Upload
pkboy2012
View
93
Download
3
Tags:
Embed Size (px)
DESCRIPTION
Nessus scan.
Citation preview
Nessus ReportNessus Scan Report
08/Aug/2013:13:22:55
HomeFeed: Commercial use of the report is prohibited
Any time Nessus is used in a commercial environment you MUST maintain an activesubscription to the ProfessionalFeed in order to be compliant with our license agreement:http://www.nessus.org/products/nessus-professionalfeed
Table Of ContentsHosts Summary (Executive).................................................................................................3
•ascultimuzica.com........................................................................................................................................................4
Vulnerabilities By Host......................................................................................................... 6
•ascultimuzica.com........................................................................................................................................................7
Vulnerabilities By Plugin.....................................................................................................25
•58987 (1) - PHP Unsupported Version Detection.................................................................................................... 26
•57537 (1) - PHP < 5.3.9 Multiple Vulnerabilities...................................................................................................... 27
•58966 (1) - PHP < 5.3.11 Multiple Vulnerabilities.................................................................................................... 29
•58988 (1) - PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution.......................................................................31
•10079 (1) - Anonymous FTP Enabled......................................................................................................................32
•11213 (1) - HTTP TRACE / TRACK Methods Allowed............................................................................................ 33
•26194 (1) - Web Server Uses Plain Text Authentication Forms.............................................................................. 35
•34324 (1) - FTP Supports Clear Text Authentication............................................................................................... 36
•11219 (2) - Nessus SYN scanner.............................................................................................................................37
•10092 (1) - FTP Server Detection............................................................................................................................ 38
•10107 (1) - HTTP Server Type and Version............................................................................................................ 39
•10287 (1) - Traceroute Information...........................................................................................................................40
•10662 (1) - Web mirroring........................................................................................................................................ 41
•11032 (1) - Web Server Directory Enumeration.......................................................................................................42
•12053 (1) - Host Fully Qualified Domain Name (FQDN) Resolution........................................................................43
•19506 (1) - Nessus Scan Information.......................................................................................................................44
•21642 (1) - Session Initiation Protocol Detection..................................................................................................... 45
•22964 (1) - Service Detection...................................................................................................................................46
•24260 (1) - HyperText Transfer Protocol (HTTP) Information..................................................................................47
•39463 (1) - HTTP Server Cookies Set..................................................................................................................... 48
•42057 (1) - Web Server Allows Password Auto-Completion....................................................................................49
•43111 (1) - HTTP Methods Allowed (per directory)................................................................................................. 50
•45590 (1) - Common Platform Enumeration (CPE)..................................................................................................51
•46180 (1) - Additional DNS Hostnames................................................................................................................... 52
•49704 (1) - External URLs........................................................................................................................................53
•50350 (1) - OS Identification Failed..........................................................................................................................54
•59861 (1) - Remote web server screenshot.............................................................................................................55
•66334 (1) - Patch Report..........................................................................................................................................56
Hosts Summary (Executive)
4
ascultimuzica.comSummary
Critical High Medium Low Info Total
1 3 2 2 20 28
Details
Severity Plugin Id Name
Critical (10.0) 58987 PHP Unsupported Version Detection
High (8.3) 58988 PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution
High (7.5) 57537 PHP < 5.3.9 Multiple Vulnerabilities
High (7.5) 58966 PHP < 5.3.11 Multiple Vulnerabilities
Medium (5.0) 10079 Anonymous FTP Enabled
Medium (4.3) 11213 HTTP TRACE / TRACK Methods Allowed
Low (2.6) 26194 Web Server Uses Plain Text Authentication Forms
Low (2.6) 34324 FTP Supports Clear Text Authentication
Info 10092 FTP Server Detection
Info 10107 HTTP Server Type and Version
Info 10287 Traceroute Information
Info 10662 Web mirroring
Info 11032 Web Server Directory Enumeration
Info 11219 Nessus SYN scanner
Info 12053 Host Fully Qualified Domain Name (FQDN) Resolution
Info 19506 Nessus Scan Information
Info 21642 Session Initiation Protocol Detection
Info 22964 Service Detection
Info 24260 HyperText Transfer Protocol (HTTP) Information
Info 39463 HTTP Server Cookies Set
Info 42057 Web Server Allows Password Auto-Completion
Info 43111 HTTP Methods Allowed (per directory)
Info 45590 Common Platform Enumeration (CPE)
Info 46180 Additional DNS Hostnames
Info 49704 External URLs
Info 50350 OS Identification Failed
5
Info 59861 Remote web server screenshot
Info 66334 Patch Report
Vulnerabilities By Host
7
ascultimuzica.comScan Information
Start time: Thu Aug 8 13:13:20 2013
End time: Thu Aug 8 13:22:48 2013
Host Information
DNS Name: ascultimuzica.com
IP: 81.169.145.154
Results Summary
Critical High Medium Low Info Total
1 3 2 2 21 29
Results Details0/tcp12053 - Host Fully Qualified Domain Name (FQDN) ResolutionSynopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the FQDN of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2004/02/11, Modification date: 2012/09/28
Portstcp/0
81.169.145.154 resolves as ascultimuzica.com.
46180 - Additional DNS HostnamesSynopsis
Potential virtual hosts have been detected.
Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Different web serversmay be hosted on name- based virtual hosts.
See Also
http://en.wikipedia.org/wiki/Virtual_hosting
Solution
If you want to test them, re-scan using the special vhost syntax, such as :www.example.com[192.0.32.10]
Risk Factor
None
Plugin Information:
Publication date: 2010/04/29, Modification date: 2013/01/21
Portstcp/0
The following hostnames point to the remote host:
8
- www.ascultimuzica.com
50350 - OS Identification FailedSynopsis
It was not possible to determine the remote operating system.
Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc), it was possible to gather one or morefingerprints from the remote system. Unfortunately, though, Nessus does not currently know how to use them toidentify the overall system.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2010/10/26, Modification date: 2012/02/23
Portstcp/0
Help us improve OS fingerprinting by sending the followingsignatures to : [email protected] Be sure to include a brief description of the device itself, such asthe actual operating system or product / model names. HTTP:!:Server: Apache/2.2.25 (Unix)SinFP:!: P1:B11113:F0x12:W1608:O0:M0: P2:B11113:F0x12:W4236:O0204ffff0103030004020000:M1412: P3:B00000:F0x00:W0:O0:M0 P4:5200_7_p=21R
45590 - Common Platform Enumeration (CPE)Synopsis
It is possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matchesfor various hardware and software products found on a host.Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on theinformation available from the scan.
