Vulnerability Scan. January 6, 2015

Vulnerability Scan January 6, 2015 Results of Vulnerability Security Scan The results of your Ethos Info Vulnerability Security Scan are detailed below. The scan ran from Sat Dec 27 07:07:00 2014 UTC until Sat Dec 27 13:49:46 2014 UTC. This report first summarises the results found. Then, for each host, the report describes every issue found. Contents 1 Result Overview 2 2 Results per Host 2 2.1 192.168.100.1.................................................... 2 2.1.1 High 53/tcp................................................ 2 2.1.2 High 80/tcp................................................ 3 2.1.3 High 113/tcp............................................... 4 2.1.4 Medium 53/tcp.............................................. 5 2.1.5 Medium 80/tcp.............................................. 6 2.1.6 Medium 113/tcp............................................. 7 2.1.7 Log 53/tcp................................................. 8 2.1.8 Log 80/tcp................................................. 8 2.1.9 Log 113/tcp................................................ 12 2.1.10 Log general/tcp.............................................. 15 2.1.11 Log general/cpe-t............................................ 17 2.1.12 Log 82/tcp................................................. 18 2.1.13 Log 81/tcp................................................. 21 2.1.14 Log 53/udp................................................ 23 2.1.15 Log 5060/udp............................................... 24 2.1.16 Log 4569/tcp............................................... 25 2.1.17 Log 3306/tcp............................................... 26 2.1.18 Log 22/tcp................................................. 27 2.1.19 Log 21/tcp................................................. 28 2.1.20 Log 123/udp............................................... 29 2.1.21 Log 114/tcp................................................ 29 2.1.22 Log 112/tcp................................................ 33 Page 1 of 36

1 Result Overview Ethos Info Vulnerability Scanning Service Report Host High Medium Low Log False Positive 192.168.100.1 3 3 0 52 0 Total: 1 3 3 0 52 0 Vendor security updates are not trusted. Overrides are on. When a result has an override, this report uses the threat of the override. Notes are included in the report. This report might not show details of all issues that were found. It only lists hosts that produced issues. Issues with the threat level Debug are not shown. Issues with the threat level False Positive are not shown. This report contains all 58 results selected by the filtering described above. Before filtering there were 58 results. 2 Results per Host 2.1 192.168.100.1 Host scan start Host scan end Sat Dec 27 07:07:05 2014 UTC Sat Dec 27 13:49:46 2014 UTC Service (Port) 53/tcp 80/tcp 113/tcp 53/tcp 80/tcp 113/tcp 53/tcp 80/tcp 113/tcp general/tcp general/cpe-t 82/tcp 81/tcp 53/udp 5060/udp 4569/tcp 3306/tcp 22/tcp 21/tcp 123/udp 114/tcp 112/tcp Threat Level High High High Medium Medium Medium Log Log Log Log Log Log Log Log Log Log Log Log Log Log Log Log 2.1.1 High 53/tcp Page 2 of 36

High (CVSS: 9.3) NVT: Dnsmasq Remote Denial of Service Vulnerability Ethos Info Vulnerability Scanning Service Report Product detection result cpe:/a:thekelleys:dnsmasq:2.48 Detected by Dnsmasq Detection (OID: 1.3.6.1.4.1.25623.1.0.100266) Dnsmasq is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions through a stream of spoofed DNS queries producing large results. Dnsmasq versions 2.62 and prior are vulnerable. OID of test routine: 1.3.6.1.4.1.25623.1.0.103509 Vulnerability was detected according to the Vulnerability Detection Method. Vulnerability Detection Method Details:Dnsmasq Remote Denial of Service Vulnerability OID:1.3.6.1.4.1.25623.1.0.103509 Version used: $Revision: 12 $ Product Detection Result Product: cpe:/a:thekelleys:dnsmasq:2.48 Method: Dnsmasq Detection OID: 1.3.6.1.4.1.25623.1.0.100266 References BID:54353 Other: URL:http://www.securityfocus.com/bid/54353 URL:http://www.thekelleys.org.uk/dnsmasq/doc.html URL:https://bugzilla.redhat.com/show_bug.cgi?id=833033 2.1.2 High 80/tcp High (CVSS: 7.5) NVT: PHP version 5.3 5.3.6 PHP version < 5.3.6 suffers multiple vulnerabilities such as integer overflow vu Page 3 of 36

