This report contains all 91 results selected by the filtering described above. Before filtering there were 91 results.

Transcription

1 Results: This document reports on the results of the Yarubo vulnerability scan. The report first summarises the results found. Then, for each host, the report describes every issue found. Please consider the advice given in each description, in order to rectify the issue. Vendor security updates are not trusted. Overrides are on. When a result has an override, this report uses the threat of the override. Notes are included in the report. This report might not show details of all issues that were found. It only lists hosts that produced issues. Issues with the threat level "Debug" are not shown. This report contains all 91 results selected by the filtering described above. Before filtering there were 91 results. Scan started: Thu Aug 29 03:00: Scan ended: Thu Aug 29 03:12: Host Summary Host Start End High Medium Low Log False Positive Aug 29, 03:01:02 Aug 29, 03:12: Total: Results per Host Host Scanning of this host started at: T03:01:02Z Number of results: 91 Port Summary for Host Service (Port) general/tcp daap (3689/tcp) http-alt (8080/tcp) mysql (3306/tcp) ntp (123/udp) general/cpe-t general/host-t Threat Level High High Medium Low Low Low Low Log Log netbios-ns (137/udp) Log ssh (22/tcp) Log Security Issues for Host High (CVSS: 10.0) NVT: OpenSSL 'bn_wexpend()' Error Handling Unspecified Vulnerability (OID: )

2 OpenSSL is prone to an unspecified vulnerability in bn_wexpend(). According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8m which is vulnerable. The vendor has released updates. Please see the references for more information. CVE: CVE BID: High (CVSS: 9.3) NVT: PHP version smaller than (OID: ) PHP version smaller than suffers vulnerability. Update PHP to version or later. CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE BID: 38708, 40461, 40948, High (CVSS: 7.5) NVT: OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability (OID: ) OpenSSL is prone to a remote memory-corruption vulnerability. According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8o/1.0.0a which is vulnerable An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library. Successfully exploiting this issue can allow the attacker to execute arbitrary code. Failed exploit attempts will result in a denial-ofservice condition. Versions of OpenSSL 0.9.h through 0.9.8n and OpenSSL 1.0.x prior to 1.0.0a are affected. Note that Cryptographic Message Syntax (CMS) functionality is only enabled by default in OpenSSL versions 1.0.x. Updates are available. Please see the references for more information. CVE: CVE BID: High (CVSS: 7.5) NVT: MacOS X Finder reveals contents of Apache Web directories (OID: ) MacOS X creates a hidden file, '.DS_Store' in each directory that has been viewed with the 'Finder'. This file contains a list of the contents of the directory, giving an attacker information on the structure and contents of your website. Use a <FilesMatch> directive in httpd.conf to forbid retrieval of this file: <FilesMatch '^\.[Dd][Ss]_[Ss]'> Order allow, deny Deny from all </FilesMatch> and restart Apache. CVE: CVE BID: 3316, 3325

3 High (CVSS: 7.5) NVT: PHP version 5.3< (OID: ) PHP version < suffers multiple vulnerabilities such as integer overflow vulnerabilit y, buffer overflow error and several casting errors. Recommendation: Upgrade PHP to or later versions. CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE BID: 46354, 46365, 46786, High (CVSS: 7.5) NVT: phpinfo.php (OID: ) The following files are calling the function phpinfo() which disclose potentially sensitive information to the remote attacker : /xampp/phpinfo.php Delete them or restrict access to them High (CVSS: 6.8) NVT: PHP version smaller than (OID: ) PHP version smaller than suffers vulnerability. Update PHP to version or later. CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE BID: 40173, 43926, 44605, 44718, 44723, 44951, 44980, 45119, 45335, 45338, 45339, 45952, 45954, 46056, High (CVSS: 6.5) NVT: phpmyadmin Bookmark Security Bypass Vulnerability (OID: ) phpmyadmin is prone to a security-bypass vulnerability that affects bookmarks. Successfully exploiting this issue allows a remote attacker to bypass certain security restrictions and perform unauthorized actions. Versions prior to phpmyadmin and are vulnerable. Updates are available. Please see the references for details. CVE: CVE BID: High (CVSS: 5.8) NVT: http TRACE XSS attack (OID: ) Debugging functions are enabled on the remote HTTP server. Description : The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections. It has been shown that servers supporting this method are subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in conjunction with various weaknesses in browsers.