See Also
http://cpe.mitre.org/
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2010/04/21, Modification date: 2013/05/13
Portstcp/0
Following application CPE's matched on the remote system : cpe:/a:apache:http_server:2.2.25 -> Apache Software Foundation Apache HTTP Server 2.2.25 cpe:/a:php:php:5.2.17 -> PHP 5.2.17
66334 - Patch Report
9
Synopsis
The remote host is missing several patches
Description
The remote host is missing one or several security patches.This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.
Solution
Install the patches listed below
Risk Factor
None
Plugin Information:
Publication date: 2013/05/07, Modification date: 2013/07/17
Portstcp/0
. You need to take the following action:[ PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution (58988) ] + Action to take: Upgrade to PHP version 5.3.12 / 5.4.2 or later. A 'mod_rewrite' workaround is available as well. + Impact: Taking this action will resolve 11 different vulnerabilities (CVEs).
19506 - Nessus Scan InformationSynopsis
Information about the Nessus scan.
Description
This script displays, for each tested host, information about the scan itself :- The version of the plugin set- The type of plugin feed (HomeFeed or ProfessionalFeed)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2005/08/26, Modification date: 2013/05/31
Portstcp/0
Information about this scan : Nessus version : 5.2.1Plugin feed version : 201308080515Type of plugin feed : HomeFeed (Non-commercial use only)Scanner IP : 192.168.1.3Port scanner(s) : nessus_syn_scanner Port range : 1-65535Thorough tests : no
10
Experimental tests : noParanoia level : 1Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : NoneCGI scanning : enabledWeb application tests : disabledMax hosts : 80Max checks : 5Recv timeout : 5Backports : NoneAllow post-scan editing: YesScan Start Date : 2013/8/8 13:13Scan duration : 564 sec
0/udp10287 - Traceroute InformationSynopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 1999/11/27, Modification date: 2013/04/11
Portsudp/0
For your information, here is the traceroute from 192.168.1.3 to 81.169.145.154 : 192.168.1.3192.168.1.189.121.147.25410.0.225.4910.0.245.20110.0.240.23880.81.193.11081.169.144.3481.169.145.154
21/tcp10079 - Anonymous FTP EnabledSynopsis
Anonymous logins are allowed on the remote FTP server.
Description
This FTP service allows anonymous logins. Any remote user may connect and authenticate without providing apassword or unique credentials. This allows a user to access any files made available on the FTP server.
Solution
Disable anonymous FTP if it is not required. Routinely check the FTP server to ensure sensitive content is notavailable.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
CVE CVE-1999-0497
11
XREF OSVDB:69
Plugin Information:
Publication date: 1999/06/22, Modification date: 2013/01/25
Portstcp/2134324 - FTP Supports Clear Text AuthenticationSynopsis
Authentication credentials might be intercepted.
Description
The remote FTP server allows the user's name and password to be transmitted in clear text, which could beintercepted by a network sniffer or a man-in-the-middle attack.
Solution
Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In the latter case, configure the server so thatcontrol connections are encrypted.
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
References
XREF CWE:522
XREF CWE:523
Plugin Information:
Publication date: 2008/10/01, Modification date: 2013/01/25
Portstcp/21
This FTP server does not support 'AUTH TLS'.
11219 - Nessus SYN scannerSynopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/08/07
Portstcp/21
Port 21/tcp was found to be open
10092 - FTP Server DetectionSynopsis
An FTP server is listening on this port.
Description
12
It is possible to obtain the banner of the remote FTP server by connecting to the remote port.
Solution
N/A
Risk Factor
None
Plugin Information:
Publication date: 1999/10/12, Modification date: 2013/03/08
Portstcp/21
The remote FTP banner is : 220 Speak friend, and enter
80/tcp58987 - PHP Unsupported Version DetectionSynopsis
The remote host contains an unsupported version of a web application scripting language.
Description
According to its version, the installation of PHP on the remote host is no longer supported. As a result, it is likely tocontain security vulnerabilities.
See Also
https://wiki.php.net/rfc/releaseprocess
Solution
Upgrade to a version of PHP that is currently supported.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information:
Publication date: 2012/05/04, Modification date: 2012/08/28
Portstcp/80
Source : X-Powered-By: PHP/5.2.17 Installed version : 5.2.17 End of support date : 2011/12/16 Announcement : http://www.php.net/archive/2010.php Supported versions : 5.3.x / 5.4.x
58966 - PHP < 5.3.11 Multiple VulnerabilitiesSynopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP installed on the remote host is earlier than 5.3.11, and as such ispotentially affected by multiple vulnerabilities :- During the import of environment variables, temporary changes to the 'magic_quotes_gpc' directive are not handledproperly. This can lower the difficulty for SQL injection attacks. (CVE-2012-0831)- The '$_FILES' variable can be corrupted because the names of uploaded files are not properly validated.(CVE-2012-1172)- The 'open_basedir' directive is not properly handled by the functions 'readline_write_history' and'readline_read_history'.- The 'header()' function does not detect multi-line headers with a CR. (Bug #60227 / CVE-2011-1398)
See Also
13
http://www.nessus.org/u?e81d4026
https://bugs.php.net/bug.php?id=61043
https://bugs.php.net/bug.php?id=54374
https://bugs.php.net/bug.php?id=60227
http://marc.info/?l=oss-security&m=134626481806571&w=2
http://www.php.net/archive/2012.php#id2012-04-26-1
http://www.php.net/ChangeLog-5.php#5.3.11
Solution
Upgrade to PHP version 5.3.11 or later.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
6.2 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
BID 51954
BID 53403
BID 55297
CVE CVE-2011-1398
CVE CVE-2012-0831
CVE CVE-2012-1172
XREF OSVDB:79017
XREF OSVDB:81791
XREF OSVDB:85086
Plugin Information:
Publication date: 2012/05/02, Modification date: 2013/08/06
Portstcp/80
Version source : X-Powered-By: PHP/5.2.17 Installed version : 5.2.17 Fixed version : 5.3.11
58988 - PHP < 5.3.12 / 5.4.2 CGI Query String Code ExecutionSynopsis
The remote web server uses a version of PHP that is affected by a remote code execution vulnerability.
Description
According to its banner, the version of PHP installed on the remote host is earlier than 5.3.12 / 5.4.2, and as such ispotentially affected by a remote code execution and information disclosure vulnerability.An error in the file 'sapi/cgi/cgi_main.c' can allow a remote attacker to obtain PHP source code from the web serveror to potentially execute arbitrary code. In vulnerable configurations, PHP treats certain query string parameters ascommand line arguments including switches such as '-s', '-d', and '-c'.
14
Note that this vulnerability is exploitable only when PHP is used in CGI-based configurations. Apache with 'mod_php'is not an exploitable configuration.