lnerability, buffer overflow error and several casting errors. Recommendation: Upgrade PHP to 5.3.6 or later versions. OID of test routine: 1.3.6.1.4.1.25623.1.0.110013 Vulnerability was detected according to the Vulnerability Detection Method. Vulnerability Detection Method Details:PHP version 5.3< 5.3.6 OID:1.3.6.1.4.1.25623.1.0.110013 Version used: $Revision: 12 $ References CVE: CVE-2011-0421, CVE-2011-0708, CVE-2011-1092, CVE-2011-1153, CVE-2011-1464, CVE-2011-1466, CVE-2011-1467, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470 BID:46354, 46365, 46786, 46854 2.1.3 High 113/tcp High (CVSS: 7.5) NVT: PHP version 5.3 5.3.6 PHP version < 5.3.6 suffers multiple vulnerabilities such as integer overflow vu lnerability, buffer overflow error and several casting errors. Recommendation: Upgrade PHP to 5.3.6 or later versions. OID of test routine: 1.3.6.1.4.1.25623.1.0.110013 Vulnerability was detected according to the Vulnerability Detection Method. Vulnerability Detection Method Details:PHP version 5.3< 5.3.6 OID:1.3.6.1.4.1.25623.1.0.110013 Version used: $Revision: 12 $ Page 4 of 36

References CVE: CVE-2011-0421, CVE-2011-0708, CVE-2011-1092, CVE-2011-1153, CVE-2011-1464, CVE-2011-1466, CVE-2011-1467, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470 BID:46354, 46365, 46786, 46854 2.1.4 Medium 53/tcp Medium (CVSS: 6.8) NVT: Dnsmasq TFTP Service multiple vulnerabilities Product detection result cpe:/a:thekelleys:dnsmasq:2.48 Detected by Dnsmasq Detection (OID: 1.3.6.1.4.1.25623.1.0.100266) Dnsmasq is prone to a remotely exploitable heap-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Remote attackers can exploit this issue to execute arbitrary machine code in the context of the vulnerable software on the targeted user s computer. Dnsmasq is also prone to a NULL-pointer dereference vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. NOTE: The TFTP service must be enabled for this issue to be exploitable this is not the default. Versions *prior to* Dnsmasq 2.50 are vulnerable. OID of test routine: 1.3.6.1.4.1.25623.1.0.100267 : Dnsmasq is prone to a remotely exploitable heap-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Remote attackers can exploit this issue to execute arbitrary machine code in the context of the vulnerable software on the targeted user s computer. Dnsmasq is also prone to a NULL-pointer dereference vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. NOTE: The TFTP service must be enabled for this issue to be exploitable; this is not the default. Versions *prior to* Dnsmasq 2.50 are vulnerable. Page 5 of 36

Solution: Updates are available. Please see the references for more information. Solution Updates are available. Please see the references for more information. Vulnerability Detection Method Details:Dnsmasq TFTP Service multiple vulnerabilities OID:1.3.6.1.4.1.25623.1.0.100267 Version used: $Revision: 15 $ Product Detection Result Product: cpe:/a:thekelleys:dnsmasq:2.48 Method: Dnsmasq Detection OID: 1.3.6.1.4.1.25623.1.0.100266 References CVE: CVE-2009-2957, CVE-2009-2958 BID:36121, 36120 Other: URL:http://www.securityfocus.com/bid/36121 URL:http://www.securityfocus.com/bid/36120 URL:http://www.thekelleys.org.uk/dnsmasq/doc.html URL:http://www.coresecurity.com/content/dnsmasq-vulnerabilities 2.1.5 Medium 80/tcp Medium (CVSS: 6.8) NVT: PHP version smaller than 5.3.4 PHP version smaller than 5.3.4 suffers vulnerability. OID of test routine: 1.3.6.1.4.1.25623.1.0.110181 Vulnerability was detected according to the Vulnerability Detection Method. Solution Update PHP to version 5.3.4 or later. Page 6 of 36

