 ![New [Selected]](on-vulnew.gif)  |  |
| |
Vulnerability
| 11030 | Apache < 1.3.26 Chunked Encoding Vulnerability
 | 1 System | High Risk |
|---|
| Description | This system is running a vulnerable version of Apache, according to its banner. There is a buffer overrun vulnerability in code related to chunked encoding. A remote attacker could use this to crash the service and may be able to take control of the system. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version, or apply a patch. | ||||
| References | CVE-2002-0392 Apache Security Alert CERT Advisory CA-2002-17 Bugtraq ID 5033 Oracle Security Alert #36 | ||||
| Systems | www.example.com (192.168.0.112)
|
|---|
|
Vulnerability
| 10264 | SNMP Default Community Names
| 1 System | High Risk |
|---|
| Description | This system is running an SNMP agent which uses an easily guessable community string. This enables an attacker to extract a large amount of useful information. If a writeable community string is guessable, an attacker could make configuration changes to the server. Here is a sample of the information that can be extracted: [For specific url or description click server link below.] | ||||
|---|---|---|---|---|---|
| Solution | Disable SNMP, or change the community string to something unguessable. | ||||
| References | CVE-1999-0517 CVE-1999-0186 CVE-1999-0254 CVE-1999-0516 | ||||
| CVSS Score | 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) | ||||
| Systems | www.your_company.nl (192.168.0.103)
|
|---|
|
Vulnerability
| 11718 | Lotus Domino < 5.0.9 Database Lock DoS | 1 System | Medium Risk |
|---|
| Description | This system is running a vulnerable version of Lotus Domino, according to its banner. There is a vulnerability in the code related to database locking. A remote attack could use this to lock out some databases, by requesting them through the web interface with a carefully crafted URL. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version, or apply a patch. | ||||
| References | CVE-2001-0954 | ||||
| Systems | www.yourcompany.com.my (192.168.0.106)
|
|---|
|
Vulnerability
| 11137 | Apache < 1.3.27 Multiple Vulnerabilities | 1 System | Medium Risk |
|---|
| Description | This system is running a vulnerable version of Apache, according to its banner. There is a cross-site scripting vulnerability through the Host: header, if UseCanonicalName is Off. Exploitation is only possible where wildcard DNS is used. There is also a buffer overrun in the ApacheBench module - if this is enabled, it may allow arbitrary code execution. A further vulnerability exists in the shared memory scoreboard, but this is only exploitable by a local user. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version, or apply a patch. Workaround : Set UseCanonicalName to On and disable ApacheBench | ||||
| References | CVE-2002-0840 CVE-2002-0839 CVE-2002-0843 | ||||
| Systems | www.example.com (192.168.0.112)
|
|---|
|
Vulnerability
| 11267 | OpenSSL < 0.9.6j, 0.9.7b Password Interception
| 1 System | Medium Risk |
|---|
| Description | According to its banner, the remote host is using a version of OpenSSL which is older than 0.9.6j or 0.9.7b. This version is vulnerable to a timing based attack which may allow an attacker to guess the content of fixed data blocks, such as passwords or credit card numbers. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version | ||||
| References | CVE-1999-0428 CVE-2003-0078 CVE-2003-0131 CVE-2003-0147 | ||||
| Systems | www.example.com (192.168.0.112)
|
|---|
|
Vulnerability
| 11039 | Apache mod_ssl < 2.8.10 off by one Vulnerability | 1 System | Medium Risk |
|---|
| Description | This system is running a vulnerable version of the mod_ssl Apache module. There is an "off by one" buffer overrun in code related to parsing configuration. A local user with control over .htaccess files could use this to crash the service or take control of the system. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version, or apply a patch. | ||||
| References | CVE-2002-0653 Securiteam advisory Bugtraq ID 5084 | ||||
| Systems | www.example.com (192.168.0.112)
|
|---|
|
Vulnerability
| 10021 | Identd enabled | 1 System | Low Risk |
|---|
| Description | The ident service appears to be running on the remote host. This service provides sensitive information to an attacker, allowing them to enumerate which accounts are running which services. | ||||
|---|---|---|---|---|---|
| Solution | Disable this service or restrict it to trusted IP addresses | ||||
| References | CVE-1999-0629 | ||||
| Systems | dns0.example.com (192.168.0.110)
|
|---|
|
Vulnerability
| 10882 | SSH Protocol Version 1 Enabled | 1 System | Low Risk |
|---|
| Description | This system is running an SSH service with SSH protocol version 1 enabled. This version of the protocols is not completely cryptographically secure. A passive eavesdropper could use these weaknesses to extract information such as the lengths of passwords and commands. | ||||
|---|---|---|---|---|---|
| Solution | Configure your SSH service to only use protocol version 2. For OpenSSH, set the 'Protocol' option to '2'. | ||||
| References | CVE-2001-0572 | ||||
| CVSS Score | 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N) | ||||
| Systems | www.yourcompany.net (192.168.0.102)
|
|---|
|
Vulnerability
| 11915 | Apache < 1.3.29 Multiple Local Flaws | 1 System | Low Risk |
|---|
| Description | This system is running a vulnerable version of Apache, according to its banner. This version contains buffer overruns in mod_alias and mod_rewrite. A local user could exploit these to escalate their privileges. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version, or apply a patch. | ||||
| References | Bugtraq CVE-2003-0542 | ||||
| Systems | www.example.com (192.168.0.112)
|
|---|