See Also
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
https://bugs.php.net/bug.php?id=61910
http://www.php.net/archive/2012.php#id2012-05-03-1
http://www.php.net/ChangeLog-5.php#5.3.12
http://www.php.net/ChangeLog-5.php#5.4.2
Solution
Upgrade to PHP version 5.3.12 / 5.4.2 or later. A 'mod_rewrite'workaround is available as well.
Risk Factor
High
CVSS Base Score
8.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:P/A:P)
CVSS Temporal Score
6.9 (CVSS2#AV:N/AC:M/Au:N/C:C/I:P/A:P)
References
BID 53388
CVE CVE-2012-1823
XREF OSVDB:81633
XREF CERT:520827
Exploitable with
CANVAS (true)Core Impact (true)Metasploit (true)
Plugin Information:
Publication date: 2012/05/04, Modification date: 2012/12/28
Portstcp/80
Version source : X-Powered-By: PHP/5.2.17 Installed version : 5.2.17 Fixed version : 5.3.12 / 5.4.2
57537 - PHP < 5.3.9 Multiple VulnerabilitiesSynopsis
The remote web server uses a version of PHP that is affected by multiple flaws.
Description
According to its banner, the version of PHP installed on the remote host is older than 5.3.9. As such, it may beaffected by the following security issues :- The 'is_a()' function in PHP 5.3.7 and 5.3.8 triggers a call to '__autoload()'. (CVE-2011-3379)- It is possible to create a denial of service condition by sending multiple, specially crafted requests containingparameter values that cause hash collisions when computing the hash values for storage in a hash table.(CVE-2011-4885)- An integer overflow exists in the exif_process_IFD_TAG function in exif.c that can allow a remote attacker to readarbitrary memory locations or cause a denial of service condition. This vulnerability only affects PHP 5.4.0beta2 on 32-bit platforms. (CVE-2011-4566)- Calls to libxslt are not restricted via xsltSetSecurityPrefs(), which could allow an attacker to create or overwrite files,resulting in arbitrary code execution. (CVE-2012-0057)
15
- An error exists in the function 'tidy_diagnose' that can allow an attacker to cause the application to dereference a nullpointer. This causes the application to crash. (CVE-2012-0781)- The 'PDORow' implementation contains an error that can cause application crashes when interacting with thesession feature. (CVE-2012-0788)- An error exists in the timezone handling such that repeated calls to the function 'strtotime' can allow a denial ofservice attack via memory consumption.(CVE-2012-0789)
See Also
http://xhe.myxwiki.org/xwiki/bin/view/XSLT/Application_PHP5
http://www.php.net/archive/2012.php#id2012-01-11-1
http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html
https://bugs.php.net/bug.php?id=55475
https://bugs.php.net/bug.php?id=55776
https://bugs.php.net/bug.php?id=53502
http://www.php.net/ChangeLog-5.php#5.3.9
Solution
Upgrade to PHP version 5.3.9 or later.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
6.2 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
BID 49754
BID 50907
BID 51193
BID 51806
BID 51952
BID 51992
BID 52043
CVE CVE-2011-3379
CVE CVE-2011-4566
CVE CVE-2011-4885
CVE CVE-2012-0057
CVE CVE-2012-0781
CVE CVE-2012-0788
CVE CVE-2012-0789
16
XREF OSVDB:75713
XREF OSVDB:77446
XREF OSVDB:78115
XREF OSVDB:78571
XREF OSVDB:78676
XREF OSVDB:79016
XREF OSVDB:79332
Plugin Information:
Publication date: 2012/01/13, Modification date: 2013/08/06
Portstcp/80
Version source : X-Powered-By: PHP/5.2.17 Installed version : 5.2.17 Fixed version : 5.3.9
11213 - HTTP TRACE / TRACK Methods AllowedSynopsis
Debugging functions are enabled on the remote web server.
Description
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods thatare used to debug web server connections.
See Also
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
http://www.apacheweek.com/issues/03-01-24
http://download.oracle.com/sunalerts/1000718.1.html
Solution
Disable these methods. Refer to the plugin output for more information.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
3.9 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
References
BID 9506
BID 9561
BID 11604
BID 33374
BID 37995
CVE CVE-2003-1567
17
CVE CVE-2004-2320
CVE CVE-2010-0386
XREF OSVDB:877
XREF OSVDB:3726
XREF OSVDB:5648
XREF OSVDB:50485
XREF CERT:288308
XREF CERT:867593
XREF CWE:16
Exploitable with
Metasploit (true)
Plugin Information:
Publication date: 2003/01/23, Modification date: 2013/03/29
Portstcp/80
To disable these methods, add the following lines for each virtualhost in your configuration file : RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2support disabling the TRACE method natively via the 'TraceEnable'directive. Nessus sent the following TRACE request : ------------------------------ snip ------------------------------TRACE /Nessus1625581356.html HTTP/1.1Connection: CloseHost: ascultimuzica.comPragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*Accept-Language: enAccept-Charset: iso-8859-1,*,utf-8 ------------------------------ snip ------------------------------ and received the following response from the remote server : ------------------------------ snip ------------------------------HTTP/1.1 200 OKDate: Thu, 08 Aug 2013 10:19:09 GMTServer: Apache/2.2.25 (Unix)Keep-Alive: timeout=3, max=100Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: message/http TRACE /Nessus1625581356.html HTTP/1.1Connection: Keep-AliveHost: ascultimuzica.comPragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
18
Accept-Language: enAccept-Charset: iso-8859-1,*,utf-8 ------------------------------ snip ------------------------------
26194 - Web Server Uses Plain Text Authentication FormsSynopsis
The remote web server might transmit credentials in cleartext.
Description
The remote web server contains several HTML form fields containing an input of type 'password' which transmit theirinformation to a remote web server in cleartext.An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of validusers.
Solution
Make sure that every sensitive form transmits content over HTTPS.
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
References
XREF CWE:522
XREF CWE:523
XREF CWE:718
XREF CWE:724
Plugin Information:
Publication date: 2007/09/28, Modification date: 2011/09/15
Portstcp/80
Page : /Destination page : http://www.ascultimuzica.com/login.phpInput name : pass Page : /articlesDestination page : http://www.ascultimuzica.com/login.phpInput name : pass Page : /register.phpDestination page : register.htmlInput name : passInput name : confirm_pass Page : /test/Destination page : http://www.ascultimuzica.com/test/login.phpInput name : pass Page : /test/?D=ADestination page : http://www.ascultimuzica.com/test/login.phpInput name : pass
11219 - Nessus SYN scannerSynopsis
It is possible to determine which TCP ports are open.
Description
19
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/08/07
Portstcp/80
Port 80/tcp was found to be open
22964 - Service DetectionSynopsis
The remote service could be identified.
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receivesan HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/08/19, Modification date: 2013/07/02
Portstcp/80
A web server is running on this port.