4 An attacker may use this flaw to trick your legitimate web users to give him their credentials. Disable these methods. Plugin output : Add the following lines for each virtual host in your configuration file : RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE TRACK) RewriteRule.* - [F] CVE: CVE , CVE BID: 9506, 9561, High (CVSS: 10.0) NVT: OpenSSL 'bn_wexpend()' Error Handling Unspecified Vulnerability (OID: ) OpenSSL is prone to an unspecified vulnerability in bn_wexpend(). According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8m which is vulnerable. The vendor has released updates. Please see the references for more information. CVE: CVE BID: High (CVSS: 9.3) NVT: PHP version smaller than (OID: ) PHP version smaller than suffers vulnerability. Update PHP to version or later. CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE BID: 38708, 40461, 40948, High (CVSS: 7.5) NVT: OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability (OID: ) OpenSSL is prone to a remote memory-corruption vulnerability. According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8o/1.0.0a which is vulnerable An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library. Successfully exploiting this issue can allow the attacker to execute arbitrary code. Failed exploit attempts will result in a denial-ofservice condition. Versions of OpenSSL 0.9.h through 0.9.8n and OpenSSL 1.0.x prior to 1.0.0a are affected. Note that Cryptographic Message Syntax (CMS) functionality is only enabled by default in OpenSSL versions 1.0.x. Updates are available. Please see the references for more information. CVE: CVE BID: 40502

5 High (CVSS: 7.5) NVT: MacOS X Finder reveals contents of Apache Web directories (OID: ) MacOS X creates a hidden file, '.DS_Store' in each directory that has been viewed with the 'Finder'. This file contains a list of the contents of the directory, giving an attacker information on the structure and contents of your website. Use a <FilesMatch> directive in httpd.conf to forbid retrieval of this file: <FilesMatch '^\.[Dd][Ss]_[Ss]'> Order allow, deny Deny from all </FilesMatch> and restart Apache. CVE: CVE BID: 3316, 3325 High (CVSS: 7.5) NVT: PHP version 5.3< (OID: ) PHP version < suffers multiple vulnerabilities such as integer overflow vulnerabilit y, buffer overflow error and several casting errors. Recommendation: Upgrade PHP to or later versions. CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE BID: 46354, 46365, 46786, High (CVSS: 6.8) NVT: PHP version smaller than (OID: ) PHP version smaller than suffers vulnerability. Update PHP to version or later. CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE BID: 40173, 43926, 44605, 44718, 44723, 44951, 44980, 45119, 45335, 45338, 45339, 45952, 45954, 46056, High (CVSS: 6.5) NVT: phpmyadmin Bookmark Security Bypass Vulnerability (OID: ) phpmyadmin is prone to a security-bypass vulnerability that affects bookmarks. Successfully exploiting this issue allows a remote attacker to bypass certain security restrictions and perform unauthorized actions. Versions prior to phpmyadmin and are vulnerable. Updates are available. Please see the references for details. CVE: CVE BID: High (CVSS: 5.8)

6 NVT: http TRACE XSS attack (OID: ) Debugging functions are enabled on the remote HTTP server. Description : The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections. It has been shown that servers supporting this method are subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in conjunction with various weaknesses in browsers. An attacker may use this flaw to trick your legitimate web users to give him their credentials. Disable these methods. Plugin output : Add the following lines for each virtual host in your configuration file : RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE TRACK) RewriteRule.* - [F] CVE: CVE , CVE BID: 9506, 9561, Medium (CVSS: 2.6) NVT: TCP timestamps (OID: ) general/tcp It was detected that the host implements RFC1323. The following timestamps were retrieved with a delay of 1 seconds in-between: Paket 1: Paket 2: Medium (CVSS: 5.0) NVT: OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability (OID: ) OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference. According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8n which is vulnerable. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL versions 0.9.8f through 0.9.8m are vulnerable. Updates are available. Please see the references for more information. CVE: CVE BID: Medium (CVSS: 5.0) NVT: Apache UserDir Sensitive Information Disclosure (OID: ) An information leak occurs on Apache based web servers whenever the UserDir module is enabled. The vulnerability allows an external attacker to enumerate existing accounts by requesting access to their home directory and monitoring the response. 1) Disable this feature by changing 'UserDir public_html' (or whatever) to 'UserDir disabled'. Or 2) Use a RedirectMatch rewrite rule under Apache -- this works even if there is no such entry in the password file, e.g.: RedirectMatch ^/~(.*)$ Or 3) Add into httpd.conf:

