Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day. SSL Certificate - Subject Common Name Does Not Match Server FQDN

Transcription

1 Vulnerability Scan 06 October 2014 at 16:21 URL : Summary: 34 vulnerabilities found Cookie Does Not Contain The "HTTPOnly" Attribute Cookie Does Not Contain The "secure" Attribute Cookie Does Not Contain The "secure" Attribute Cookie Does Not Contain The "HTTPOnly" Attribute SSL Server Allows Anonymous Authentication Vulnerability Web Server Stopped Responding POP3 Server Allows Plain Text Authentication Vulnerability Mail Server Accepts Plaintext Credentials Discovery of Unix Account Names Vulnerability Discovery of Unix Account Names Vulnerability Mail Server Accepts Plaintext Credentials Web Server Stopped Responding SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day SSL Certificate - Subject Common Name Does Not Match Server FQDN SSL Certificate - Signature Verification Failed Vulnerability SSL Certificate - Subject Common Name Does Not Match Server FQDN SSL Certificate - Improper Usage Vulnerability SSL Certificate - Subject Common Name Does Not Match Server FQDN 1/71

2 SSL Certificate - Subject Common Name Does Not Match Server FQDN SSL Certificate - Subject Common Name Does Not Match Server FQDN SSL Certificate - Subject Common Name Does Not Match Server FQDN SSL Certificate - Subject Common Name Does Not Match Server FQDN Global User List SSL Certificate - Self-Signed Certificate SSL Certificate - Subject Common Name Does Not Match Server FQDN SSL Certificate - Subject Common Name Does Not Match Server FQDN Database Instance Detected SSL/TLS use of weak RC4 cipher SSL/TLS use of weak RC4 cipher SSL/TLS use of weak RC4 cipher SSL/TLS use of weak RC4 cipher Apache Web Server ETag Header Information Disclosure Weakness Apache Web Server ETag Header Information Disclosure Weakness Remote Access or Management Service Detected Remote Management Service Accepting Unencrypted Credentials Detected POP3 Banner FTP Server Banner IMAP Banner Operating System Detected SMTP Banner SMTP Banner SMTP Banner IMAP Banner POP3 Banner 2/71

3 MySQL Banner SMTP Service Detected SMTP Service Detected Host Uptime Based on TCP TimeStamp Option SMTP Service Detected Web Server Version Open TCP Services List SSL Web Server Version Firewall Detected SSL Server Information Retrieval Degree of Randomness of TCP Initial Sequence Numbers SSL Certificate will expire within next six months SSL Session Caching Information TLS Secure Renegotiation Extension Supported TLS Secure Renegotiation Extension Supported SSL Server Information Retrieval ICMP Replies Received SSL Server Information Retrieval SSL Certificate - Information SSL Certificate - Information List of Web Directories Traceroute SSL Session Caching Information SSL Certificate - Information Host Scan Time SSL Certificate - Information 3/71

4 SSL/TLS invalid protocol version tolerance SSL/TLS invalid protocol version tolerance SSL Session Caching Information IP ID Values Randomness SSL Server Information Retrieval List of Web Directories SSL/TLS invalid protocol version tolerance DNS Host Name SSL Certificate - Information SSL Certificate - Information SSL Session Caching Information TLS Secure Renegotiation Extension Supported TLS Secure Renegotiation Extension Supported TLS Secure Renegotiation Extension Supported Host Names Found TLS Secure Renegotiation Extension Supported SSL Session Caching Information SSL Session Caching Information SSL Session Caching Information SSL Certificate - Information SSL Server Information Retrieval TLS Secure Renegotiation Extension Supported SSL Certificate - Information SSL Session Caching Information Target Network Information TLS Secure Renegotiation Extension Supported 4/71

5 SSL Server Information Retrieval SSL Session Caching Information SSL Certificate - Information Internet Service Provider TLS Secure Renegotiation Extension Supported SSL Server Information Retrieval SSL Server Information Retrieval SSL/TLS invalid protocol version tolerance SSL Server Information Retrieval Type: Web Application Cookie Does Not Contain The "HTTPOnly" Attribute QID: Category: Web Application Port: - The cookie does not contain the "HTTPOnly" attribute. Cookies without the "HTTPOnly" attribute are permitted to be accessed via JavaScript. Cross-site scripting attacks can steal cookies which could lead to user impersonation or compromise of the application account. If the associated risk of a compromised account is high, apply the "HTTPOnly" attribute to cookies wordpress_sec_bf07d8ddea19c831a87b2fd81497f82e=+; expires=sun Oct 6 05:45: ; path=/; domain= Cookie Does Not Contain The "secure" Attribute QID: Category: Web Application Port: - The cookie does not contain the "secure" attribute. 5/71