11032 - Web Server Directory EnumerationSynopsis
It is possible to enumerate directories on the web server.
Description
This plugin attempts to determine the presence of various common directories on the remote web server. By sendinga request for a directory, the web server response code indicates if it is a valid directory or not.
See Also
http://projects.webappsec.org/Predictable-Resource-Location
Solution
n/a
Risk Factor
None
References
XREF OWASP:OWASP-CM-006
Plugin Information:
Publication date: 2002/06/26, Modification date: 2013/04/02
Portstcp/80
The following directories were discovered:/include, /test, /js, /templates, /uploads, /articles
20
While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with companysecurity standards
10662 - Web mirroringSynopsis
Nessus crawled the remote web site.
Description
This script makes a mirror of the remote web site(s) and extracts the list of CGIs that are used by the remote host.It is suggested that you change the number of pages to mirror in the 'Options' section of the client.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2001/05/04, Modification date: 2013/04/11
Portstcp/80
The following CGI have been discovered : Syntax : cginame (arguments [default value]) /register.php (PHPSESSID [p86im77tsrvag1srm2hfsgn377] )/register.html (name [] gender [female] country [256] username [] pass [] confirm_pass...)/www.facebook.com/plugins/likebox.php (href [https://www.facebook.com/pages/Ascul%C8%9Bi-Muzic%C4%83/33421213...)
39463 - HTTP Server Cookies SetSynopsis
Some cookies have been set by the web server.
Description
HTTP cookies are pieces of information that are presented by web servers and are sent back by the browser.As HTTP is a stateless protocol, cookies are a possible mechanism to keep track of sessions.This plugin displays the list of the HTTP cookies that were set by the web server when it was crawled.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2009/06/19, Modification date: 2011/03/15
Portstcp/80
path = /test/name = watched_video_listvalue = MzczLDIyLDk%3Dversion = 1expires = Fri, 09-Aug-2013 10:17:41 GMTsecure = 0httponly = 0 path = /name = watched_video_listvalue = Mzczversion = 1expires = Fri, 09-Aug-2013 10:17:39 GMTsecure = 0
21
httponly = 0 path = /name = PHPSESSIDvalue = p86im77tsrvag1srm2hfsgn377version = 1secure = 0httponly = 0
49704 - External URLsSynopsis
Links to external sites were gathered.
Description
Nessus gathered HREF links to external sites by crawling the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2010/10/04, Modification date: 2011/08/19
Portstcp/80
108 external URLs were gathered on this web server : URL... - Seen on... http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js - /http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js - /test/http://dj-darky.com/wp-content/uploads/2013/08/reclama-ta.png - /http://dj-darky.com/wp-content/uploads/2013/08/reclama_ta_aici.gif - /http://i.ytimg.com/vi/BpWM0FNPZSs/0.jpg - /test/http://i.ytimg.com/vi/TuBMXS6vU3o/0.jpg - /test/http://i1.ytimg.com/vi/N06t7jOt-po/0.jpg - /http://i1.ytimg.com/vi/PUz-GF3Espc/0.jpg - /http://i1.ytimg.com/vi/U26CMLWPT14/0.jpg - /http://i1.ytimg.com/vi/fAkFo_vA2zM/0.jpg - /http://i1.ytimg.com/vi/o9qe1gEMoWU/0.jpg - /http://images.top66.ro/vote/9.gif - /http://img.youtube.com/vi/1NtHGg558s0/mqdefault.jpg - /test/http://img.youtube.com/vi/4U8EMvwsXbY/mqdefault.jpg - /test/http://img.youtube.com/vi/5KyAJeut3pI/mqdefault.jpg - /test/http://img.youtube.com/vi/614SeKAPN_A/1.jpg - /http://img.youtube.com/vi/63Gb5mng6mg/mqdefault.jpg - /test/http://img.youtube.com/vi/6Y5GUWOZl7o/1.jpg - /http://img.youtube.com/vi/71jBcH_MXXc/mqdefault.jpg - /test/http://img.youtube.com/vi/9RMdehcw9Jo/1.jpg - /http://img.youtube.com/vi/CKvzkrcBDuM/mqdefault.jpg - /test/http://img.youtube.com/vi/CQ0xSySTl6I/mqdefault.jpg - /test/http://img.youtube.com/vi/DQfBJsDD30c/1.jpg - /http://img.youtube.com/vi/GwkbEhAvNRY/1.jpg - /http://img.youtube.com/vi/IezSOT-trR4/1.jpg - /http://img.youtube.com/vi/Levc-PFeUcg/mqdefault.jpg - /test/http://img.youtube.com/vi/LjwPZdj-z4A/mqdefault.jpg - /test/http://img.youtube.com/vi/LpwNwzypZQ4/mqdefault.jpg - /test/http://img.youtube.com/vi/NGka248okZU/1.jpg - /http://img.youtube.com/vi/OopYn4DnHfM/1.jpg - /http://img.youtube.com/vi/PxdqMd1fa80/1.jpg - /http://img.youtube.com/vi/QYU3SFL1ybw/1.jpg - /http://img.youtube.com/vi/R4UOteuzkjM/1.jpg - /http://img.youtube.com/vi/RH2lko-9M6g/mqdefault.jpg - /test/http://img.youtube.com/vi/X3yAmFb99z4/mqdefault.jpg - /test/http://img.youtube.com/vi/Xg5KjmSV [...]
42057 - Web Server Allows Password Auto-CompletionSynopsis
22
Auto-complete is not disabled on password fields.
Description
The remote web server contains at least HTML form field containing an input of type 'password' where 'autocomplete'is not set to 'off'.While this does not represent a risk to this web server per se, it does mean that users who use the affected forms mayhave their credentials saved in their browsers, which could in turn lead to a loss of confidentiality if any of them use ashared host or their machine is compromised at some point.
Solution
Add the attribute 'autocomplete=off' to these fields to prevent browsers from caching credentials.
Risk Factor
None
Plugin Information:
Publication date: 2009/10/07, Modification date: 2011/09/28
Portstcp/80
Page : /Destination Page : http://www.ascultimuzica.com/login.phpInput name : pass Page : /articlesDestination Page : http://www.ascultimuzica.com/login.phpInput name : pass Page : /register.phpDestination Page : register.htmlInput name : passInput name : confirm_pass
10107 - HTTP Server Type and VersionSynopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2000/01/04, Modification date: 2013/06/03
Portstcp/80
The remote web server type is : Apache/2.2.25 (Unix) You can set the directive 'ServerTokens Prod' to limit the informationemanating from the server in its response headers.