7 ErrorDocument ErrorDocument (NOTE: You need to use a FQDN inside the URL for it to work properly). Additional Information: CVE: CVE BID: 3335 NVT: OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerabi... (OID: ) OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference. According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8n which is vulnerable. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL versions 0.9.8m and prior are vulnerable. Updates are available. Please see the references for more information. CVE: CVE BID: NVT: phpmyadmin Multiple Cross Site Scripting Vulnerabilities (OID: ) phpmyadmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following versions are vulnerable: phpmyadmin 2.11.x prior to phpmyadmin 3.x prior to Updates are available. Please see the references for details. CVE: CVE BID: NVT: phpmyadmin Debug Backtrace Cross Site Scripting Vulnerability (OID: ) phpmyadmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Versions prior to phpmyadmin are vulnerable; other versions may also be affected.

8 Vendor updates are available. Please see the references for more information. CVE: CVE BID: NVT: phpmyadmin Database Search Cross Site Scripting Vulnerability (OID: ) phpmyadmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Versions prior to phpmyadmin and are vulnerable. Vendor updates are available. Please see the references for more information. CVE: CVE BID: NVT: phpmyadmin Setup Script Request Cross Site Scripting Vulnerability (OID: ) The host is running phpmyadmin and is prone to Cross-Site Scripting Vulnerability. The flaw is caused by an unspecified input validation error when processing spoofed requests sent to setup script, which could be exploited by attackers to cause arbitrary scripting code to be executed on the user's browser session in the security context of an affected site. Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site. Impact Level: Application phpmyadmin versions 3.x before Upgrade to phpmyadmin version or later, For updates refer to CVE: CVE NVT: phpmyadmin 'error.php' Cross Site Scripting Vulnerability (OID: ) The host is running phpmyadmin and is prone to Cross-Site Scripting Vulnerability. The flaw is caused by input validation errors in the 'error.php' script when

9 processing crafted BBcode tags containing characters, which could allow attackers to inject arbitrary HTML code within the error page and conduct phishing attacks. Successful exploitation will allow attackers to inject arbitrary HTML code within the error page and conduct phishing attacks. Impact Level: Application phpmyadmin version and prior. No solution or patch is available as of 10th December, Information regarding this issue will be updated once the solution details are available. For updates refer to CVE: CVE NVT: phpmyadmin 'db' Parameter Stored Cross Site Scripting Vulnerability (OID: ) The host is running phpmyadmin and is prone to Cross-Site Scripting vulnerability. The flaw is caused by improper validation of user-supplied input passed in the 'db' parameter to 'index.php', which allows attackers to execute arbitrary HTML and script code on the web server. Successful exploitation will allow attackers to plant XSS backdoors and inject arbitrary SQL statements via crafted XSS payloads. Impact Level: Application phpmyadmin versions 3.4.x before beta 3 Upgrade to phpmyadmin version beta 3 or later. For updates refer to NVT: XAMPP Web Server Multiple Cross Site Scripting Vulnerabilities (OID: ) This host is running XAMPP and is prone to multiple cross site scripting vulnerabilities. Multiple flaws are due to improper validation of user-supplied input to the 'text' parameter in 'ming.php' and input appended to the URL in cds.php, that allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application XAMPP version and prior Upgrade to XAMPP version or later. For updates refer to NVT: phpmyadmin Setup Interface Cross Site Scripting Vulnerability (OID: )

10 The host is running phpmyadmin and is prone to cross-site scripting vulnerability. The flaw is due to improper validation of user-supplied input via the 'Servers-0-verbose' parameter to setup/index.php, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application phpmyadmin versions 3.4.x before Upgrade to phpmyadmin version or later, For updates refer to CVE: CVE BID: NVT: phpmyadmin Setup '$host' Variable Cross Site Scripting Vulnerability (OID: ) The host is running phpmyadmin and is prone to cross site scripting vulnerability. The flaw is due to improper validation of user-supplied input via the '$host' variable within the setup, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application phpmyadmin versions 3.4.x before Upgrade to phpmyadmin version or later, For updates refer to CVE: CVE , CVE BID: NVT: Apache HTTP Server 'httponly' Cookie Information Disclosure Vulnerability (OID: ) This host is running Apache HTTP Server and is prone to cookie information disclosure vulnerability. The flaw is due to an error within the default error response for status code 400 when no custom ErrorDocument is configured, which can be exploited to expose 'httponly' cookies. Successful exploitation will allow attackers to obtain sensitive information that may aid in further attacks. Impact Level: Application Apache HTTP Server versions through Upgrade to Apache HTTP Server version or later,