6 Cookies with the "secure" attribute are only permitted to be sent via HTTPS. Session cookies sent via HTTP expose an unsuspecting user to sniffing attacks that could lead to user impersonation or compromise of the application account. If the associated risk of a compromised account is high, apply the "secure" attribute to cookies and force all sensitive requests to be sent via HTTPS PHPSESSID=70fa5d181bc2138ff263f0e994e5ccb2; path=/; domain= Cookie Does Not Contain The "secure" Attribute QID: Category: Web Application Port: - The cookie does not contain the "secure" attribute. Cookies with the "secure" attribute are only permitted to be sent via HTTPS. Session cookies sent via HTTP expose an unsuspecting user to sniffing attacks that could lead to user impersonation or compromise of the application account. If the associated risk of a compromised account is high, apply the "secure" attribute to cookies and force all sensitive requests to be sent via HTTPS wordpress_bf07d8ddea19c831a87b2fd81497f82e=+; expires=sun Oct 6 05:45: ; path=/wp-content/plugins; domain= Cookie Does Not Contain The "HTTPOnly" Attribute QID: Category: Web Application Port: - The cookie does not contain the "HTTPOnly" attribute. Cookies without the "HTTPOnly" attribute are permitted to be accessed via JavaScript. Cross-site scripting attacks can steal cookies which could lead to user impersonation or compromise of the application account. If the associated risk of a compromised account is high, apply the "HTTPOnly" attribute to cookies PHPSESSID=70fa5d181bc2138ff263f0e994e5ccb2; path=/; domain= Type: Vulnerability SSL Server Allows Anonymous Authentication Vulnerability QID: /71

7 Category: General remote services Port: 21 The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server. The client usually authenticates the server using an algorithm like RSA or DSS. Some SSL ciphers allow SSL communication without authentication. Most common Web browsers like Microsoft Internet Explorer, Netscape and Mozilla do not use anonymous authentication ciphers by default. A vulnerability exists in SSL communications when clients are allowed to connect using no authentication algorithm. SSL client-server communication may use several different types of authentication: RSA, Diffie-Hellman, DSS or none. When 'none' is used, the communications are vulnerable to a man-in-the-middle attack." An attacker can exploit this vulnerability to impersonate your server to clients. Disable support for anonymous authentication. 1) Apache: Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines: SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM For Apache/apache_ssl include the following line in the configuration file (httpsd.conf): SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM 2) IIS: For IIS please see: How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services, How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll, How to Determine the Cipher Suite for the Server and Client,, and How to restrict the use of certain ciphers in Internet Information Services 5.0 3) Wu-FTP: For Wu-FTP which supports TLS, the ciphers parameter in TLS configuration file should be set to -ALL +SSLv3 +TLSv1 For more details please consult the docs/howto/ssl_and_tls_ftpd.howto file provided by wu-ftpd distribution. 4) Lighttpd: For lighttpd: Locate the lighttpd config file and modify the following ssl.ciperlist line to include!anull. A restart of the lightttpd application is necessary. Example: ssl.cipher-list = "TLSv1+HIGH!SSLv2 Additional reading: #table cols="6" CIPHER KEY-EXCHANGE AUTHENTICATION MAC ENCRYPTION(KEY- STRENGTH) GRADE SSLv3_SUPPORTS_CIPHERS_WITH_NO_AUTHENTICATION _ ADH-RC4-MD5 DH None MD5 RC4(128)_ MEDIUM_ ADH-DES-CBC3-SHA DH None SHA1 3DES(168)_ HIGH_ ADH-AES128-SHA DH None SHA1 AES(128)_ MEDIUM_ ADH-AES256- SHA DH None SHA1 AES(256)_ HIGH_ ADH-CAMELLIA128-SHA DH None SHA1 Camellia(128)_ MEDIUM_ ADH-CAMELLIA256-SHA DH None SHA1 Camellia(256)_ HIGH_ ADH-SEED-SHA DH None SHA1 SEED(128)_ MEDIUM_ TLSv1_SUPPORTS_CIPHERS_WITH_NO_AUTHENTICATION _ ADH-RC4-MD5 DH None MD5 RC4(128) _MEDIUM_ ADH-DES-CBC3-SHA DH None SHA1 3DES(168) _HIGH_ ADH-AES128-SHA DH None SHA1 AES(128) _MEDIUM_ ADH-AES256-SHA DH None SHA1 AES(256) _HIGH_ ADH-CAMELLIA128-SHA DH None SHA1 Camellia(128) _MEDIUM_ ADH-CAMELLIA256-SHA DH None SHA1 Camellia(256) _HIGH_ ADH-SEED-SHA DH None SHA1 SEED(128) _MEDIUM_ Web Server Stopped Responding QID: Category: Web server Port: 443 7/71