43111 - HTTP Methods Allowed (per directory)
23
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests'is set to 'yes'in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receivesa response code of 400, 403, 405, or 501.Note that the plugin output is only informational and does not necessarily indicate the presence of any securityvulnerabilities.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2009/12/10, Modification date: 2013/05/09
Portstcp/80
Based on the response to an OPTIONS request : - HTTP methods GET HEAD OPTIONS POST TRACE are allowed on : /include /js /templates /uploads /www.facebook.com/plugins
24260 - HyperText Transfer Protocol (HTTP) InformationSynopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive andHTTP pipelining are enabled, etc...This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/01/30, Modification date: 2011/05/31
Portstcp/80
Protocol version : HTTP/1.1SSL : noKeep-Alive : yesOptions allowed : (Not implemented)Headers : Date: Thu, 08 Aug 2013 10:19:14 GMT Server: Apache/2.2.25 (Unix) X-Powered-By: PHP/5.2.17 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: watched_video_list=MTM5LDQ4; expires=Fri, 09-Aug-2013 10:19:14 GMT; path=/
24
Keep-Alive: timeout=3, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8
59861 - Remote web server screenshotSynopsis
It was possible to take a 'screenshot' of the remote web server.
Description
This test renders the view of the remote web site's main page, as seen from within a web browser.This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2013/03/29, Modification date: 2013/07/11
Portstcp/80
It was possible to gather the following screenshot of the remote web site.
5060/udp21642 - Session Initiation Protocol DetectionSynopsis
The remote system is a SIP signaling device.
Description
The remote system is running software that speaks the Session Initiation Protocol (SIP).SIP is a messaging protocol to initiate communication sessions between systems. It is a protocol used mostly in IPTelephony networks / systems to setup, control, and teardown sessions between two or more systems.
See Also
http://en.wikipedia.org/wiki/Session_Initiation_Protocol
Solution
If possible, filter incoming connections to the port so that it is used by trusted sources only.
Risk Factor
None
Plugin Information:
Publication date: 2003/12/29, Modification date: 2013/02/14
Portsudp/5060
Nessus found an unidentified SIP service.
Vulnerabilities By Plugin
26
58987 (1) - PHP Unsupported Version DetectionSynopsis
The remote host contains an unsupported version of a web application scripting language.
Description
According to its version, the installation of PHP on the remote host is no longer supported. As a result, it is likely tocontain security vulnerabilities.
See Also
https://wiki.php.net/rfc/releaseprocess
Solution
Upgrade to a version of PHP that is currently supported.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information:
Publication date: 2012/05/04, Modification date: 2012/08/28
Hostsascultimuzica.com (tcp/80)
Source : X-Powered-By: PHP/5.2.17 Installed version : 5.2.17 End of support date : 2011/12/16 Announcement : http://www.php.net/archive/2010.php Supported versions : 5.3.x / 5.4.x
27
57537 (1) - PHP < 5.3.9 Multiple VulnerabilitiesSynopsis
The remote web server uses a version of PHP that is affected by multiple flaws.
Description
According to its banner, the version of PHP installed on the remote host is older than 5.3.9. As such, it may beaffected by the following security issues :- The 'is_a()' function in PHP 5.3.7 and 5.3.8 triggers a call to '__autoload()'. (CVE-2011-3379)- It is possible to create a denial of service condition by sending multiple, specially crafted requests containingparameter values that cause hash collisions when computing the hash values for storage in a hash table.(CVE-2011-4885)- An integer overflow exists in the exif_process_IFD_TAG function in exif.c that can allow a remote attacker to readarbitrary memory locations or cause a denial of service condition. This vulnerability only affects PHP 5.4.0beta2 on 32-bit platforms. (CVE-2011-4566)- Calls to libxslt are not restricted via xsltSetSecurityPrefs(), which could allow an attacker to create or overwrite files,resulting in arbitrary code execution. (CVE-2012-0057)- An error exists in the function 'tidy_diagnose' that can allow an attacker to cause the application to dereference a nullpointer. This causes the application to crash. (CVE-2012-0781)- The 'PDORow' implementation contains an error that can cause application crashes when interacting with thesession feature. (CVE-2012-0788)- An error exists in the timezone handling such that repeated calls to the function 'strtotime' can allow a denial ofservice attack via memory consumption.(CVE-2012-0789)
See Also
http://xhe.myxwiki.org/xwiki/bin/view/XSLT/Application_PHP5
http://www.php.net/archive/2012.php#id2012-01-11-1
http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html
https://bugs.php.net/bug.php?id=55475
https://bugs.php.net/bug.php?id=55776
https://bugs.php.net/bug.php?id=53502
http://www.php.net/ChangeLog-5.php#5.3.9
Solution
Upgrade to PHP version 5.3.9 or later.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
6.2 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
BID 49754
BID 50907
BID 51193
BID 51806
BID 51952
28
BID 51992
BID 52043
CVE CVE-2011-3379
CVE CVE-2011-4566
CVE CVE-2011-4885
CVE CVE-2012-0057
CVE CVE-2012-0781
CVE CVE-2012-0788
CVE CVE-2012-0789
XREF OSVDB:75713
XREF OSVDB:77446
XREF OSVDB:78115
XREF OSVDB:78571
XREF OSVDB:78676
XREF OSVDB:79016
XREF OSVDB:79332
Plugin Information:
Publication date: 2012/01/13, Modification date: 2013/08/06
Hostsascultimuzica.com (tcp/80)
Version source : X-Powered-By: PHP/5.2.17 Installed version : 5.2.17 Fixed version : 5.3.9
29
58966 (1) - PHP < 5.3.11 Multiple VulnerabilitiesSynopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP installed on the remote host is earlier than 5.3.11, and as such ispotentially affected by multiple vulnerabilities :- During the import of environment variables, temporary changes to the 'magic_quotes_gpc' directive are not handledproperly. This can lower the difficulty for SQL injection attacks. (CVE-2012-0831)- The '$_FILES' variable can be corrupted because the names of uploaded files are not properly validated.(CVE-2012-1172)- The 'open_basedir' directive is not properly handled by the functions 'readline_write_history' and'readline_read_history'.- The 'header()' function does not detect multi-line headers with a CR. (Bug #60227 / CVE-2011-1398)
See Also
http://www.nessus.org/u?e81d4026
https://bugs.php.net/bug.php?id=61043
https://bugs.php.net/bug.php?id=54374
https://bugs.php.net/bug.php?id=60227
http://marc.info/?l=oss-security&m=134626481806571&w=2
http://www.php.net/archive/2012.php#id2012-04-26-1
http://www.php.net/ChangeLog-5.php#5.3.11
Solution
Upgrade to PHP version 5.3.11 or later.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
6.2 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
BID 51954
BID 53403
BID 55297
CVE CVE-2011-1398
CVE CVE-2012-0831
CVE CVE-2012-1172
XREF OSVDB:79017
XREF OSVDB:81791
XREF OSVDB:85086
Plugin Information:
30
Publication date: 2012/05/02, Modification date: 2013/08/06
Hostsascultimuzica.com (tcp/80)
Version source : X-Powered-By: PHP/5.2.17 Installed version : 5.2.17 Fixed version : 5.3.11
31
58988 (1) - PHP < 5.3.12 / 5.4.2 CGI Query String Code ExecutionSynopsis
The remote web server uses a version of PHP that is affected by a remote code execution vulnerability.