11 For updates refer to CVE: CVE BID: Medium (CVSS: 2.6) NVT: Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vul... (OID: ) According to its version number, the remote version of the Apache mod_perl module is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The vendor has released a fix through the SVN repository. CVE: CVE BID: Medium (CVSS: 2.6) NVT: phpmyadmin pmd_pdf.php Cross Site Scripting Vulnerability (OID: ) This host is running phpmyadmin and is prone to cross site scripting vulnerability. Input passed to the 'db' parameter in pmd_pdf.php file is not properly sanitised before returning to the user. Allows execution of arbitrary HTML and script code, and steal cookie-based authentication credentials. Impact Level: System phpmyadmin phpmyadmin versions and prior on all running platform. Upgrade to phpmyadmin or later CVE: CVE BID: Medium (CVSS: 5.0) NVT: OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability (OID: ) OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference. According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8n which is vulnerable. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL versions 0.9.8f through 0.9.8m are vulnerable. Updates are available. Please see the references for more information. CVE: CVE BID: 39013

12 Medium (CVSS: 5.0) NVT: Apache UserDir Sensitive Information Disclosure (OID: ) An information leak occurs on Apache based web servers whenever the UserDir module is enabled. The vulnerability allows an external attacker to enumerate existing accounts by requesting access to their home directory and monitoring the response. 1) Disable this feature by changing 'UserDir public_html' (or whatever) to 'UserDir disabled'. Or 2) Use a RedirectMatch rewrite rule under Apache -- this works even if there is no such entry in the password file, e.g.: RedirectMatch ^/~(.*)$ Or 3) Add into httpd.conf: ErrorDocument ErrorDocument (NOTE: You need to use a FQDN inside the URL for it to work properly). Additional Information: CVE: CVE BID: 3335 NVT: OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerabi... (OID: ) OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference. According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8n which is vulnerable. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL versions 0.9.8m and prior are vulnerable. Updates are available. Please see the references for more information. CVE: CVE BID: NVT: phpmyadmin Multiple Cross Site Scripting Vulnerabilities (OID: ) phpmyadmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following versions are vulnerable: phpmyadmin 2.11.x prior to phpmyadmin 3.x prior to Updates are available. Please see the references for details. CVE: CVE BID: 42584

13 NVT: phpmyadmin Debug Backtrace Cross Site Scripting Vulnerability (OID: ) phpmyadmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Versions prior to phpmyadmin are vulnerable; other versions may also be affected. Vendor updates are available. Please see the references for more information. CVE: CVE BID: NVT: phpmyadmin Database Search Cross Site Scripting Vulnerability (OID: ) phpmyadmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Versions prior to phpmyadmin and are vulnerable. Vendor updates are available. Please see the references for more information. CVE: CVE BID: NVT: phpmyadmin Setup Script Request Cross Site Scripting Vulnerability (OID: ) The host is running phpmyadmin and is prone to Cross-Site Scripting Vulnerability. The flaw is caused by an unspecified input validation error when processing spoofed requests sent to setup script, which could be exploited by attackers to cause arbitrary scripting code to be executed on the user's browser session in the security context of an affected site. Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site. Impact Level: Application phpmyadmin versions 3.x before Upgrade to phpmyadmin version or later,

14 For updates refer to CVE: CVE NVT: phpmyadmin 'error.php' Cross Site Scripting Vulnerability (OID: ) The host is running phpmyadmin and is prone to Cross-Site Scripting Vulnerability. The flaw is caused by input validation errors in the 'error.php' script when processing crafted BBcode tags containing characters, which could allow attackers to inject arbitrary HTML code within the error page and conduct phishing attacks. Successful exploitation will allow attackers to inject arbitrary HTML code within the error page and conduct phishing attacks. Impact Level: Application phpmyadmin version and prior. No solution or patch is available as of 10th December, Information regarding this issue will be updated once the solution details are available. For updates refer to CVE: CVE NVT: phpmyadmin 'db' Parameter Stored Cross Site Scripting Vulnerability (OID: ) The host is running phpmyadmin and is prone to Cross-Site Scripting vulnerability. The flaw is caused by improper validation of user-supplied input passed in the 'db' parameter to 'index.php', which allows attackers to execute arbitrary HTML and script code on the web server. Successful exploitation will allow attackers to plant XSS backdoors and inject arbitrary SQL statements via crafted XSS payloads. Impact Level: Application phpmyadmin versions 3.4.x before beta 3 Upgrade to phpmyadmin version beta 3 or later. For updates refer to NVT: XAMPP Web Server Multiple Cross Site Scripting Vulnerabilities (OID: ) This host is running XAMPP and is prone to multiple cross site scripting vulnerabilities. Multiple flaws are due to improper validation of user-supplied input to the 'text' parameter in 'ming.php' and input appended to the URL in cds.php, that allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Successful exploitation will allow remote attackers to insert arbitrary HTML