8 The Web server stopped responding to 3 consecutive connection attempts and/or more than 3 consecutive HTTP requests. Consequently, the service aborted testing for HTTP vulnerabilities. The vulnerabilities already detected are still posted. The service was unable to complete testing for HTTP vulnerabilities since the Web server stopped responding. Check the Web server status. If the Web server was crashed during the scan, please restart the server, report the incident to Customer Support and stop scanning the Web server until the issue is resolved. If the Web server is unable to process multiple concurrent HTTP requests, please lower the scan harshness level and launch another scan. If this vulnerability continues to be reported, please contact Customer Support. The web server did not respond for 4 consecutive HTTP requests. After these, the service was still unable to connect to the web server 2 minutes later. POP3 Server Allows Plain Text Authentication Vulnerability QID: Category: Mail services Port: 110 Post Office Protocol version 3 (POP3) is an application layer internet standard protocol to retrieve from a remote server. Use of the PASS command sends passwords in the clear over the network. Also, servers that answer -ERR to the User command are giving potential attackers clues about which names are valid. Malicious users could obtain mail server credentials by sniffing the traffic. This can allow unauthorized users to use the mail server as an open mail relay. POP3 supports several authentication methods to provide varying levels of protection. Contact your vendor for further configuration information. Mail Server Accepts Plaintext Credentials QID: Category: Mail services Port: 25 Your Mail Server responds to the EHLO command which implies that it uses the ESMTP protocol. ESMTP uses the AUTH command which indicates an authentication mechanism to the server. If the server supports the requested authentication mechanism, it performs an authentication protocol exchange to authenticate and identify the user. Optionally, it also negotiates a security layer for subsequent protocol interactions. Your server accepts PLAIN or LOGIN as one of the AUTH parameters. The authentication credentials are transmitted in plaintext over the network and no encryption is performed. Malicious users could obtain mail server credentials by sniffing the traffic. This can allow unauthorized users to use the mail server as an open mail relay. It may also lead to compromise of account credentials that can be used to access other mail services like POP3 and IMAP. 8/71

9 Disable the plaintext authentication methods on your SMTP server for unencrypted (non- SSL/TLS) sessions. You may consider using more advanced challenge-based authentication methods like CRAM-MD5 or DIGEST-MD5. Please contact your vendor for configuration information. Also check RFC 2554 and RFC 2487 for more details. EHLO 250-p3plcpnl0246.prod.phx3.secureserver.net Hello [ ] 250-SIZE BITMIME250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP AUTH LOGIN 334VXNlcm5hbWU6 EHLO 250- p3plcpnl0246.prod.phx3.secureserver.net Hello [ ] 250-SIZE BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP AUTH PLAIN 334 Discovery of Unix Account Names Vulnerability QID: Category: Brute Force Attack Port: 80 CVEID: CVE When a request for a user is made ( certain servers (such as Apache Versions and 1.3.9) return a different reply depending on whether the account user exists on the host or not. If a request is made for an account that exists on the host, a 403 error is returned. If a request is made for a non-existent account, then a 404 error is returned. Unauthorized remote users can implement brute force attacks on the Web server to guess a valid account name on the server. Even though they may be successful in obtaining a valid account, they will still have to guess the password. However, if user passwords are weak, some services may also be brute forced. Disable the default-enabled "UserDir" directive. To do so, add the following line to the httpd.conf file: UserDir Disabled Apache Versions and are vulnerable. Other Web servers may also be vulnerable. There are currently no patches available. We strongly advise you to upgrade to a later version of Apache. #table cols="2" N._Server Account root operator Discovery of Unix Account Names Vulnerability QID: Category: Brute Force Attack Port: 443 CVEID: CVE When a request for a user is made ( certain servers (such as Apache Versions and 1.3.9) return a different reply depending on whether the account user exists on the host or not. If a request is made for an account that exists on the host, a 403 error is returned. If a request is made for a non-existent account, then a 404 error is returned. Unauthorized remote users can implement brute force attacks on the Web server to guess a valid account name on the server. Even though they may be successful in obtaining a valid account, they will still have to guess the password. However, if user passwords are weak, some services may also be brute forced. 9/71

