Method
Details: SSL/TLS: Report Non Weak Cipher Suites
OID:1.3.6.1.4.1.25623.1.0.103441
Version used: 2021-12-01T09:24:41Z

Log (CVSS: 0.0)


NVT: SSL/TLS: Report Perfect Forward Secrecy (PFS) Cipher Suites

Summary
. . . continues on next page . . .
2 RESULTS PER HOST 20

. . . continued from previous page . . .


This routine reports all SSL/TLS cipher suites accepted by a service which are supporting Perfect
Forward Secrecy (PFS).

Vulnerability Detection Result


Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this serv
,→ice via the TLSv1.0 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this serv
,→ice via the TLSv1.1 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this serv
,→ice via the TLSv1.2 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Solution:

Log Method
Details: SSL/TLS: Report Perfect Forward Secrecy (PFS) Cipher Suites
OID:1.3.6.1.4.1.25623.1.0.105018
Version used: 2021-12-09T13:40:52Z

Log (CVSS: 0.0)


NVT: SSL/TLS: Report Supported Cipher Suites

Summary
This routine reports all SSL/TLS cipher suites accepted by a service.
As the VT 'SSL/TLS: Check Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.900234) might
run into a timeout the actual reporting of all accepted cipher suites takes place in this VT instead.

Vulnerability Detection Result


No 'Strong' cipher suites accepted by this service via the TLSv1.0 protocol.
'Medium' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
No 'Weak' cipher suites accepted by this service via the TLSv1.0 protocol.
No 'Null' cipher suites accepted by this service via the TLSv1.0 protocol.
. . . continues on next page . . .
2 RESULTS PER HOST 21

. . . continued from previous page . . .


No 'Anonymous' cipher suites accepted by this service via the TLSv1.0 protocol.
No 'Strong' cipher suites accepted by this service via the TLSv1.1 protocol.
'Medium' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
No 'Weak' cipher suites accepted by this service via the TLSv1.1 protocol.
No 'Null' cipher suites accepted by this service via the TLSv1.1 protocol.
No 'Anonymous' cipher suites accepted by this service via the TLSv1.1 protocol.
No 'Strong' cipher suites accepted by this service via the TLSv1.2 protocol.
'Medium' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
No 'Weak' cipher suites accepted by this service via the TLSv1.2 protocol.
No 'Null' cipher suites accepted by this service via the TLSv1.2 protocol.
No 'Anonymous' cipher suites accepted by this service via the TLSv1.2 protocol.

Solution:

Log Method
Details: SSL/TLS: Report Supported Cipher Suites
OID:1.3.6.1.4.1.25623.1.0.802067
Version used: 2022-02-18T09:01:14Z

Log (CVSS: 0.0)


NVT: SSL/TLS: Version Detection

Summary
Enumeration and reporting of SSL/TLS protocol versions supported by a remote service.

Vulnerability Detection Result


The remote SSL/TLS service supports the following SSL/TLS protocol version(s):
TLSv1.0
. . . continues on next page . . .
2 RESULTS PER HOST 22

. . . continued from previous page . . .


TLSv1.1
TLSv1.2

Solution:

Log Method
Sends multiple connection requests to the remote service and attempts to determine the SSL/TLS
protocol versions supported by the service from the replies.
Note: The supported SSL/TLS protocol versions included in the report of this VT are reported
independently from the allowed / supported SSL/TLS ciphers.
Details: SSL/TLS: Version Detection
OID:1.3.6.1.4.1.25623.1.0.105782
Version used: 2021-12-06T15:42:24Z

[ return to 20.43.179.36 ]

2.1.5 Log general/tcp

Log (CVSS: 0.0)


NVT: Hostname Determination Reporting

Summary
The script reports information on how the hostname of the target was determined.

Vulnerability Detection Result


Hostname determination for IP 20.43.179.36:
Hostname|Source
20.43.179.36|IP-address

Solution:

Log Method
Details: Hostname Determination Reporting
OID:1.3.6.1.4.1.25623.1.0.108449
Version used: 2018-11-19T11:11:31Z

Log (CVSS: 0.0)


NVT: OS Detection Consolidation and Reporting

Summary
This script consolidates the OS information detected by several VTs and tries to nd the best
matching OS.
. . . continues on next page . . .
2 RESULTS PER HOST 23

. . . continued from previous page . . .


Furthermore it reports all previously collected information leading to this best matching OS. It
also reports possible additional information which might help to improve the OS detection.
If any of this information is wrong or could be improved please consider to report these to the
referenced community portal.

Vulnerability Detection Result


No Best matching OS identified. Please see the VT 'Unknown OS and Service Banner
,→ Reporting' (OID: 1.3.6.1.4.1.25623.1.0.108441) for possible ways to identify
,→this OS.