15 and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application XAMPP version and prior Upgrade to XAMPP version or later. For updates refer to Medium (CVSS: 2.6) NVT: Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vul... (OID: ) According to its version number, the remote version of the Apache mod_perl module is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The vendor has released a fix through the SVN repository. CVE: CVE BID: Medium (CVSS: 2.6) NVT: phpmyadmin pmd_pdf.php Cross Site Scripting Vulnerability (OID: ) This host is running phpmyadmin and is prone to cross site scripting vulnerability. Input passed to the 'db' parameter in pmd_pdf.php file is not properly sanitised before returning to the user. Allows execution of arbitrary HTML and script code, and steal cookie-based authentication credentials. Impact Level: System phpmyadmin phpmyadmin versions and prior on all running platform. Upgrade to phpmyadmin or later CVE: CVE BID: Medium (CVSS: 0.0) NVT: SSL Certificate Expiry (OID: ) The SSL certificate of the remote service expired on :10:30 UTC! Low (CVSS: 0.0) NVT: No 404 check (OID: ) daap (3689/tcp) Synopsis : Remote web server does not reply with 404 error code. Description : This web server is [mis]configured in that it does not return '404 Not Found' error codes when a non-existent file is requested, perhaps returning a site map, search page or authentication page

16 instead. Yarubo enabled some counter measures for that, however they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate Low (CVSS: 0.0) NVT: No 404 check (OID: ) http-alt (8080/tcp) Synopsis : Remote web server does not reply with 404 error code. Description : This web server is [mis]configured in that it does not return '404 Not Found' error codes when a non-existent file is requested, perhaps returning a site map, search page or authentication page instead. Yarubo enabled some counter measures for that, however they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate Low (CVSS: 0.0) NVT: Identify unknown services with GET (OID: ) mysql (3306/tcp) A MySQL server seems to be running on this port but it rejects connection from the Yarubo scanner. Low (CVSS: 0.0) NVT: NTP read variables (OID: ) ntp (123/udp) A NTP (Network Time Protocol) server is listening on this port. Log NVT: (OID: 0) daap (3689/tcp) Open port. NVT: Services (OID: ) daap (3689/tcp) A web server is running on this port NVT: wapiti (NASL wrapper) (OID: ) daap (3689/tcp) wapiti could not be found in your system path. Yarubo was unable to execute wapiti and to perform the scan you requested. Please make sure that wapiti is installed and that wapiti is available in the PATH variable defined for your environment. NVT: CPE Inventory (OID: ) general/cpe-t cpe:/a:apache:http_server: cpe:/a:php:php: cpe:/a:openbsd:openssh: cpe:/a:phpmyadmin:phpmyadmin: cpe:/a:apache:mod_perl: cpe:/o:apple:mac_os_x NVT: Host Summary (OID: ) general/host-t

17 traceroute: , TCP ports:443,22,8080,3306,3689,80 UDP ports: NVT: OS fingerprinting (OID: ) general/tcp ICMP based OS fingerprint results: (90% confidence) FreeBSD Apple Mac OS X NVT: DIRB (NASL wrapper) (OID: ) general/tcp DIRB could not be found in your system path. Yarubo was unable to execute DIRB and to perform the scan you requested. Please make sure that DIRB is installed and is available in the PATH variable defined for your environment. NVT: Checks for open udp ports (OID: ) general/tcp Open UDP ports: [None found] NVT: arachni (NASL wrapper) (OID: ) general/tcp Arachni could not be found in your system path. Yarubo was unable to execute Arachni and to perform the scan you requested. Please make sure that Arachni is installed and that arachni is available in the PATH variable defined for your environment. NVT: Nikto (NASL wrapper) (OID: ) general/tcp Nikto could not be found in your system path. Yarubo was unable to execute Nikto and to perform the scan you requested. Please make sure that Nikto is installed and that nikto.pl or nikto is available in the PATH variable defined for your environment. NVT: Traceroute (OID: ) general/tcp Here is the route from to : NVT: Checks for open tcp ports (OID: ) general/tcp Open TCP ports: 443, 22, 8080, 3306, 3689, 80 Log NVT: (OID: 0) Open port.