10 Disable the default-enabled "UserDir" directive. To do so, add the following line to the httpd.conf file: UserDir Disabled Apache Versions and are vulnerable. Other Web servers may also be vulnerable. There are currently no patches available. We strongly advise you to upgrade to a later version of Apache. #table cols="2" N._Server Account root Mail Server Accepts Plaintext Credentials QID: Category: Mail services Port: 587 Your Mail Server responds to the EHLO command which implies that it uses the ESMTP protocol. ESMTP uses the AUTH command which indicates an authentication mechanism to the server. If the server supports the requested authentication mechanism, it performs an authentication protocol exchange to authenticate and identify the user. Optionally, it also negotiates a security layer for subsequent protocol interactions. Your server accepts PLAIN or LOGIN as one of the AUTH parameters. The authentication credentials are transmitted in plaintext over the network and no encryption is performed. Malicious users could obtain mail server credentials by sniffing the traffic. This can allow unauthorized users to use the mail server as an open mail relay. It may also lead to compromise of account credentials that can be used to access other mail services like POP3 and IMAP. Disable the plaintext authentication methods on your SMTP server for unencrypted (non- SSL/TLS) sessions. You may consider using more advanced challenge-based authentication methods like CRAM-MD5 or DIGEST-MD5. Please contact your vendor for configuration information. Also check RFC 2554 and RFC 2487 for more details. EHLO qualysguard.com 250-p3plcpnl0246.prod.phx3.secureserver.net Hello sn094.s01.sjc01.qualys.com [ ] 250-SIZE BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP AUTH LOGIN 334 VXNlcm5hbWU6 EHLO qualysguard.com 250- p3plcpnl0246.prod.phx3.secureserver.net Hello sn094.s01.sjc01.qualys.com [ ] 250-SIZE BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP AUTH PLAIN 334 Web Server Stopped Responding QID: Category: Web server Port: 80 The Web server stopped responding to 3 consecutive connection attempts and/or more than 3 consecutive HTTP requests. Consequently, the service aborted testing for HTTP vulnerabilities. The vulnerabilities already detected are still posted. The service was unable to complete testing for HTTP vulnerabilities since the Web server stopped responding. Check the Web server status. 10/71

11 If the Web server was crashed during the scan, please restart the server, report the incident to Customer Support and stop scanning the Web server until the issue is resolved. If the Web server is unable to process multiple concurrent HTTP requests, please lower the scan harshness level and launch another scan. If this vulnerability continues to be reported, please contact Customer Support. The web server did not respond for 4 consecutive HTTP requests. After these, the service was still unable to connect to the web server 2 minutes later. SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability QID: Category: General remote services Port: 443 CVEID: CVE SSLv 3.0 and TLS v1.0 protocols are used to provide integrity, authenticity and privacy to other protocols such as HTTP and LDAP. They provide these services by using encryption for privacy, x509 certificates for authenticity and one-way hash functions for integrity. To encrypt data SSL and TLS can use block ciphers, which are encryption algorithms that can encrypt only a fixed block of original data to an encrypted block of the same size. Note that these ciphers will always obtain the same resulting block for the same original block of data. To achieve difference in the output the output of encryption is XORed with yet another block of the same size referred to as initialization vectors (IV). A special mode of operation for block ciphers known as CBC (cipher block chaining) uses one IV for the initial block and the result of the previous block for each subsequent block to obtain difference in the output of block cipher encryption. In SSLv3.0 and TLSv1.0 implementation the choice CBC mode usage was poor because the entire traffic shares one CBC session with single set of initial IVs. The rest of the IV are as mentioned above results of the encryption of the previous blocks. The subsequent IV are available to the eavesdroppers. This allows an attacker with the capability to inject arbitrary traffic into the plain-text stream (to be encrypted by the client) to verify their guess of the plain-text preceding the injected block. If the attackers guess is correct then the output of the encryption will be the same for two blocks. For low entropy data it is possible to guess the plain-text block with relatively few number of attempts. For example for data that has 1000 possibilities the number of attempts can be 500. For more information please see a paper by Gregory V. Bard. Recently attacks against the web authentication cookies have been described which used this vulnerability. If the authentication cookie is guessed by the attacker then the attacker can impersonate the legitimate user on the Web site which accepts the authentication cookie. This attack was identified in 2004 and later revisions of TLS protocol which contain a fix for this. If possible, upgrade to TLSv1.1 or TLSv1.2. If upgrading to TLSv1.1 or TLSv1.2 is not possible, then disabling CBC mode ciphers will remove the vulnerability. Setting your SSL server to prioritize RC4 ciphers mitigates this vulnerability. Microsoft has posted information including workarounds for IIS at KB Using the following SSL configuration in Apache mitigates this vulnerability: SSLHonorCipherOrder On SSLCipherSuite RC4-SHA:HIGH:!ADH Qualys SSL/TLS Deployment Best Practices can be found here. Note: RC4 recommendation is only in situations where upgrade to TLSv1.2 is not possible. RC4 in TLS v1.0 has output bias problem as described in QID Therefore it is recommended to upgrade to TLS v1.2 or later. #table cols="3" Available_non_CBC_cipher Server's_choice SSL_version RC4- SHA ECDHE-RSA-DES-CBC3-SHA TLSv1 11/71