Description
According to its banner, the version of PHP installed on the remote host is earlier than 5.3.12 / 5.4.2, and as such ispotentially affected by a remote code execution and information disclosure vulnerability.An error in the file 'sapi/cgi/cgi_main.c' can allow a remote attacker to obtain PHP source code from the web serveror to potentially execute arbitrary code. In vulnerable configurations, PHP treats certain query string parameters ascommand line arguments including switches such as '-s', '-d', and '-c'.Note that this vulnerability is exploitable only when PHP is used in CGI-based configurations. Apache with 'mod_php'is not an exploitable configuration.
See Also
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
https://bugs.php.net/bug.php?id=61910
http://www.php.net/archive/2012.php#id2012-05-03-1
http://www.php.net/ChangeLog-5.php#5.3.12
http://www.php.net/ChangeLog-5.php#5.4.2
Solution
Upgrade to PHP version 5.3.12 / 5.4.2 or later. A 'mod_rewrite'workaround is available as well.
Risk Factor
High
CVSS Base Score
8.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:P/A:P)
CVSS Temporal Score
6.9 (CVSS2#AV:N/AC:M/Au:N/C:C/I:P/A:P)
References
BID 53388
CVE CVE-2012-1823
XREF OSVDB:81633
XREF CERT:520827
Exploitable with
CANVAS (true)Core Impact (true)Metasploit (true)
Plugin Information:
Publication date: 2012/05/04, Modification date: 2012/12/28
Hostsascultimuzica.com (tcp/80)
Version source : X-Powered-By: PHP/5.2.17 Installed version : 5.2.17 Fixed version : 5.3.12 / 5.4.2
32
10079 (1) - Anonymous FTP EnabledSynopsis
Anonymous logins are allowed on the remote FTP server.
Description
This FTP service allows anonymous logins. Any remote user may connect and authenticate without providing apassword or unique credentials. This allows a user to access any files made available on the FTP server.
Solution
Disable anonymous FTP if it is not required. Routinely check the FTP server to ensure sensitive content is notavailable.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
CVE CVE-1999-0497
XREF OSVDB:69
Plugin Information:
Publication date: 1999/06/22, Modification date: 2013/01/25
Hostsascultimuzica.com (tcp/21)
33
11213 (1) - HTTP TRACE / TRACK Methods AllowedSynopsis
Debugging functions are enabled on the remote web server.
Description
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods thatare used to debug web server connections.
See Also
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
http://www.apacheweek.com/issues/03-01-24
http://download.oracle.com/sunalerts/1000718.1.html
Solution
Disable these methods. Refer to the plugin output for more information.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
3.9 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
References
BID 9506
BID 9561
BID 11604
BID 33374
BID 37995
CVE CVE-2003-1567
CVE CVE-2004-2320
CVE CVE-2010-0386
XREF OSVDB:877
XREF OSVDB:3726
XREF OSVDB:5648
XREF OSVDB:50485
XREF CERT:288308
XREF CERT:867593
XREF CWE:16
Exploitable with
Metasploit (true)
Plugin Information:
34
Publication date: 2003/01/23, Modification date: 2013/03/29
Hostsascultimuzica.com (tcp/80)
To disable these methods, add the following lines for each virtualhost in your configuration file : RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2support disabling the TRACE method natively via the 'TraceEnable'directive. Nessus sent the following TRACE request : ------------------------------ snip ------------------------------TRACE /Nessus1625581356.html HTTP/1.1Connection: CloseHost: ascultimuzica.comPragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*Accept-Language: enAccept-Charset: iso-8859-1,*,utf-8 ------------------------------ snip ------------------------------ and received the following response from the remote server : ------------------------------ snip ------------------------------HTTP/1.1 200 OKDate: Thu, 08 Aug 2013 10:19:09 GMTServer: Apache/2.2.25 (Unix)Keep-Alive: timeout=3, max=100Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: message/http TRACE /Nessus1625581356.html HTTP/1.1Connection: Keep-AliveHost: ascultimuzica.comPragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*Accept-Language: enAccept-Charset: iso-8859-1,*,utf-8 ------------------------------ snip ------------------------------
35
26194 (1) - Web Server Uses Plain Text Authentication FormsSynopsis
The remote web server might transmit credentials in cleartext.
Description
The remote web server contains several HTML form fields containing an input of type 'password' which transmit theirinformation to a remote web server in cleartext.An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of validusers.
Solution
Make sure that every sensitive form transmits content over HTTPS.
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
References
XREF CWE:522
XREF CWE:523
XREF CWE:718
XREF CWE:724
Plugin Information:
Publication date: 2007/09/28, Modification date: 2011/09/15
Hostsascultimuzica.com (tcp/80)
Page : /Destination page : http://www.ascultimuzica.com/login.phpInput name : pass Page : /articlesDestination page : http://www.ascultimuzica.com/login.phpInput name : pass Page : /register.phpDestination page : register.htmlInput name : passInput name : confirm_pass Page : /test/Destination page : http://www.ascultimuzica.com/test/login.phpInput name : pass Page : /test/?D=ADestination page : http://www.ascultimuzica.com/test/login.phpInput name : pass
36
34324 (1) - FTP Supports Clear Text AuthenticationSynopsis
Authentication credentials might be intercepted.
Description
The remote FTP server allows the user's name and password to be transmitted in clear text, which could beintercepted by a network sniffer or a man-in-the-middle attack.
Solution
Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In the latter case, configure the server so thatcontrol connections are encrypted.
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
References
XREF CWE:522
XREF CWE:523
Plugin Information:
Publication date: 2008/10/01, Modification date: 2013/01/25
Hostsascultimuzica.com (tcp/21)
This FTP server does not support 'AUTH TLS'.
37
11219 (2) - Nessus SYN scannerSynopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/08/07
Hostsascultimuzica.com (tcp/21)
Port 21/tcp was found to be open
ascultimuzica.com (tcp/80)
Port 80/tcp was found to be open
38
10092 (1) - FTP Server DetectionSynopsis
An FTP server is listening on this port.
Description
It is possible to obtain the banner of the remote FTP server by connecting to the remote port.