18 NVT: HTTP Server type and version (OID: ) The remote web server type is : Apache/ (Unix) DAV/2 mod_ssl/ OpenSSL/0.9.8l PHP/5.3.1 mod_perl/2.0.4 Perl/v Solution : You can set the directive 'ServerTokens Prod' to limit the information emanating from the server in its response headers. NVT: Services (OID: ) A web server is running on this port NVT: Web mirroring (OID: ) The following CGI have been discovered : Syntax : cginame (arguments [default value]) /phpmyadmin/phpmyadmin.css.php (token [85daf7cf6507a0b0a7b90745ff4c45d3] convcharset [utf- 8] collation_connection [utf8_general_ci] lang [en-utf-8] js_frame [left] nocache [ ] ) /phpmyadmin/server_processlist.php (kill [51] token [986807e535fcb0a05fcc3587d1ab4d0d] con vcharset [utf-8] collation_connection [utf8_general_ci] full [1] lang [en-utf-8] phpmyadmi n [2b5d602ada86c61288ca8a443865c62477d734ab] ) /xampp/biorhythm.php (showcode [1] ) /phpmyadmin/server_collations.php (token [986807e535fcb0a05fcc3587d1ab4d0d] convcharset [u tf-8] collation_connection [utf8_general_ci] lang [en-utf-8] phpmyadmin [2b5d602ada86c6128 8ca8a443865c62477d734ab] ) /xampp/lang.php (en [] de [] pl [] nl [] it [] no [] es [] jp [] zh [] pt_br [] fr [] ) /phpmyadmin/documentation.html (phpmyadmin [b49316dec728e593cb19ac17bf31ab43067e31ba] ) /phpmyadmin/server_databases.php (token [986807e535fcb0a05fcc3587d1ab4d0d] sort_order [des c] convcharset [utf-8] collation_connection [utf8_general_ci] pos [0] sort_by [SCHEMA_NAME ] lang [en-utf-8] phpmyadmin [2b5d602ada86c61288ca8a443865c62477d734ab] dbstats [0] ) /phpmyadmin/server_engines.php (token [986807e535fcb0a05fcc3587d1ab4d0d] engine [InnoDB] c onvcharset [utf-8] collation_connection [utf8_general_ci] lang [en-utf-8] phpmyadmin [2b5d 602ada86c61288ca8a443865c62477d734ab] ) /phpmyadmin/index.php (kill [51] token [85daf7cf6507a0b0a7b90745ff4c45d3] target [server_s ql.php] convcharset [utf-8] collation_connection [utf8_general_ci] lang [en-utf-8] server [1] db [ %40example.com] phpmyadmin [b49316dec728e593cb19ac17bf31ab43067e31ba] ) /xampp/cds.php (interpret [] titel [] showcode [1] jahr [] ) /phpmyadmin/db_create.php (phpmyadmin [2b5d602ada86c61288ca8a443865c62477d734ab] lang [en- utf-8] convcharset [utf-8] collation_connection [utf8_general_ci] token [986807e535fcb0a05 fcc3587d1ab4d0d] reload [1] new_db [] db_collation [] ) /xampp/phonebook.php (showcode [1] phone [] lastname [] firstname [] ) /phpmyadmin/server_sql.php (token [986807e535fcb0a05fcc3587d1ab4d0d] convcharset [utf-8] c ollation_connection [utf8_general_ci] lang [en-utf-8] phpmyadmin [2b5d602ada86c61288ca8a c62477d734ab] ) /phpmyadmin/server_variables.php (token [986807e535fcb0a05fcc3587d1ab4d0d] convcharset [ut f-8] collation_connection [utf8_general_ci] lang [en-utf-8] phpmyadmin [2b5d602ada86c61288 ca8a443865c62477d734ab] ) /phpmyadmin/querywindow.php (token [85daf7cf6507a0b0a7b90745ff4c45d3] convcharset [utf-8] sql_query [] table [] collation_connection [utf8_general_ci] lang [en-utf-8] querydisplay_ tab [sql] db [] phpmyadmin [b49316dec728e593cb19ac17bf31ab43067e31ba] no_js [true] ) /phpmyadmin/server_status.php (token [986807e535fcb0a05fcc3587d1ab4d0d] convcharset [utf-8 ] flush [STATUS] collation_connection [utf8_general_ci] lang [en-utf-8] phpmyadmin [2b5d60 2ada86c61288ca8a443865c62477d734ab] ) /phpmyadmin/navigation.php (token [2e9dceccc31aa3cc40f97c651729a237] convcharset [utf-8] c ollation_connection [utf8_general_ci] lang [en-utf-8] phpmyadmin [3edabf212cfb41ad6f26d bac5a344] ) /phpmyadmin/server_privileges.php (checkprivs [ %40example.com] tablename [] to ken [986807e535fcb0a05fcc3587d1ab4d0d] convcharset [utf-8] hostname [%25] username [] coll ation_connection [utf8_general_ci] dbname [] lang [en-utf-8] initial [] phpmyadmin [2b5d60 2ada86c61288ca8a443865c62477d734ab] showall [1] ) /phpmyadmin/server_export.php (token [986807e535fcb0a05fcc3587d1ab4d0d] goto [db_export.ph p] convcharset [utf-8] collation_connection [utf8_general_ci] lang [en-utf-8] phpmyadmin [ 2b5d602ada86c61288ca8a443865c62477d734ab] selectall [1] ) /xampp/ (action [getpdf] ) /phpmyadmin/main.php (token [2e9dceccc31aa3cc40f97c651729a237] convcharset [utf-8] collati