12 Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day QID: Category: Web server Port: 0 CVEID: CVE The Apache HTTP Server, commonly referred to as Apache is a freely available Web server. Apache is vulnerable to a denial of service due to holding a connection open for partial HTTP requests. Apache Versions 1.x and 2.x are vulnerable. A remote attacker can cause a denial of service against the Web server which would prevent legitimate users from accessing the site. Denial of service tools and scripts such as Slowloris takes advantage of this vulnerability. Patch - There are no vendor-supplied patches available at this time. Workaround: - Server-specific recommendations can be found here. - Countermeasures for Apache are described here. - Reverse proxies, load balancers and iptables can help to prevent this attack from occurring. - Adjusting the TimeOut Directive can also prevent this attack from occurring. - A new module mod_reqtimeout has been introduced since Apache to provide tools for mitigation against these forms of attack. Also refer to Cert Blog and Slowloris and Mitigations for Apache document for further information. QID: detected on port 80 over TCP - Apache 2.0QID: detected on port 443 over TCP - Apache 2.0 Type: Vulnerability SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: Category: General remote services Port: 143 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. A certificate whose Subject commonname or subjectaltname does not match the server FQDN offers only encryption without authentication. Please note that a false positive reporting of this vulnerability is possible in the following case: If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem. A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication. Please install a server certificate whose Subject commonname or subjectaltname matches the server FQDN. 12/71

13 Certificate #0 CN=*.prod.phx3.secureserver.net,O=Special_Domain_Services\,_LLC,ST=Arizona,C=US (*.prod.phx3.secureserver.net) doesn't resolve (prod.phx3.secureserver.net) doesn't resolve (*.prod.phx3.secureserver.net) doesn't resolve SSL Certificate - Signature Verification Failed Vulnerability QID: Category: General remote services Port: 21 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. The authentication is done by verifying that the public key in the certificate is signed by a trusted third-party Certificate Authority. If a client is unable to verify the certificate, it can abort communication or prompt the user to continue the communication without authentication. By exploiting this vulnerability, man-in-the-middle attacks in tandem with DNS cache poisoning can occur. Exception: If the server communicates only with a restricted set of clients who have the server certificate or the trusted CA certificate, then the server or CA certificate may not be available publicly, and the scan will be unable to verify the signature. Please install a server certificate signed by a trusted third-party Certificate Authority. Certificate #0 address=ssl@p3plcpnl0246.prod.phx3.secureserver.net,cn=p3plcpnl0246.p rod.phx3.secureserver.net self signed certificate SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: Category: General remote services Port: 587 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. A certificate whose Subject commonname or subjectaltname does not match the server FQDN offers only encryption without authentication. Please note that a false positive reporting of this vulnerability is possible in the following case: If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem. A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication. Please install a server certificate whose Subject commonname or subjectaltname matches the server FQDN. 13/71

14 Certificate #0 CN=*.prod.phx3.secureserver.net,O=Special_Domain_Services\,_LLC,ST=Arizona,C=US (*.prod.phx3.secureserver.net) doesn't resolve (prod.phx3.secureserver.net) doesn't resolve (*.prod.phx3.secureserver.net) doesn't resolve Type: Vulnerability SSL Certificate - Improper Usage Vulnerability QID: Category: General remote services Port: 21 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. The basicconstraints section of the certificate may specify if it is a Certificate Authority (CA) certificate. Also, the keyusage field in the X509v3 extensions section of the certificate, if present, may restrict the usage of the certificate. In general, a server public key should not be used for Certificate or CRL signing and a client or CA certificate should be not used as a server certificate. If the keyusage or the basicconstraint field is designated as a critical parameter in the certificate, the client may abort the communication if the usage validation fails. Please install a server certificate with correct usage. Certificate #0 address=ssl@p3plcpnl0246.prod.phx3.secureserver.net,cn=p3plcpnl0246.p rod.phx3.secureserver.net is not suitable for CRL signing. Type: Vulnerability SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: Category: General remote services Port: 110 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. A certificate whose Subject commonname or subjectaltname does not match the server FQDN offers only encryption without authentication. Please note that a false positive reporting of this vulnerability is possible in the following case: If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem. A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption 14/71