Solution
N/A
Risk Factor
None
Plugin Information:
Publication date: 1999/10/12, Modification date: 2013/03/08
Hostsascultimuzica.com (tcp/21)
The remote FTP banner is : 220 Speak friend, and enter
39
10107 (1) - HTTP Server Type and VersionSynopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2000/01/04, Modification date: 2013/06/03
Hostsascultimuzica.com (tcp/80)
The remote web server type is : Apache/2.2.25 (Unix) You can set the directive 'ServerTokens Prod' to limit the informationemanating from the server in its response headers.
40
10287 (1) - Traceroute InformationSynopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 1999/11/27, Modification date: 2013/04/11
Hostsascultimuzica.com (udp/0)
For your information, here is the traceroute from 192.168.1.3 to 81.169.145.154 : 192.168.1.3192.168.1.189.121.147.25410.0.225.4910.0.245.20110.0.240.23880.81.193.11081.169.144.3481.169.145.154
41
10662 (1) - Web mirroringSynopsis
Nessus crawled the remote web site.
Description
This script makes a mirror of the remote web site(s) and extracts the list of CGIs that are used by the remote host.It is suggested that you change the number of pages to mirror in the 'Options' section of the client.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2001/05/04, Modification date: 2013/04/11
Hostsascultimuzica.com (tcp/80)
The following CGI have been discovered : Syntax : cginame (arguments [default value]) /register.php (PHPSESSID [p86im77tsrvag1srm2hfsgn377] )/register.html (name [] gender [female] country [256] username [] pass [] confirm_pass...)/www.facebook.com/plugins/likebox.php (href [https://www.facebook.com/pages/Ascul%C8%9Bi-Muzic%C4%83/33421213...)
42
11032 (1) - Web Server Directory EnumerationSynopsis
It is possible to enumerate directories on the web server.
Description
This plugin attempts to determine the presence of various common directories on the remote web server. By sendinga request for a directory, the web server response code indicates if it is a valid directory or not.
See Also
http://projects.webappsec.org/Predictable-Resource-Location
Solution
n/a
Risk Factor
None
References
XREF OWASP:OWASP-CM-006
Plugin Information:
Publication date: 2002/06/26, Modification date: 2013/04/02
Hostsascultimuzica.com (tcp/80)
The following directories were discovered:/include, /test, /js, /templates, /uploads, /articles While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with companysecurity standards
43
12053 (1) - Host Fully Qualified Domain Name (FQDN) ResolutionSynopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the FQDN of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2004/02/11, Modification date: 2012/09/28
Hostsascultimuzica.com (tcp/0)
81.169.145.154 resolves as ascultimuzica.com.
44
19506 (1) - Nessus Scan InformationSynopsis
Information about the Nessus scan.
Description
This script displays, for each tested host, information about the scan itself :- The version of the plugin set- The type of plugin feed (HomeFeed or ProfessionalFeed)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2005/08/26, Modification date: 2013/05/31
Hostsascultimuzica.com (tcp/0)
Information about this scan : Nessus version : 5.2.1Plugin feed version : 201308080515Type of plugin feed : HomeFeed (Non-commercial use only)Scanner IP : 192.168.1.3Port scanner(s) : nessus_syn_scanner Port range : 1-65535Thorough tests : noExperimental tests : noParanoia level : 1Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : NoneCGI scanning : enabledWeb application tests : disabledMax hosts : 80Max checks : 5Recv timeout : 5Backports : NoneAllow post-scan editing: YesScan Start Date : 2013/8/8 13:13Scan duration : 564 sec
45
21642 (1) - Session Initiation Protocol DetectionSynopsis
The remote system is a SIP signaling device.
Description
The remote system is running software that speaks the Session Initiation Protocol (SIP).SIP is a messaging protocol to initiate communication sessions between systems. It is a protocol used mostly in IPTelephony networks / systems to setup, control, and teardown sessions between two or more systems.
See Also
http://en.wikipedia.org/wiki/Session_Initiation_Protocol
Solution
If possible, filter incoming connections to the port so that it is used by trusted sources only.
Risk Factor
None
Plugin Information:
Publication date: 2003/12/29, Modification date: 2013/02/14
Hostsascultimuzica.com (udp/5060)
Nessus found an unidentified SIP service.
46
22964 (1) - Service DetectionSynopsis
The remote service could be identified.
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receivesan HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/08/19, Modification date: 2013/07/02
Hostsascultimuzica.com (tcp/80)
A web server is running on this port.
47
24260 (1) - HyperText Transfer Protocol (HTTP) InformationSynopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive andHTTP pipelining are enabled, etc...This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/01/30, Modification date: 2011/05/31
Hostsascultimuzica.com (tcp/80)
Protocol version : HTTP/1.1SSL : noKeep-Alive : yesOptions allowed : (Not implemented)Headers : Date: Thu, 08 Aug 2013 10:19:14 GMT Server: Apache/2.2.25 (Unix) X-Powered-By: PHP/5.2.17 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: watched_video_list=MTM5LDQ4; expires=Fri, 09-Aug-2013 10:19:14 GMT; path=/ Keep-Alive: timeout=3, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8
48
39463 (1) - HTTP Server Cookies SetSynopsis
Some cookies have been set by the web server.
Description
HTTP cookies are pieces of information that are presented by web servers and are sent back by the browser.As HTTP is a stateless protocol, cookies are a possible mechanism to keep track of sessions.This plugin displays the list of the HTTP cookies that were set by the web server when it was crawled.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2009/06/19, Modification date: 2011/03/15
Hostsascultimuzica.com (tcp/80)
path = /test/name = watched_video_listvalue = MzczLDIyLDk%3Dversion = 1expires = Fri, 09-Aug-2013 10:17:41 GMTsecure = 0httponly = 0 path = /name = watched_video_listvalue = Mzczversion = 1expires = Fri, 09-Aug-2013 10:17:39 GMTsecure = 0httponly = 0 path = /name = PHPSESSIDvalue = p86im77tsrvag1srm2hfsgn377version = 1secure = 0httponly = 0
49
42057 (1) - Web Server Allows Password Auto-CompletionSynopsis
Auto-complete is not disabled on password fields.
Description
The remote web server contains at least HTML form field containing an input of type 'password' where 'autocomplete'is not set to 'off'.While this does not represent a risk to this web server per se, it does mean that users who use the affected forms mayhave their credentials saved in their browsers, which could in turn lead to a loss of confidentiality if any of them use ashared host or their machine is compromised at some point.
Solution
Add the attribute 'autocomplete=off' to these fields to prevent browsers from caching credentials.