19 on_connection [utf8_general_ci] lang [en-utf-8] phpmyadmin [3edabf212cfb41ad6f26d bac5a344] ) /phpmyadmin/setup/index.php (check_page_refresh [] token [80ab04c9900a1b916abc9062a2c031f8 ] submit [New server] convcharset [utf-8] collation_connection [utf8_general_ci] lang [en- utf-8] mode [add] page [servers] phpmyadmin [ e2c5d81269f3fe0d3a480f618adc411a] ) /xampp/iart.php (text [ceci+n+est+pas+un+ami+d+apache] showcode [1] img [1] ) /xampp/ming.php (text [ceci n est pas un ami d apache] showcode [1] ) /xampp/phpinfo.php (0 [PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000] 0 [PHPE9568F34-D428-11d2-A AA001ACF42] ) /phpmyadmin/server_import.php (token [986807e535fcb0a05fcc3587d1ab4d0d] convcharset [utf-8 ] collation_connection [utf8_general_ci] lang [en-utf-8] phpmyadmin [2b5d602ada86c61288ca8 a443865c62477d734ab] ) /phpmyadmin/import.php (SQL [Go] token [4bcaf704bf89d02bea9b81f09f2f9c2c] focus_querywindo w [true] goto [server_sql.php] convcharset [utf-8] show_query [1] prev_sql_query [] zero_r ows [Your SQL query has been executed successfully] sql_delimiter [;] collation_connection [utf8_general_ci] is_js_confirmed [0] pos [0] lang [en-utf-8] phpmyadmin [2d935b61aacd656 a23c0f1e6a5dd ceff1] ) /phpmyadmin/setup/ (D [A] token [80ab04c9900a1b916abc9062a2c031f8] formset [features] conv charset [utf-8] collation_connection [utf8_general_ci] lang [] page [form] phpmyadmin [ e2c5d81269f3fe0d3a480f618adc411a] ) PHP script discloses physical path at /xampp/ (/Applications/XAMPP/xamppfiles/htdocs/xampp /index.php) PHP script discloses physical path at /xampp/biorhythm.php (/Applications/XAMPP/xamppfiles /htdocs/xampp/biorhythm.php) Extraneous phpinfo() script found at /xampp/phpinfo.php Directory index found at /xampp/img/ NVT: Directory Scanner (OID: ) The following directories were discovered: /cgi-bin, /demo, /webalizer, /error While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards Other: OWASP:OWASP-CM-006 NVT: PHP Version Detection (OID: ) Detected PHP version: Location: tcp/80 CPE: cpe:/a:php:php:5.3.1 Concluded from version identification result: Server: Apache/ (Unix) DAV/2 mod_ssl/ OpenSSL/0.9.8l PHP/5.3.1 mod_perl/2.0.4 Perl/v NVT: wapiti (NASL wrapper) (OID: ) wapiti could not be found in your system path. Yarubo was unable to execute wapiti and to perform the scan you requested. Please make sure that wapiti is installed and that wapiti is available in the PATH variable defined for your environment. NVT: phpmyadmin Detection (OID: Detected phpmyadmin version: Location: /phpmyadmin CPE: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 Concluded from version identification result: 3.2.4