15 communication. Please install a server certificate whose Subject commonname or subjectaltname matches the server FQDN. Certificate #0 CN=*.prod.phx3.secureserver.net,O=Special_Domain_Services\,_LLC,ST=Arizona,C=US (*.prod.phx3.secureserver.net) doesn't resolve (prod.phx3.secureserver.net) doesn't resolve (*.prod.phx3.secureserver.net) doesn't resolve SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: Category: General remote services Port: 995 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. A certificate whose Subject commonname or subjectaltname does not match the server FQDN offers only encryption without authentication. Please note that a false positive reporting of this vulnerability is possible in the following case: If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem. A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication. Please install a server certificate whose Subject commonname or subjectaltname matches the server FQDN. Certificate #0 CN=*.prod.phx3.secureserver.net,O=Special_Domain_Services\,_LLC,ST=Arizona,C=US (*.prod.phx3.secureserver.net) doesn't resolve (prod.phx3.secureserver.net) doesn't resolve (*.prod.phx3.secureserver.net) doesn't resolve SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: Category: General remote services Port: 465 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. A certificate whose Subject commonname or subjectaltname does not match the server FQDN offers only encryption without authentication. Please note that a false positive reporting of this vulnerability is possible in the following case: If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup 15/71

16 entry to the target IP will solve this problem. A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication. Please install a server certificate whose Subject commonname or subjectaltname matches the server FQDN. Certificate #0 CN=*.prod.phx3.secureserver.net,O=Special_Domain_Services\,_LLC,ST=Arizona,C=US (*.prod.phx3.secureserver.net) doesn't resolve (prod.phx3.secureserver.net) doesn't resolve (*.prod.phx3.secureserver.net) doesn't resolve SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: Category: General remote services Port: 25 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. A certificate whose Subject commonname or subjectaltname does not match the server FQDN offers only encryption without authentication. Please note that a false positive reporting of this vulnerability is possible in the following case: If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem. A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication. Please install a server certificate whose Subject commonname or subjectaltname matches the server FQDN. Certificate #0 CN=*.prod.phx3.secureserver.net,O=Special_Domain_Services\,_LLC,ST=Arizona,C=US (*.prod.phx3.secureserver.net) doesn't resolve (prod.phx3.secureserver.net) doesn't resolve (*.prod.phx3.secureserver.net) doesn't resolve SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: Category: General remote services Port: 21 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. A certificate whose Subject commonname or subjectaltname does not match the server FQDN offers only encryption without authentication. 16/71

17 Please note that a false positive reporting of this vulnerability is possible in the following case: If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem. A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication. Please install a server certificate whose Subject commonname or subjectaltname matches the server FQDN. Certificate #0 address=ssl@p3plcpnl0246.prod.phx3.secureserver.net,cn=p3plcpnl0246.p rod.phx3.secureserver.net (p3plcpnl0246.prod.phx3.secureserver.net) and IP ( ) don't match Type: Vulnerability Global User List QID: Category: Information gathering Port: 0 This is the global system user list, which was retrieved during the scan by exploiting one or more vulnerabilities. The Qualys IDs for the vulnerabilities leading to the disclosure of these users are also given in the Result section. Each user will be displayed only once, even though it may be obtained by using different methods. These common account(s) can be used by a malicious user to break-in the system via password bruteforcing. To prevent your host from being attacked, do one or more of the following: Remove (or rename) unnecessary accounts Shutdown unnecessary network services Ensure the passwords to these accounts are kept secret Use a firewall to restrict access to your hosts from unauthorized domains #table cols="2" User_Name Source_Vulnerability_(QualysID) root 5001 operator 5001 Type: Vulnerability SSL Certificate - Self-Signed Certificate QID: Category: General remote services Port: 21 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. 17/71

18 The client can trust that the Server Certificate belongs the server only if it is signed by a mutually trusted third-party Certificate Authority (CA). Self-signed certificates are created generally for testing purposes or to avoid paying third-party CAs. These should not be used on any production or critical servers. By exploiting this vulnerability, an attacker can impersonate the server by presenting a fake self-signed certificate. If the client knows that the server does not have a trusted certificate, it will accept this spoofed certificate and communicate with the remote server. By exploiting this vulnerability, an attacker can launch a man-in-the-middle attack. Please install a server certificate signed by a trusted third-party Certificate Authority. Certificate #0 address=ssl@p3plcpnl0246.prod.phx3.secureserver.net,cn=p3plcpnl0246.p rod.phx3.secureserver.net is a self signed certificate. SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: Category: General remote services Port: 443 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. A certificate whose Subject commonname or subjectaltname does not match the server FQDN offers only encryption without authentication. Please note that a false positive reporting of this vulnerability is possible in the following case: If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem. A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication. Please install a server certificate whose Subject commonname or subjectaltname matches the server FQDN. Certificate #0 CN=*.prod.phx3.secureserver.net,O=Special_Domain_Services\,_LLC,ST=Arizona,C=US (*.prod.phx3.secureserver.net) doesn't resolve (prod.phx3.secureserver.net) doesn't resolve (*.prod.phx3.secureserver.net) doesn't resolve SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: Category: General remote services Port: 993 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. A certificate whose Subject commonname or subjectaltname does not match the server 18/71