Risk Factor
None
Plugin Information:
Publication date: 2009/10/07, Modification date: 2011/09/28
Hostsascultimuzica.com (tcp/80)
Page : /Destination Page : http://www.ascultimuzica.com/login.phpInput name : pass Page : /articlesDestination Page : http://www.ascultimuzica.com/login.phpInput name : pass Page : /register.phpDestination Page : register.htmlInput name : passInput name : confirm_pass
50
43111 (1) - HTTP Methods Allowed (per directory)Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests'is set to 'yes'in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receivesa response code of 400, 403, 405, or 501.Note that the plugin output is only informational and does not necessarily indicate the presence of any securityvulnerabilities.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2009/12/10, Modification date: 2013/05/09
Hostsascultimuzica.com (tcp/80)
Based on the response to an OPTIONS request : - HTTP methods GET HEAD OPTIONS POST TRACE are allowed on : /include /js /templates /uploads /www.facebook.com/plugins
51
45590 (1) - Common Platform Enumeration (CPE)Synopsis
It is possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matchesfor various hardware and software products found on a host.Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on theinformation available from the scan.
See Also
http://cpe.mitre.org/
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2010/04/21, Modification date: 2013/05/13
Hostsascultimuzica.com (tcp/0)
Following application CPE's matched on the remote system : cpe:/a:apache:http_server:2.2.25 -> Apache Software Foundation Apache HTTP Server 2.2.25 cpe:/a:php:php:5.2.17 -> PHP 5.2.17
52
46180 (1) - Additional DNS HostnamesSynopsis
Potential virtual hosts have been detected.
Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Different web serversmay be hosted on name- based virtual hosts.
See Also
http://en.wikipedia.org/wiki/Virtual_hosting
Solution
If you want to test them, re-scan using the special vhost syntax, such as :www.example.com[192.0.32.10]
Risk Factor
None
Plugin Information:
Publication date: 2010/04/29, Modification date: 2013/01/21
Hostsascultimuzica.com (tcp/0)
The following hostnames point to the remote host: - www.ascultimuzica.com
53
49704 (1) - External URLsSynopsis
Links to external sites were gathered.
Description
Nessus gathered HREF links to external sites by crawling the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2010/10/04, Modification date: 2011/08/19
Hostsascultimuzica.com (tcp/80)
108 external URLs were gathered on this web server : URL... - Seen on... http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js - /http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js - /test/http://dj-darky.com/wp-content/uploads/2013/08/reclama-ta.png - /http://dj-darky.com/wp-content/uploads/2013/08/reclama_ta_aici.gif - /http://i.ytimg.com/vi/BpWM0FNPZSs/0.jpg - /test/http://i.ytimg.com/vi/TuBMXS6vU3o/0.jpg - /test/http://i1.ytimg.com/vi/N06t7jOt-po/0.jpg - /http://i1.ytimg.com/vi/PUz-GF3Espc/0.jpg - /http://i1.ytimg.com/vi/U26CMLWPT14/0.jpg - /http://i1.ytimg.com/vi/fAkFo_vA2zM/0.jpg - /http://i1.ytimg.com/vi/o9qe1gEMoWU/0.jpg - /http://images.top66.ro/vote/9.gif - /http://img.youtube.com/vi/1NtHGg558s0/mqdefault.jpg - /test/http://img.youtube.com/vi/4U8EMvwsXbY/mqdefault.jpg - /test/http://img.youtube.com/vi/5KyAJeut3pI/mqdefault.jpg - /test/http://img.youtube.com/vi/614SeKAPN_A/1.jpg - /http://img.youtube.com/vi/63Gb5mng6mg/mqdefault.jpg - /test/http://img.youtube.com/vi/6Y5GUWOZl7o/1.jpg - /http://img.youtube.com/vi/71jBcH_MXXc/mqdefault.jpg - /test/http://img.youtube.com/vi/9RMdehcw9Jo/1.jpg - /http://img.youtube.com/vi/CKvzkrcBDuM/mqdefault.jpg - /test/http://img.youtube.com/vi/CQ0xSySTl6I/mqdefault.jpg - /test/http://img.youtube.com/vi/DQfBJsDD30c/1.jpg - /http://img.youtube.com/vi/GwkbEhAvNRY/1.jpg - /http://img.youtube.com/vi/IezSOT-trR4/1.jpg - /http://img.youtube.com/vi/Levc-PFeUcg/mqdefault.jpg - /test/http://img.youtube.com/vi/LjwPZdj-z4A/mqdefault.jpg - /test/http://img.youtube.com/vi/LpwNwzypZQ4/mqdefault.jpg - /test/http://img.youtube.com/vi/NGka248okZU/1.jpg - /http://img.youtube.com/vi/OopYn4DnHfM/1.jpg - /http://img.youtube.com/vi/PxdqMd1fa80/1.jpg - /http://img.youtube.com/vi/QYU3SFL1ybw/1.jpg - /http://img.youtube.com/vi/R4UOteuzkjM/1.jpg - /http://img.youtube.com/vi/RH2lko-9M6g/mqdefault.jpg - /test/http://img.youtube.com/vi/X3yAmFb99z4/mqdefault.jpg - /test/http://img.youtube.com/vi/Xg5KjmSV [...]
54
50350 (1) - OS Identification FailedSynopsis
It was not possible to determine the remote operating system.
Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc), it was possible to gather one or morefingerprints from the remote system. Unfortunately, though, Nessus does not currently know how to use them toidentify the overall system.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2010/10/26, Modification date: 2012/02/23
Hostsascultimuzica.com (tcp/0)
Help us improve OS fingerprinting by sending the followingsignatures to : [email protected] Be sure to include a brief description of the device itself, such asthe actual operating system or product / model names. HTTP:!:Server: Apache/2.2.25 (Unix)SinFP:!: P1:B11113:F0x12:W1608:O0:M0: P2:B11113:F0x12:W4236:O0204ffff0103030004020000:M1412: P3:B00000:F0x00:W0:O0:M0 P4:5200_7_p=21R
55
59861 (1) - Remote web server screenshotSynopsis
It was possible to take a 'screenshot' of the remote web server.
Description
This test renders the view of the remote web site's main page, as seen from within a web browser.This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2013/03/29, Modification date: 2013/07/11
Hostsascultimuzica.com (tcp/80)
It was possible to gather the following screenshot of the remote web site.
56
66334 (1) - Patch ReportSynopsis
The remote host is missing several patches
Description
The remote host is missing one or several security patches.This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.
Solution
Install the patches listed below
Risk Factor
None
Plugin Information:
Publication date: 2013/05/07, Modification date: 2013/07/17
Hostsascultimuzica.com (tcp/0)
. You need to take the following action:[ PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution (58988) ] + Action to take: Upgrade to PHP version 5.3.12 / 5.4.2 or later. A 'mod_rewrite' workaround is available as well. + Impact: Taking this action will resolve 11 different vulnerabilities (CVEs).