20 (Not protected by Username/Password) NVT: Apache Web ServerVersion Detection (OID: ) Detected Apache Tomcat version: Location: 80/tcp CPE: cpe:/a:apache:http_server: Concluded from version identification result: Server: Apache/ Log NVT: (OID: 0) http-alt (8080/tcp) Open port. NVT: Services (OID: ) http-alt (8080/tcp) A web server is running on this port NVT: wapiti (NASL wrapper) (OID: ) http-alt (8080/tcp) wapiti could not be found in your system path. Yarubo was unable to execute wapiti and to perform the scan you requested. Please make sure that wapiti is installed and that wapiti is available in the PATH variable defined for your environment. Log NVT: (OID: 0) Open port. NVT: HTTP Server type and version (OID: ) The remote web server type is : Apache/ (Unix) DAV/2 mod_ssl/ OpenSSL/0.9.8l PHP/5.3.1 mod_perl/2.0.4 Perl/v Solution : You can set the directive 'ServerTokens Prod' to limit the information emanating from the server in its response headers. NVT: Services (OID: ) A TLSv1 server answered on this port NVT: Services (OID: ) A web server is running on this port through SSL NVT: Directory Scanner (OID: ) The following directories were discovered: /cgi-bin, /demo, /webalizer, /error While this is not, in and of itself, a bug, you should manually inspect

21 these directories to ensure that they are in compliance with company security standards Other: OWASP:OWASP-CM-006 NVT: PHP Version Detection (OID: ) Detected PHP version: Location: tcp/443 CPE: cpe:/a:php:php:5.3.1 Concluded from version identification result: Server: Apache/ (Unix) DAV/2 mod_ssl/ OpenSSL/0.9.8l PHP/5.3.1 mod_perl/2.0.4 Perl/v NVT: wapiti (NASL wrapper) (OID: ) wapiti could not be found in your system path. Yarubo was unable to execute wapiti and to perform the scan you requested. Please make sure that wapiti is installed and that wapiti is available in the PATH variable defined for your environment. NVT: phpmyadmin Detection (OID: Detected phpmyadmin version: Location: /phpmyadmin CPE: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 Concluded from version identification result: (Not protected by Username/Password) NVT: Apache Web ServerVersion Detection (OID: ) Detected Apache Tomcat version: Location: 443/tcp CPE: cpe:/a:apache:http_server: Concluded from version identification result: Server: Apache/ Log NVT: (OID: 0) mysql (3306/tcp) Open port. NVT: MySQL/MariaDB Detection (OID: ) mysql (3306/tcp) Scanner received a ER_HOST_NOT_PRIVILEGED error from the remote MySQL/MariaDB server. Some tests may fail. Allow the scanner to access the remote MySQL server for better result s. NVT: Services (OID: ) mysql (3306/tcp) An unknown service is running on this port. It is usually reserved for MySQL

22 NVT: Using NetBIOS to retrieve information from a Windows host (OID: ) netbios-ns (137/udp) The following 7 NetBIOS names have been gathered : PETERSILIE 111 The remote host has the following MAC address on its adapter : 7c:d1:c3:87:c6:68 If you do not want to allow everyone to find the NetBios name of your computer, you should filter incoming traffic to this port. Log NVT: (OID: 0) ssh (22/tcp) Open port. NVT: SSH Protocol Versions Supported (OID: ) ssh (22/tcp) The remote SSH Server supports the following SSH Protocol Versions: SSHv2 Fingerprint: 68:14:03:04:90:97:be:3d:0f:0b:38:a2:59:d0:5d:ec NVT: SSH Server type and version (OID: ) ssh (22/tcp) Detected SSH server version: SSH-2.0-OpenSSH_5.9 Remote SSH supported authentication: publickey,keyboard-interactive Remote SSH banner: (not available) CPE: cpe:/a:openbsd:openssh:5.9 Concluded from remote connection attempt with credentials: Login: Yarubo Password: Yarubo NVT: Services (OID: ) ssh (22/tcp) An ssh server is running on this port This file was automatically generated.