Information found on port ssh (22/tcp)
An ssh server is running on this port
Nessus ID : 10330
Information found on port ssh (22/tcp)
Remote SSH version : SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419
Remote SSH supported authentication : publickey,keyboard-interactive
Nessus ID : 10267
Information found on port smtp (25/tcp)
An SMTP server is running on this port
Here is its banner :
220 localhost ESMTP Exim 4.52 Sat, 09 Jul 2005 12:33:20 -0400
Nessus ID : 10330
Information found on port smtp (25/tcp)
Remote SMTP server banner :
220 localhost ESMTP Exim 4.52 Sat, 09 Jul 2005 12:34:42 -0400
This is probably: Exim version 4.52
Nessus ID : 10263
Information found on port smtp (25/tcp)
This server could be fingerprinted as being Exim 2.12,3.12,3.22,3.33,3.35,4.01,4.12
Nessus ID : 11421
Warning found on port http (80/tcp)
Your webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
"Cross-Site-Tracing", when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
If you are using Sun ONE Web Server releases 6.0 SP2 and later, add the
following to the default object section in obj.conf:
<Client method="TRACE">
AuthTrans fn="set-variable"
remove-headers="transfer-encoding"
set-headers="content-length: -1"
error="501"
</Client>
If you are using Sun ONE Web Server releases 6.0 SP2 or below, compile
the NSAPI plugin located at:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
http://www.kb.cert.org/vuls/id/867593
Risk factor : Medium
BID : 9506, 9561, 11604
Nessus ID : 11213
Information found on port http (80/tcp)
A web server is running on this port
Nessus ID : 10330
Information found on port http (80/tcp)
The remote web server type is :
Apache/1.3.33 (Unix) PHP/5.0.3 mod_ssl/2.8.22 OpenSSL/0.9.7e
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
Nessus ID : 10107
Information found on port http (80/tcp)
The following directories were discovered:
/cgi-bin, /icons, /install, /manual
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
Nessus ID : 11032
Information found on port http (80/tcp)
The following directories were discovered:
/cgi-bin, /icons, /install, /manual
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
Nessus ID : 11032
Information found on port pop3 (110/tcp)
A pop3 server is running on this port
Nessus ID : 10330
Information found on port imap (143/tcp)
An IMAP server is running on this port
Nessus ID : 10330
Information found on port imap (143/tcp)
The remote imap server banner is :
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc. See COPYING for distribution information.
Versions and types should be omitted where possible.
Change the imap banner to something generic.
Nessus ID : 11414
Warning found on port https (443/tcp)
Your webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
"Cross-Site-Tracing", when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
If you are using Sun ONE Web Server releases 6.0 SP2 and later, add the
following to the default object section in obj.conf:
<Client method="TRACE">
AuthTrans fn="set-variable"
remove-headers="transfer-encoding"
set-headers="content-length: -1"
error="501"
</Client>
If you are using Sun ONE Web Server releases 6.0 SP2 or below, compile
the NSAPI plugin located at:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
http://www.kb.cert.org/vuls/id/867593
Risk factor : Medium
BID : 9506, 9561, 11604
Nessus ID : 11213
Information found on port https (443/tcp)
A SSLv2 server answered on this port
Nessus ID : 10330
Information found on port https (443/tcp)
A web server is running on this port through SSL
Nessus ID : 10330
Information found on port https (443/tcp)
The remote web server type is :
Apache/1.3.33 (Unix) PHP/5.0.3 mod_ssl/2.8.22 OpenSSL/0.9.7e
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
Nessus ID : 10107
Information found on port https (443/tcp)
The following directories were discovered:
/cgi-bin, /icons, /install, /manual, /sample
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
Nessus ID : 11032
Information found on port https (443/tcp)
The SSL certificate of the remote service will expire within 60 days, at 050904071956Z.