19 FQDN offers only encryption without authentication. Please note that a false positive reporting of this vulnerability is possible in the following case: If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem. A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication. Please install a server certificate whose Subject commonname or subjectaltname matches the server FQDN. Certificate #0 CN=*.prod.phx3.secureserver.net,O=Special_Domain_Services\,_LLC,ST=Arizona,C=US (*.prod.phx3.secureserver.net) doesn't resolve (prod.phx3.secureserver.net) doesn't resolve (*.prod.phx3.secureserver.net) doesn't resolve Type: Vulnerability Database Instance Detected QID: Category: Database Port: 3306 The service detected a database installation on the target. Databases like Oracle, MS-SQL, MySQL, IBM DB2, PostGgresql, Firebird and other are detected. The database instance is listed in the result section below. MYSQL instance detected on TCP port SSL/TLS use of weak RC4 cipher QID: Category: General remote services Port: 465 CVEID: CVE Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS ) protocols provide integrity, confidentiality and authenticity services to other protocols that lack these features. SSL/TLS protocols use ciphers such as AES,DES, 3DES and RC4 to encrypt the content of the higher layer protocols and thus provide the confidentiality service. Normally the output of an encryption process is a sequence of random looking bytes. It was known that RC4 output has some bias in the output. Recently a group of researches has discovered that the there is a stronger bias in RC4, which make statistical analysis of ciphertext more practical. The described attack is to inject a malicious javascript into the victim's browser that would ensure that there are multiple connections being established with a target website and the same HTTP cookie is sent multiple times to the website in encrypted form. This provides the attacker a large set of ciphertext samples, that can be used for statistical analysis. 19/71

20 If this attack is carried out and an HTTP cookie is recovered, then the attacker can then use the cookie to impersonate the user whose cookie was recovered. This attack is not very practical as it requires the attacker to have access to millions of samples of ciphertext, but there are certain assumptions that an attacker can make to improve the chances of recovering the cleartext from cihpertext. For examples HTTP cookies are either base64 encoded or hex digits. This information can help the attacker in their efforts to recover the cookie. RC4 should not be used where possible. One reason that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode ciphers in SSL and TLS. However, TLSv 1.2 or later address these issues. TLSv1.0 with RC4 ciphers is supported SSL/TLS use of weak RC4 cipher QID: Category: General remote services Port: 995 CVEID: CVE Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS ) protocols provide integrity, confidentiality and authenticity services to other protocols that lack these features. SSL/TLS protocols use ciphers such as AES,DES, 3DES and RC4 to encrypt the content of the higher layer protocols and thus provide the confidentiality service. Normally the output of an encryption process is a sequence of random looking bytes. It was known that RC4 output has some bias in the output. Recently a group of researches has discovered that the there is a stronger bias in RC4, which make statistical analysis of ciphertext more practical. The described attack is to inject a malicious javascript into the victim's browser that would ensure that there are multiple connections being established with a target website and the same HTTP cookie is sent multiple times to the website in encrypted form. This provides the attacker a large set of ciphertext samples, that can be used for statistical analysis. If this attack is carried out and an HTTP cookie is recovered, then the attacker can then use the cookie to impersonate the user whose cookie was recovered. This attack is not very practical as it requires the attacker to have access to millions of samples of ciphertext, but there are certain assumptions that an attacker can make to improve the chances of recovering the cleartext from cihpertext. For examples HTTP cookies are either base64 encoded or hex digits. This information can help the attacker in their efforts to recover the cookie. RC4 should not be used where possible. One reason that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode ciphers in SSL and TLS. However, TLSv 1.2 or later address these issues. TLSv1.0 with RC4 ciphers is supported SSL/TLS use of weak RC4 cipher QID: Category: General remote services Port: 443 CVEID: CVE Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS ) protocols provide integrity, confidentiality and authenticity services to other protocols that lack these features. SSL/TLS protocols use ciphers such as AES,DES, 3DES and RC4 to encrypt the content of the higher layer protocols and thus provide the confidentiality service. Normally the output of an encryption process is a sequence of random looking bytes. It was known that RC4 output 20/71

