  ![Fixed [Selected]](on-vulfixed.gif) |  |
| |
Vulnerability
| 11424 | IIS WebDAV Buffer Overrun | 1 System | High Risk |
|---|
| Description | This system is an IIS server running WebDAV. This may be vulnerable to a buffer overrun when a malicious WebDAV request is sent. When running on an unpatched Windows 2000 server, a remote attacker could use this to crash the service or take control of the system. Note: This may be a false positive as it is not possible to determine remotely if the patch has been applied. | ||||
|---|---|---|---|---|---|
| Solution | Apply the patch from Microsoft. In addition we suggest you edit registry to disable WebDAV, following these instructions. If you do not disable WebDAV then this vulnerability will continue appearing until you stoplist it. | ||||
| References | Microsoft Security Bulletin MS03-007 CERT Advisory CA-2003-09 Microsoft Knowledge Base Q241520 CVE-2003-0109 | ||||
| Systems | www.your_company.nl
(192.168.0.103)
|
|---|
|
Vulnerability
| 90027 | High Risk Ports Open | 1 System | High Risk |
|---|
| Description | The following high risk ports are open: [For specific url or description click server link below.] Note: Even if the ports are immediately closed after being opened, this is still a security risk as packets are reaching the destination host. It is recommended to completely drop packets from untrusted sources instead. | ||||
|---|---|---|---|---|---|
| Solution | Ensure that the ports are filtered by your router or firewall or close the ports on the affected systems. | ||||
| Systems | www.your_company.de
(192.168.0.104)
|
|---|
|
Vulnerability
| 11137 | Apache < 1.3.27 Multiple Vulnerabilities | 1 System | Medium Risk |
|---|
| Description | This system is running a vulnerable version of Apache, according to its banner. There is a cross-site scripting vulnerability through the Host: header, if UseCanonicalName is Off. Exploitation is only possible where wildcard DNS is used. There is also a buffer overrun in the ApacheBench module - if this is enabled, it may allow arbitrary code execution. A further vulnerability exists in the shared memory scoreboard, but this is only exploitable by a local user. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version, or apply a patch. Workaround : Set UseCanonicalName to On and disable ApacheBench | ||||
| References | CVE-2002-0840 CVE-2002-0839 CVE-2002-0843 | ||||
| Systems | www.your_company.fr
(192.168.0.105)
|
|---|
|
Vulnerability
| 11378 | MySQL < 3.23.56 Privilege Escalation
 | 1 System | Medium Risk |
|---|
| Description | This system is running a vulnerable version of MySQL, according to its banner. There is insufficient permissions checking in code related to the "select into outfile" SQL command. A database user could use this to overwrite configuration files and escalate privileges. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version, or apply a patch. | ||||
| References | Bugtraq ID 7052 CVE-2003-0150 | ||||
| CVSS Score | 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C) | ||||
| Systems | www.your_company.de
(192.168.0.104)
|
|---|
|
Vulnerability
| 10539 | Globally Useable Name Server
| 1 System | Medium Risk |
|---|
| Description | This system is running a name server that allows any system on the Internet to perform recursive queries and resolve third-party domain names. A remote attacker could use this to extract information about your name lookup patterns, and may be able to perform DNS cache poisoning attacks. | ||||
|---|---|---|---|---|---|
| Solution | Restrict recursive queries to trusted addresses. For servers running BIND, use the allow-recursion or allow-query directives. | ||||
| References | CVE-1999-0024 Securing Windows Server 2003 Domain Controllers | ||||
| CVSS Score | 5 (AV:N/AC:L/Au:N/C:N/I:P/A:N) | ||||
| Systems | dns0.example.com
(192.168.0.110)
|
|---|
|
Vulnerability
| 10942 | Citrix Service Detected | 2 Systems | Low Risk |
|---|
| Description | This system is running a Citrix service, which allows a Windows user to obtain a remote graphical login. The service is available to any host on the internet, which allows remote attackers to brute force passwords. The configuration may be intentional, but it's best to restrict this service to trusted addresses. | ||||
|---|---|---|---|---|---|
| Solution | Disable this service if you do not use it. If you do use it, install the SECURE ICA option pack and use a firewall to restrict access to trusted addresses. | ||||
| Systems | mail.example.com
(192.168.0.111)
| www.example.com
(192.168.0.112)
|
|---|---|---|
|
Vulnerability
| 10940 | Windows Terminal Service Enabled | 1 System | Low Risk |
|---|
| Description | Windows Terminal Services are enabled on the remote host. This allows a remote user to obtain a graphical login, and therefore act as a local user on the remote host. This may be intentional, but it is usual practice to restrict access to this service. | ||||
|---|---|---|---|---|---|
| Solution | Use a firewall to restrict access to trusted addresses. | ||||
| References | CVE-2001-0540 | ||||
| Systems | www.example.com
(192.168.0.112)
|
|---|
|
Vulnerability
| 10021 | Identd enabled | 1 System | Low Risk |
|---|
| Description | The ident service appears to be running on the remote host. This service provides sensitive information to an attacker, allowing them to enumerate which accounts are running which services. | ||||
|---|---|---|---|---|---|
| Solution | Disable this service or restrict it to trusted IP addresses | ||||
| References | CVE-1999-0629 | ||||
| Systems | www.example.com
(192.168.0.112)
|
|---|
|
Vulnerability
| 10056 | /doc directory browsable | 1 System | Low Risk |
|---|
| Description | The /doc directory is browsable. This lets an attacker know what software is installed on the host, and more importantly what version of the software. This allows an attacker to make more focussed attacks. You can browse the directory at this URL:
[For specific url or description click server link below.] | ||||
|---|---|---|---|---|---|
| Solution | Use an appropriate access control lists to restrict access to the /doc directory. | ||||
| References | CVE-1999-0678 | ||||
| Systems | www.example.com
(192.168.0.112)
|
|---|
|
Vulnerability
| 10640 | Kerberos PingPong DOS | 1 System | Low Risk |
|---|
| Description | The remote kerberos server seems to be vulnerable to a pingpong attack. When contacted on the UDP port, this service always responds, even to bogus data. An attacker can cause a denial of service attack, by spoofing a packet between two machines running this service. This will cause them to spew data at each other, saturating the network. | ||||
|---|---|---|---|---|---|
| Solution | Disable this service in /etc/inetd.conf. | ||||
| References | CVE-1999-0103 | ||||
| CVSS Score | 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) | ||||
| Systems | www.example.com
(192.168.0.112)
|
|---|