Information found on port ssh (22/tcp)
An ssh server is running on this port
Nessus ID : 10330
Information found on port ssh (22/tcp)
Remote SSH version : SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419
Remote SSH supported authentication : publickey,keyboard-interactive
Nessus ID : 10267
Information found on port smtp (25/tcp)
An SMTP server is running on this port
Here is its banner :
220 pc15.pacnog.school.fj ESMTP Exim 4.50 Tue, 21 Jun 2005 14:36:46 +1200
Nessus ID : 10330
Information found on port smtp (25/tcp)
Remote SMTP server banner :
220 pc15.pacnog.school.fj ESMTP Exim 4.50 Tue, 21 Jun 2005 14:37:36 +1200
This is probably: Exim version 4.50
Nessus ID : 10263
Information found on port smtp (25/tcp)
This server could be fingerprinted as being Exim 2.12,3.12,3.22,3.33,3.35,4.01,4.12
Nessus ID : 11421
Warning found on port http (80/tcp)
Your webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
"Cross-Site-Tracing", when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
If you are using Sun ONE Web Server releases 6.0 SP2 and later, add the
following to the default object section in obj.conf:
<Client method="TRACE">
AuthTrans fn="set-variable"
remove-headers="transfer-encoding"
set-headers="content-length: -1"
error="501"
</Client>
If you are using Sun ONE Web Server releases 6.0 SP2 or below, compile
the NSAPI plugin located at:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
http://www.kb.cert.org/vuls/id/867593
Risk factor : Medium
BID : 9506, 9561, 11604
Nessus ID : 11213
Information found on port http (80/tcp)
A web server is running on this port
Nessus ID : 10330
Information found on port http (80/tcp)
The remote web server type is :
Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7e
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
Nessus ID : 10107
Information found on port http (80/tcp)
The following directories were discovered:
/cgi-bin, /icons, /manual
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
Nessus ID : 11032
Warning found on port https (443/tcp)
Your webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
"Cross-Site-Tracing", when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
If you are using Sun ONE Web Server releases 6.0 SP2 and later, add the
following to the default object section in obj.conf:
<Client method="TRACE">
AuthTrans fn="set-variable"
remove-headers="transfer-encoding"
set-headers="content-length: -1"
error="501"
</Client>
If you are using Sun ONE Web Server releases 6.0 SP2 or below, compile
the NSAPI plugin located at:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
http://www.kb.cert.org/vuls/id/867593
Risk factor : Medium
BID : 9506, 9561, 11604
Nessus ID : 11213
Information found on port https (443/tcp)
A SSLv2 server answered on this port
Nessus ID : 10330
Information found on port https (443/tcp)
A web server is running on this port through SSL
Nessus ID : 10330
Information found on port https (443/tcp)
The remote web server type is :
Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7e
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
Nessus ID : 10107
Information found on port https (443/tcp)
The SSL certificate of the remote service will expire within 60 days, at 050819044020Z.
Nessus ID : 15901
Information found on port https (443/tcp)
The following directories were discovered:
/cgi-bin, /icons, /manual
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
Nessus ID : 11032
Information found on port https (443/tcp)
Here is the SSLv2 server certificate:
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
82:f6:fb:b6:1c:b8:a2:d3
Signature Algorithm: md5WithRSAEncryption
Issuer: C=FJ, ST=NADI, L=VOTUALEVU, O=Smurfys Inc., OU=Finance, CN=pc15@pacnorg.school.fj/emailAddress=papasmurf@pacnorg.school.fj
Validity
Not Before: Jun 20 04:40:20 2005 GMT
Not After : Aug 19 04:40:20 2005 GMT
Subject: C=FJ, ST=NADI, L=VOTUALEVU, O=Smurfys Inc., OU=Finance, CN=pc15@pacnorg.school.fj/emailAddress=papasmurf@pacnorg.school.fj
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:e1:18:ed:1d:19:b0:4e:fc:ea:c2:5e:e5:d0:11:
c5:ae:db:b3:80:13:e2:1e:32:60:4d:c8:21:7a:fa:
2f:0d:98:0f:05:6d:61:9b:33:17:ff:e7:39:ba:71:
ea:6e:2b:ed:48:e4:b7:8d:aa:f3:c8:60:36:74:42:
2a:f3:09:23:b8:5f:a3:92:9a:c0:eb:4c:bf:26:4b:
66:ff:c2:0c:64:26:d0:6c:97:63:df:96:0a:94:44:
96:e3:ec:a4:bc:c1:bf:0c:41:13:2f:91:24:4d:96:
63:c6:e8:b7:f5:14:4e:f0:84:2f:45:41:d0:e6:43:
f7:31:1d:8f:7e:68:56:f7:25
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
b7:50:bb:c8:7e:07:45:20:56:ee:ba:a3:ea:2d:25:7e:94:b2:
93:a1:ea:b6:ba:74:fa:fb:55:32:79:2b:2a:73:e8:ca:6c:00:
52:fd:a8:59:e2:3c:ad:c9:df:23:fd:66:95:31:d3:01:6e:13:
7e:86:d4:70:65:a9:ff:58:38:a5:60:20:d0:eb:04:ad:f3:41:
df:6e:ba:36:a3:fc:9a:49:06:e1:10:79:32:25:d6:6d:cb:81:
88:a3:83:7e:f6:11:87:8a:66:bb:4f:08:87:0b:13:72:6b:d4:
9c:68:90:52:54:ce:a6:6c:47:1b:9d:df:d3:60:b0:5a:c6:e2:
39:d0
Here is the list of available SSLv2 ciphers:
RC4-MD5
EXP-RC4-MD5
RC2-CBC-MD5
EXP-RC2-CBC-MD5
DES-CBC-MD5
DES-CBC3-MD5
RC4-64-MD5
The SSLv2 server offers 5 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary.
See http://support.microsoft.com/default.aspx?scid=kb;en-us;216482
or http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslciphersuite
This SSLv2 server also accepts SSLv3 connections.
This SSLv2 server also accepts TLSv1 connections.
Nessus ID : 10863