21 has some bias in the output. Recently a group of researches has discovered that the there is a stronger bias in RC4, which make statistical analysis of ciphertext more practical. The described attack is to inject a malicious javascript into the victim's browser that would ensure that there are multiple connections being established with a target website and the same HTTP cookie is sent multiple times to the website in encrypted form. This provides the attacker a large set of ciphertext samples, that can be used for statistical analysis. If this attack is carried out and an HTTP cookie is recovered, then the attacker can then use the cookie to impersonate the user whose cookie was recovered. This attack is not very practical as it requires the attacker to have access to millions of samples of ciphertext, but there are certain assumptions that an attacker can make to improve the chances of recovering the cleartext from cihpertext. For examples HTTP cookies are either base64 encoded or hex digits. This information can help the attacker in their efforts to recover the cookie. RC4 should not be used where possible. One reason that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode ciphers in SSL and TLS. However, TLSv 1.2 or later address these issues. TLSv1.0 with RC4 ciphers is supported SSL/TLS use of weak RC4 cipher QID: Category: General remote services Port: 993 CVEID: CVE Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS ) protocols provide integrity, confidentiality and authenticity services to other protocols that lack these features. SSL/TLS protocols use ciphers such as AES,DES, 3DES and RC4 to encrypt the content of the higher layer protocols and thus provide the confidentiality service. Normally the output of an encryption process is a sequence of random looking bytes. It was known that RC4 output has some bias in the output. Recently a group of researches has discovered that the there is a stronger bias in RC4, which make statistical analysis of ciphertext more practical. The described attack is to inject a malicious javascript into the victim's browser that would ensure that there are multiple connections being established with a target website and the same HTTP cookie is sent multiple times to the website in encrypted form. This provides the attacker a large set of ciphertext samples, that can be used for statistical analysis. If this attack is carried out and an HTTP cookie is recovered, then the attacker can then use the cookie to impersonate the user whose cookie was recovered. This attack is not very practical as it requires the attacker to have access to millions of samples of ciphertext, but there are certain assumptions that an attacker can make to improve the chances of recovering the cleartext from cihpertext. For examples HTTP cookies are either base64 encoded or hex digits. This information can help the attacker in their efforts to recover the cookie. RC4 should not be used where possible. One reason that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode ciphers in SSL and TLS. However, TLSv 1.2 or later address these issues. TLSv1.0 with RC4 ciphers is supported Apache Web Server ETag Header Information Disclosure Weakness QID: Category: Web server Port: 80 CVEID: CVE /71

22 The Apache HTTP Server is a popular, open-source HTTP server for multiple platforms, including Windows, Unix, and Linux. A cache management feature for Apache makes use of an entity tag (ETag) header. When this option is enabled and a request is made for a document relating to a file, an ETag response header is returned containing various file attributes for caching purposes. ETag information allows subsequent file requests to contain specific information, such as the file's inode number. A weakness has been found in the generation of ETag headers under certain configurations implementing the FileETag directive. Among the file attributes included in the header is the file inode number that is returned to a client. Affected Versions: By default, all Versions of Apache are vulnerable. In Apache Versions and earlier, it's not possible to disable inodes in in ETag headers to mitigate this vulnerability, so Apache Version and earlier are vulnerable at all times. Apache Version and later have a setting that can be modified to remove the inode info from the ETag Headers to mitigate this vulnerability. Apache Versions >= allow the user to configure what goes into ETag. However, if the user does not configure Apache to not include inode in ETag, the Web server can still be vulnerable even if Apache >= is being used. This vulnerability poses a security risk, as the disclosure of inode information may aid in launching attacks against other network-based services. For instance, NFS uses inode numbers to generate file handles. Workaround: For Apache and earlier: There is no patch or remediation available for Apache Versions and earlier since it's not possible to disable inodes in in ETag headers. Customers running versions of Apache <= will need to upgrade to a later version and then apply the settings listed below (see Apache Version and later), as versions of Apache and earlier do not have the ability to configure these setting. For Apache and later: In Apache Version and later, it's possible to configure the FileETag directive to generate ETag headers without inode information, which mitigates this vulnerability. To do so, include "FileETag -INode" in the Apache server configuration file for a specific subdirectory. In order to fix this vulnerability globally, for the Web server, use the option "FileETag None". Use the option "FileETag MTime Size" if you just want to remove the Inode information. OpenBSD: OpenBSD has released a patch that fixes this vulnerability. After installing the patch, inode numbers returned from the server are encoded using a private hash to avoid the release of sensitive information. "646fa-7ab-500e0b4e5a84c" Apache Web Server ETag Header Information Disclosure Weakness QID: Category: Web server Port: 443 CVEID: CVE The Apache HTTP Server is a popular, open-source HTTP server for multiple platforms, including Windows, Unix, and Linux. A cache management feature for Apache makes use of an entity tag (ETag) header. When this option is enabled and a request is made for a document relating to a file, an ETag response header is returned containing various file attributes for caching purposes. ETag information allows subsequent file requests to contain specific information, such as the file's inode number. A weakness has been found in the generation of ETag headers under certain configurations implementing the FileETag directive. Among the file attributes included in the header is the file inode number that is returned to a client. 22/71