Solution:

Log Method
Details: OS Detection Consolidation and Reporting
OID:1.3.6.1.4.1.25623.1.0.105937
Version used: 2022-04-29T12:37:39Z

References
url: https://community.greenbone.net/c/vulnerability-tests

Log (CVSS: 0.0)


NVT: SSL/TLS: Hostname discovery from server certicate

Summary
It was possible to discover an additional hostname of this server from its certicate Common or
Subject Alt Name.

Vulnerability Detection Result


The following additional and resolvable hostnames were detected:
pamapersada.com

Solution:

Log Method
Details: SSL/TLS: Hostname discovery from server certificate
OID:1.3.6.1.4.1.25623.1.0.111010
Version used: 2021-11-22T15:32:39Z

Log (CVSS: 0.0)


NVT: Traceroute

Summary
. . . continues on next page . . .
2 RESULTS PER HOST 24

. . . continued from previous page . . .


Collect information about the network route and network distance between the scanner host and
the target host.

Vulnerability Detection Result


Network route from scanner (10.88.0.9) to target (20.43.179.36):
10.88.0.9
172.105.134.1
10.204.64.12
10.204.32.28
10.204.32.65
206.71.12.48
104.44.238.116
104.44.18.221
104.44.16.49
104.44.7.43
104.44.18.40
104.44.17.113
104.44.7.12
104.44.20.6
20.43.179.36
Network distance between scanner and target: 15

Solution:

Vulnerability Insight
For internal networks, the distances are usually small, often less than 4 hosts between scanner
and target. For public targets the distance is greater and might be 10 hosts or more.

Log Method
A combination of the protocols ICMP and TCP is used to determine the route. This method is
applicable for IPv4 only and it is also known as 'traceroute'.
Details: Traceroute
OID:1.3.6.1.4.1.25623.1.0.51662
Version used: 2021-03-12T14:25:59Z

Log (CVSS: 0.0)


NVT: Unknown OS and Service Banner Reporting

Summary
This NVT consolidates and reports the information collected by the following NVTs:
- Collect banner of unknown services (OID: 1.3.6.1.4.1.25623.1.0.11154)
- Service Detection (unknown) with nmap (OID: 1.3.6.1.4.1.25623.1.0.66286)
- Service Detection (wrapped) with nmap (OID: 1.3.6.1.4.1.25623.1.0.108525)
- OS Detection Consolidation and Reporting (OID: 1.3.6.1.4.1.25623.1.0.105937)
. . . continues on next page . . .
2 RESULTS PER HOST 25

. . . continued from previous page . . .


If you know any of the information reported here, please send the full output to the referenced
community portal.

Vulnerability Detection Result


Unknown banners have been collected which might help to identify the OS running
,→on this host. If these banners containing information about the host OS please
,→ report the following information to https://community.greenbone.net/c/vulnera
,→bility-tests:
Banner: Server: Microsoft-Azure-Application-Gateway/v2
Identified from: HTTP Server banner on port 443/tcp
Banner: Server: Microsoft-Azure-Application-Gateway/v2
Identified from: HTTP Server banner on port 80/tcp

Solution:

Log Method
Details: Unknown OS and Service Banner Reporting
OID:1.3.6.1.4.1.25623.1.0.108441
Version used: 2019-01-03T20:41:17Z

References
url: https://community.greenbone.net/c/vulnerability-tests

[ return to 20.43.179.36 ]

2.1.6 Log 80/tcp

Log (CVSS: 0.0)


NVT: CGI Scanning Consolidation

Summary
The script consolidates various information for CGI scanning.
This information is based on the following scripts / settings:
- HTTP-Version Detection (OID: 1.3.6.1.4.1.25623.1.0.100034)
- No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)
- Web mirroring / webmirror.nasl (OID: 1.3.6.1.4.1.25623.1.0.10662)
- Directory Scanner / DDI_Directory_Scanner.nasl (OID: 1.3.6.1.4.1.25623.1.0.11032)
- The congured 'cgi_path' within the 'Scanner Preferences' of the scan cong in use
- The congured 'Enable CGI scanning', 'Enable generic web application scanning' and 'Add
historic /scripts and /cgi-bin to directories for CGI scanning' within the 'Global variable settings'
of the scan cong in use
If you think any of this information is wrong please report it to the referenced community portal.

Vulnerability Detection Result


The Hostname/IP "20.43.179.36" was used to access the remote host.
. . . continues on next page . . .
2 RESULTS PER HOST 26

. . . continued from previous page . . .


