Report

Your Company Scan Results - April 2008

Global PCI Status: FAILED

Westpoint has determined that Your Company is NOT COMPLIANT with the PCI scan validation requirement.

21 26 16 15 19 1 4	High risk vulnerabilities found. Medium risk vulnerabilities found. Low risk vulnerabilities found. SANS vulnerabilities found. New vulnerabilities found. Urgent vulnerabilities found. Overdue vulnerabilities found.	9 3 0 9 12 8 1 3	Systems (45%) had high risk vulnerabilities. Systems (15%) had medium risk vulnerabilities. Systems (0%) had low risk vulnerabilities. Systems (45%) had SANS vulnerabilities. Systems (60%) failed PCI criteria. Systems (40%) passed PCI criteria. Systems (5%) had urgent vulnerabilities. Systems (15%) had overdue vulnerabilities.	Scan Type Start Date End Date Systems Scanned New Systems	Enterprise 13-Apr-08 11:54 13-Apr-08 21:31 20 2

Key	Increase	No change	Decrease	High Risk	Medium Risk	Low Risk	No Services	No Ports/Vulns	Not Subnet Scanned	PCI Mapping

Filter Hosts:

Host Name	IP Address	Report	Ports	Vulnerabilities
www.your_company.nl	192.168.0.103	View	7	11 (5 New)
www.yourcompany.co.uk	192.168.0.100	View	5	9 (5 New)
www.example.com	192.168.0.112	View	3	11 (4 New)
mail.example.com	192.168.0.111	View	8	5
dns0.example.com	192.168.0.110	View	5	4
sql1.manc.yourcompany.com	192.168.1.52	View	3	4
sql2.manc.yourcompany.com	192.168.1.53	View	2	4
www.yourcompany.com	192.168.0.101	View	12	2 (2 New)
www.your_company.fr	192.168.0.105	View	5	3 (3 New)
www.yourcompany.net	192.168.0.102	View	2	5
apollo.example.com	192.168.0.81	View	3	3
www.yourcompany.com.my	192.168.0.106	View	2	2
www1.manc.yourcompany.com	192.168.1.54	View	2	0
www2.manc.yourcompany.com	192.168.1.55	View	2	0
mail1.manc.yourcompany.com	192.168.1.50	View	1	0
mail2.manc.yourcompany.com	192.168.1.51	View	1	0
192.168.0.104	192.168.0.104	View	2	0
gopher.example.com	192.168.0.93	View	0	0
192.168.100.9	192.168.100.9	View	1	0
laptop.yourcompany.com	192.168.0.57	View	0	0

Host Name

IP Address

Critical

Report

Ports

Vulnerabilities

www.your_company.nl FAIL

192.168.0.103

View

11 (5 New)

www.yourcompany.co.uk FAIL

192.168.0.100

View

9 (5 New)

www.example.com FAIL

192.168.0.112

View

11 (4 New)

mail.example.com FAIL

192.168.0.111

View

dns0.example.com FAIL

192.168.0.110

View

sql1.manc.yourcompany.com FAIL

192.168.1.52

View

sql2.manc.yourcompany.com FAIL

192.168.1.53

View

www.yourcompany.com FAIL

192.168.0.101

View

2 (2 New)

www.your_company.fr FAIL

192.168.0.105

View

3 (3 New)

www.yourcompany.net FAIL

192.168.0.102

View

apollo.example.com FAIL

192.168.0.81

View

www.yourcompany.com.my FAIL

192.168.0.106

View

www1.manc.yourcompany.com PASS

192.168.1.54

View

www2.manc.yourcompany.com PASS

192.168.1.55

View

mail1.manc.yourcompany.com PASS

192.168.1.50

View

mail2.manc.yourcompany.com PASS

192.168.1.51

View

192.168.0.104 PASS

192.168.0.104

View

gopher.example.com PASS

192.168.0.93

View

192.168.100.9 PASS

192.168.100.9

View

laptop.yourcompany.com PASS

192.168.0.57

View

Frequency	Vulnerability	Severity
6	High Risk Ports Open	High Risk
3	SNMP Default Community Names	High Risk
1	IIS WebDAV Buffer Overrun	High Risk
1	MySQL Database Accessible Without Password	High Risk
1	Administration Interface with Weak Password	High Risk
1	Possible Compromise	High Risk
1	BIND < 8.2.3 Buffer Overrun	High Risk
1	Authentication Bypass Through Cookie Manipulation	High Risk
1	Apache < 1.3.26 Chunked Encoding Vulnerability	High Risk
1	IIS ASP.NET Application Trace Enabled	High Risk
1	Sendmail < 8.12.8 Buffer Overrun	High Risk
1	Sensitive Information Leakage	High Risk
1	Script Appears Vulnerable to SQL Injection	High Risk
1	Script Allows Arbitrary Command Execution	High Risk
2	Apache < 1.3.27 Multiple Vulnerabilities	Medium Risk
2	Cross-Site Scripting	Medium Risk
2	Globally Useable Name Server	Medium Risk
2	MySQL < 3.23.58, 4.0.15 Password Overflow	Medium Risk
2	MySQL < 3.23.56 Privilege Escalation	Medium Risk
1	OpenSSH < 3.6.1p2 PAM Timing Attack	Medium Risk
1	Lotus Domino < 5.0.9 Database Lock DoS	Medium Risk
1	MySQL < 3.23.55 Multiple Vulnerabilities	Medium Risk
1	SMTP Server Allows VRFY/EXPN	Medium Risk
1	Script Allows Arbitrary Redirection	Medium Risk
1	Apache < 1.3.31, 2.0.49 Multiple Vulnerabilities	Medium Risk
1	XPath Injection	Medium Risk
1	Lotus Domino Anonymous Database Access	Medium Risk
1	OpenSSL < 0.9.6m, 0.9.7d Multiple Vulnerabilities	Medium Risk
1	Weak or Ineffective Authentication Mechanism	Medium Risk
1	SSL Certificate Problems	Medium Risk
1	Apache mod_ssl < 2.8.10 off by one Vulnerability	Medium Risk
1	IIS .printer ISAPI Filter Enabled	Medium Risk
1	IIS global.asa Accessible	Medium Risk
1	DNS Zone Transfer	Medium Risk
1	Service Permits Unauthenticated Users to Send Arbitrary Emails	Medium Risk
3	TRACE and/or TRACK Methods Enabled	Low Risk
3	Holes Detected in Firewall Configuration	Low Risk
2	SSH Protocol Version 1 Enabled	Low Risk
2	Apache < 1.3.29 Multiple Local Flaws	Low Risk
1	NTP Information Leakage	Low Risk
1	DNS Cache Snooping	Low Risk
1	Apache mod_userdir Information Leak	Low Risk
1	Microsoft Frontpage Extensions Installed	Low Risk
1	Private IP Address Leakage	Low Risk
1	Script Calling phpinfo() Detected	Low Risk

This report was generated by a PCI Approved Scanning Vendor, Westpoint Ltd., under certificate number 3974-01-03, within the guidelines of the PCI data security initiative.

A mapping between the Westpoint vulnerability severity levels and those of the PCI documentation is provided in the glossary.

Your Company Scan Results - April 2008

Global PCI Status: FAILED

Systems

All Vulnerabilities