Nessus ID : 15901
Information found on port https (443/tcp)
Here is the SSLv2 server certificate:
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
f3:f5:f2:a7:23:9c:6d:d5
Signature Algorithm: md5WithRSAEncryption
Issuer: C=bt, ST=Thimphu, O=SANOG, CN=localhost/emailAddress=hervey@nsrc.org
Validity
Not Before: Jul 6 07:19:56 2005 GMT
Not After : Sep 4 07:19:56 2005 GMT
Subject: C=bt, ST=Thimphu, O=SANOG, CN=localhost/emailAddress=hervey@nsrc.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:a3:e8:d1:4b:d7:92:8a:69:3f:cd:c3:ee:62:1e:
e9:b7:16:c1:d2:38:df:ce:cb:9c:4d:d5:27:00:f3:
1e:a0:c6:85:04:0b:50:37:30:20:3d:ef:60:1e:3f:
4d:68:ac:1a:d6:9e:04:81:7f:ac:8d:a7:ca:44:9b:
53:29:d2:7a:e2:fe:62:08:c8:10:aa:c3:b1:48:6a:
46:1d:3b:f4:e7:b7:29:df:2c:93:e4:5b:d8:29:bf:
b1:82:2f:47:68:73:9a:6b:ce:5d:1e:59:12:cd:08:
81:d3:4c:61:d5:ef:df:a6:ef:c5:a7:68:65:88:56:
8a:a7:90:2d:81:c3:2f:a8:73
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
53:46:b8:a8:0d:81:f9:66:7b:05:de:06:22:b8:22:af:f8:8b:
af:62:1a:6f:fa:56:c7:ca:8a:50:c9:08:c3:0b:aa:8d:9d:e0:
8b:12:8c:36:71:18:09:29:18:a3:cb:44:db:08:39:5e:6d:37:
cf:cd:aa:6f:be:83:f2:9c:7f:ce:19:b7:10:41:2e:81:07:ec:
e8:7a:4c:56:17:ef:56:b5:cd:e2:67:1d:bf:cc:8c:9b:43:13:
f7:aa:f6:f3:67:d4:d2:1b:72:77:a4:36:ec:b6:5b:90:37:e7:
04:a1:df:5d:a8:1f:72:1c:c1:2a:c5:71:7c:31:1b:2c:f4:21:
97:a9
Here is the list of available SSLv2 ciphers:
RC4-MD5
EXP-RC4-MD5
RC2-CBC-MD5
EXP-RC2-CBC-MD5
DES-CBC-MD5
DES-CBC3-MD5
RC4-64-MD5
The SSLv2 server offers 5 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary.
See http://support.microsoft.com/default.aspx?scid=kb;en-us;216482
or http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslciphersuite
This SSLv2 server also accepts SSLv3 connections.
This SSLv2 server also accepts TLSv1 connections.
Nessus ID : 10863
Information found on port imaps (993/tcp)
A SSLv2 server answered on this port
Nessus ID : 10330
Information found on port imaps (993/tcp)
An IMAP server is running on this port through SSL
Nessus ID : 10330
Information found on port imaps (993/tcp)
The remote imap server banner is :
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE AUTH=PLAIN ACL ACL2=UNION] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc. See COPYING for distribution information.
Versions and types should be omitted where possible.
Change the imap banner to something generic.
Nessus ID : 11414
Information found on port imaps (993/tcp)
Here is the SSLv2 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ec:c1:0e:f4:12:61:ad:90
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=NY, L=New York, O=Courier Mail Server, OU=Automatically-generated IMAP SSL key, CN=localhost/emailAddress=postmaster@example.com
Validity
Not Before: Jul 7 02:04:05 2005 GMT
Not After : Jul 7 02:04:05 2006 GMT
Subject: C=US, ST=NY, L=New York, O=Courier Mail Server, OU=Automatically-generated IMAP SSL key, CN=localhost/emailAddress=postmaster@example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:d2:7c:10:93:d6:d2:f6:68:7d:a9:19:79:39:20:
44:a5:7f:07:be:0b:0c:38:34:49:55:80:f1:25:00:
61:6b:b5:c5:70:48:52:f2:7a:9a:b9:3d:52:53:a0:
fb:09:e1:50:18:be:94:01:01:24:26:94:4d:d9:8d:
58:64:5c:cf:ea:41:44:7f:09:d0:b2:40:0a:86:71:
98:34:3a:4b:78:1e:f9:71:c6:24:32:cf:20:6b:24:
46:a0:b1:3e:2e:04:38:85:04:93:ee:92:5d:19:09:
22:6f:da:81:4d:95:03:5a:74:4d:5d:a0:89:03:b0:
41:45:cb:0a:92:df:16:5d:33
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Cert Type:
SSL Server
Signature Algorithm: md5WithRSAEncryption
6e:2a:c8:5b:df:b2:70:5f:cd:56:83:2d:2a:03:db:e0:18:d4:
58:f0:5d:2e:f0:dd:dd:8b:0e:6f:a1:ab:85:db:f4:f3:c8:81:
bd:a0:ec:b8:46:76:3a:ff:cc:ee:0d:49:af:49:5f:75:38:c3:
47:91:96:90:2f:8f:01:93:9c:8b:71:f3:61:de:a3:0c:15:29:
bd:7e:27:2c:3a:c9:fc:ba:f2:34:30:27:58:16:75:25:62:f7:
e0:3c:9d:65:2a:67:47:d6:60:e9:6e:a8:74:cd:f6:c2:fd:b9:
4a:bb:dd:22:b2:a4:53:8c:63:dc:63:50:00:e2:4c:02:d9:84:
30:a4
Here is the list of available SSLv2 ciphers:
RC4-MD5
EXP-RC4-MD5
RC2-CBC-MD5
EXP-RC2-CBC-MD5
DES-CBC-MD5
DES-CBC3-MD5
RC4-64-MD5
The SSLv2 server offers 5 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary.
See http://support.microsoft.com/default.aspx?scid=kb;en-us;216482
or http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslciphersuite
This SSLv2 server also accepts SSLv3 connections.
This SSLv2 server also accepts TLSv1 connections.
Nessus ID : 10863
Information found on port pop3s (995/tcp)
A SSLv2 server answered on this port
Nessus ID : 10330
Information found on port pop3s (995/tcp)
A pop3 server is running on this port
Nessus ID : 10330
Information found on port pop3s (995/tcp)
Here is the SSLv2 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
aa:1a:75:09:44:fb:85:23
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=NY, L=New York, O=Courier Mail Server, OU=Automatically-generated POP3 SSL key, CN=localhost/emailAddress=postmaster@example.com
Validity
Not Before: Jul 7 02:03:58 2005 GMT
Not After : Jul 7 02:03:58 2006 GMT
Subject: C=US, ST=NY, L=New York, O=Courier Mail Server, OU=Automatically-generated POP3 SSL key, CN=localhost/emailAddress=postmaster@example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:9e:69:5e:21:83:a2:10:4e:0b:34:84:02:21:3a:
2b:0b:82:95:fa:60:55:78:d2:71:c4:f2:dc:0b:f7:
ad:cc:a0:f3:e5:c0:96:2d:8b:85:4f:19:cb:7c:a7:
79:35:d2:f7:20:6b:9c:b2:b4:30:da:25:e7:c0:9b:
d1:0f:04:0f:ee:25:8f:4b:a8:26:1b:0d:7c:eb:bd:
c1:5e:cb:40:44:cc:45:42:a3:63:d0:be:3f:14:a7:
73:27:95:03:d1:b9:fe:6c:48:26:94:f7:fd:0d:86:
ce:6d:e9:63:6b:6e:08:5d:f9:94:93:84:27:66:80:
5b:da:12:12:cb:bf:61:1d:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Cert Type:
SSL Server
Signature Algorithm: md5WithRSAEncryption
2e:ac:14:6d:6a:6d:e7:24:02:7b:56:38:b1:30:e9:21:2b:f5:
f8:15:54:12:57:52:24:bd:39:77:ad:f5:f8:27:df:95:7c:1c:
67:73:f7:6c:1b:99:dc:7c:de:2f:52:36:ff:87:c4:b5:00:af:
4c:50:19:e8:61:a1:d0:4d:b8:8b:6c:47:da:a5:4c:0c:16:85:
b7:e2:b9:cd:8e:91:d1:f1:66:50:c2:ab:9f:e7:b5:5f:52:1d:
d7:4c:56:1c:ab:85:22:2d:35:eb:c8:9b:17:3f:48:15:eb:c4:
fe:d8:b2:61:8f:51:1e:4e:02:26:6b:46:11:b7:8c:d5:b8:c3:
a7:bc
Here is the list of available SSLv2 ciphers:
RC4-MD5
EXP-RC4-MD5
RC2-CBC-MD5
EXP-RC2-CBC-MD5
DES-CBC-MD5
DES-CBC3-MD5
RC4-64-MD5
The SSLv2 server offers 5 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary.