Generic web application scanning is disabled for this host via the "Enable gener
,→ic web application scanning" option within the "Global variable settings" of t
,→he scan config in use.
Requests to this service are done via HTTP/1.1.
This service seems to be able to host PHP scripts.
This service seems to be able to host ASP scripts.
The User-Agent "Mozilla/5.0 [en] (X11, U; OpenVAS-VT 21.4.3)" was used to access
,→ the remote host.
Historic /scripts and /cgi-bin are not added to the directories used for CGI sca
,→nning. You can enable this again with the "Add historic /scripts and /cgi-bin
,→to directories for CGI scanning" option within the "Global variable settings"
,→of the scan config in use.
The following directories were used for CGI scanning:
http://20.43.179.36/
While this is not, in and of itself, a bug, you should manually inspect these di
,→rectories to ensure that they are in compliance with company security standard
,→s

Solution:

Log Method
Details: CGI Scanning Consolidation
OID:1.3.6.1.4.1.25623.1.0.111038
Version used: 2022-03-24T09:16:49Z

References
url: https://community.greenbone.net/c/vulnerability-tests

Log (CVSS: 0.0)


NVT: HTTP Security Headers Detection

Summary
All known security headers are being checked on the remote web server.
On completion a report will hand back whether a specic security header has been implemented
(including its value and if it is deprecated) or is missing on the target.

Vulnerability Detection Result


Missing Headers | More Information
--------------------------------------------------------------------------------
,→------------------------------------------------------------------------------
,→------------------------------------------------
Content-Security-Policy | https://owasp.org/www-project-secure-headers
,→/#content-security-policy
Cross-Origin-Embedder-Policy | https://scotthelme.co.uk/coop-and-coep/, Not
,→e: This is an upcoming header
Cross-Origin-Opener-Policy | https://scotthelme.co.uk/coop-and-coep/, Not
. . . continues on next page . . .
2 RESULTS PER HOST 27

. . . continued from previous page . . .


,→e: This is an upcoming header
Cross-Origin-Resource-Policy | https://scotthelme.co.uk/coop-and-coep/, Not
,→e: This is an upcoming header
Document-Policy | https://w3c.github.io/webappsec-feature-poli
,→cy/document-policy#document-policy-http-header
Feature-Policy | https://owasp.org/www-project-secure-headers
,→/#feature-policy, Note: The Feature Policy header has been renamed to Permissi
,→ons Policy
Permissions-Policy | https://w3c.github.io/webappsec-feature-poli
,→cy/#permissions-policy-http-header-field
Referrer-Policy | https://owasp.org/www-project-secure-headers
,→/#referrer-policy
Sec-Fetch-Dest | https://developer.mozilla.org/en-US/docs/Web
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-Mode | https://developer.mozilla.org/en-US/docs/Web
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-Site | https://developer.mozilla.org/en-US/docs/Web
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-User | https://developer.mozilla.org/en-US/docs/Web
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
X-Content-Type-Options | https://owasp.org/www-project-secure-headers
,→/#x-content-type-options
X-Frame-Options | https://owasp.org/www-project-secure-headers
,→/#x-frame-options
X-Permitted-Cross-Domain-Policies | https://owasp.org/www-project-secure-headers
,→/#x-permitted-cross-domain-policies
X-XSS-Protection | https://owasp.org/www-project-secure-headers
,→/#x-xss-protection, Note: Most major browsers have dropped / deprecated suppor
,→t for this header in 2020.

Solution:

Log Method
Details: HTTP Security Headers Detection
OID:1.3.6.1.4.1.25623.1.0.112081
Version used: 2021-07-14T06:19:43Z

References
url: https://owasp.org/www-project-secure-headers/
url: https://owasp.org/www-project-secure-headers/#div-headers
url: https://securityheaders.com/
2 RESULTS PER HOST 28

Log (CVSS: 0.0)


NVT: HTTP Server Banner Enumeration

Summary
This script tries to detect / enumerate dierent HTTP server banner (e.g. from a frontend,
backend or proxy server) by sending various dierent HTTP requests (valid and invalid ones).

Vulnerability Detection Result


It was possible to enumerate the following HTTP server banner(s):
Server banner | Enumeration technique
--------------------------------------------------------------------------------
,→------------
Server: Microsoft-Azure-Application-Gateway/v2 | Valid HTTP 0.9 GET request to '
,→/index.html'

Solution:

Log Method
Details: HTTP Server Banner Enumeration
OID:1.3.6.1.4.1.25623.1.0.108708
Version used: 2021-01-11T11:29:35Z

Log (CVSS: 0.0)


NVT: HTTP Server type and version

Summary
This script detects and reports the HTTP Server's banner which might provide the type and
version of it.

Vulnerability Detection Result


The remote HTTP Server banner is:
Server: Microsoft-Azure-Application-Gateway/v2

Solution:

Log Method
Details: HTTP Server type and version
OID:1.3.6.1.4.1.25623.1.0.10107
Version used: 2020-08-24T15:18:35Z

Log (CVSS: 0.0)


NVT: Services

Summary
. . . continues on next page . . .
2 RESULTS PER HOST 29

. . . continued from previous page . . .


This routine attempts to guess which service is running on the remote ports. For instance, it
searches for a web server which could listen on another port than 80 or 443 and makes this
information available for other check routines.

Vulnerability Detection Result


A web server is running on this port

Solution:

Log Method
Details: Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: 2021-03-15T10:42:03Z

[ return to 20.43.179.36 ]

This le was automatically generated.

You might also like