See http://support.microsoft.com/default.aspx?scid=kb;en-us;216482
or http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslciphersuite
This SSLv2 server also accepts SSLv3 connections.
This SSLv2 server also accepts TLSv1 connections.
Nessus ID : 10863
Warning found on port nessus (1241/tcp)
A Nessus Daemon is listening on this port.
Nessus ID : 10147
Information found on port nessus (1241/tcp)
A TLSv1 server answered on this port
Nessus ID : 10330
Information found on port nessus (1241/tcp)
Here is the TLSv1 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=cl, ST=Region Metropolitana, L=Santiago, O=NSRC, OU=Certification Authority for localhost, CN=localhost/emailAddress=ca@localhost
Validity
Not Before: Jul 9 16:25:21 2005 GMT
Not After : Jul 9 16:25:21 2006 GMT
Subject: C=cl, ST=Region Metropolitana, L=Santiago, O=NSRC, OU=Server certificate for localhost, CN=localhost/emailAddress=nessusd@localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:cc:ba:8a:29:50:e7:42:26:21:27:59:43:bf:03:
10:f0:54:32:0b:1c:4b:00:24:28:b9:65:7a:ab:6d:
27:41:c5:15:38:74:d1:de:97:15:43:30:d2:65:46:
e3:80:99:00:30:ce:6e:7c:3c:dc:11:07:63:e8:d7:
bb:01:a2:f5:30:c5:9d:36:3b:ff:3e:1b:54:43:3c:
5d:fc:e5:d3:4d:a8:54:be:af:96:59:99:de:52:8e:
11:0c:f2:95:82:38:21:ba:35:10:c5:6b:98:fa:72:
ed:4a:47:51:23:e6:f0:08:33:62:fd:6d:43:4f:30:
4c:c3:89:31:bc:9f:54:f7:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Cert Type:
SSL Server
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
0B:EB:66:10:3D:C5:DE:A6:1F:FA:03:22:DC:AA:33:65:DE:D3:DE:05
X509v3 Authority Key Identifier:
keyid:7B:CF:1C:1D:BC:C7:EB:61:22:F9:A7:F6:13:E8:94:6F:15:29:CA:CE
DirName:/C=cl/ST=Region Metropolitana/L=Santiago/O=NSRC/OU=Certification Authority for localhost/CN=localhost/emailAddress=ca@localhost
serial:B5:C1:D1:4B:E3:CC:04:5A
X509v3 Subject Alternative Name:
email:nessusd@localhost
X509v3 Issuer Alternative Name:
<EMPTY>
Signature Algorithm: md5WithRSAEncryption
94:32:99:74:c3:62:3e:0e:77:c5:a3:95:a8:04:07:48:bd:d5:
81:af:73:a1:9e:15:b3:cc:1a:00:f9:3d:ca:43:46:6e:93:9f:
0e:af:5b:c4:68:06:f8:f1:87:d7:10:3a:08:7f:60:a3:4f:76:
69:68:58:0a:e2:4d:13:1f:a1:8a:85:ed:04:29:71:1f:0c:ce:
9e:a3:fe:c3:9b:c3:eb:6c:de:90:be:06:fb:2f:45:2d:01:b6:
5e:50:e2:85:f9:47:63:d1:ba:80:61:6c:7d:17:63:b1:6f:98:
ef:89:47:06:7a:4a:d9:1e:28:6b:1c:5f:6f:89:42:db:76:83:
78:90
This TLSv1 server does not accept SSLv2 connections.
This TLSv1 server does not accept SSLv3 connections.
Nessus ID : 10863
Information found on port mysql (3306/tcp)
An unknown service is running on this port.
It is usually reserved for MySQL
Nessus ID : 10330
Information found on port mysql (3306/tcp)
Remote MySQL version : 4.0.24
Nessus ID : 10719
Warning found on port cvsup (5999/tcp)
A CVSup server is running on this port
Nessus ID : 10330