Vulnerability Detection Method Details:PHP version smaller than 5.3.4 OID:1.3.6.1.4.1.25623.1.0.110181 Version used: $Revision: 12 $ References CVE: CVE-2006-7243, CVE-2010-2094, CVE-2010-2950, CVE-2010-3436, CVE-2010-3709, CVE-2010-3710, CVE-2010-3870, CVE-2010-4150, CVE-2010-4156, CVE-2010-4409, CVE -2010-4697, CVE-2010-4698, CVE-2010-4699, CVE-2010-4700, CVE-2011-0753, CVE-20 11-0754, CVE-2011-0755 BID:40173, 43926, 44605, 44718, 44723, 44951, 44980, 45119, 45335, 45338, 45339, 45952, 45954, 46056, 46168 2.1.6 Medium 113/tcp Medium (CVSS: 6.8) NVT: PHP version smaller than 5.3.4 PHP version smaller than 5.3.4 suffers vulnerability. OID of test routine: 1.3.6.1.4.1.25623.1.0.110181 Vulnerability was detected according to the Vulnerability Detection Method. Solution Update PHP to version 5.3.4 or later. Vulnerability Detection Method Details:PHP version smaller than 5.3.4 OID:1.3.6.1.4.1.25623.1.0.110181 Version used: $Revision: 12 $ References CVE: CVE-2006-7243, CVE-2010-2094, CVE-2010-2950, CVE-2010-3436, CVE-2010-3709, CVE-2010-3710, CVE-2010-3870, CVE-2010-4150, CVE-2010-4156, CVE-2010-4409, CVE -2010-4697, CVE-2010-4698, CVE-2010-4699, CVE-2010-4700, CVE-2011-0753, CVE-20 11-0754, CVE-2011-0755 BID:40173, 43926, 44605, 44718, 44723, 44951, 44980, 45119, 45335, 45338, 45339, 45952, 45954, 46056, 46168 Page 7 of 36

2.1.7 Log 53/tcp NVT: DNS Server Detection A DNS Server is running at this Host. A Name Server translates domain names into IP addresses. This makes it possible for a user to access a website by typing in the domain name instead of the website s actual IP address. OID of test routine: 1.3.6.1.4.1.25623.1.0.100069 Vulnerability was detected according to the Vulnerability Detection Method. Details:DNS Server Detection OID:1.3.6.1.4.1.25623.1.0.100069 Version used: $Revision: 488 $ 2.1.8 Log 80/tcp NVT: DIRB (NASL wrapper) This script uses DIRB to find directories and files on web applications via brute forcing. OID of test routine: 1.3.6.1.4.1.25623.1.0.103079 This are the directories/files found with brute force: http://192.168.100.1:80/ Details:DIRB (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.103079 Version used: $Revision: 13 $ Page 8 of 36

NVT: Services Ethos Info Vulnerability Scanning Service Report This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. OID of test routine: 1.3.6.1.4.1.25623.1.0.10330 A web server is running on this port Details:Services OID:1.3.6.1.4.1.25623.1.0.10330 Version used: $Revision: 69 $ NVT: arachni (NASL wrapper) This plugin uses arachni ruby command line to find web security issues. See the preferences section for arachni options. Note that OpenVAS is using limited set of arachni options. Therefore, for more complete web assessment, you should use standalone arachni tool for deeper/customized checks. OID of test routine: 1.3.6.1.4.1.25623.1.0.110001 arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS Details:arachni (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.110001 Version used: $Revision: 683 $ Page 9 of 36

NVT: Nikto (NASL wrapper) Ethos Info Vulnerability Scanning Service Report This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web server security. See the preferences section for configuration options. OID of test routine: 1.3.6.1.4.1.25623.1.0.14260 Here is the Nikto report: - Nikto v2.1.4 --------------------------------------------------------------------------- + No web server found on 192.168.100.1:80 --------------------------------------------------------------------------- + 0 host(s) tested Details:Nikto (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.14260 Version used: $Revision: 17 $ NVT: PHP Version Detection Detection of installed version of PHP. This script sends HTTP GET request and try to get the version from the responce, and sets the result in KB. OID of test routine: 1.3.6.1.4.1.25623.1.0.800109 Detected PHP version: 5.3.3 Location: tcp/80 CPE: cpe:/a:php:php:5.3.3 Concluded from version identification result: X-Powered-By: PHP/5.3.3 Details:PHP Version Detection OID:1.3.6.1.4.1.25623.1.0.800109 Version used: $Revision: 365 $ Page 10 of 36

NVT: wapiti (NASL wrapper) Ethos Info Vulnerability Scanning Service Report This plugin uses wapiti to find web security issues. Make sure to have wapiti 2.x as wapiti 1.x is not supported. See the preferences section for wapiti options. Note that OpenVAS is using limited set of wapiti options. Therefore, for more complete web assessment, you should use standalone wapiti tool for deeper/customized checks. OID of test routine: 1.3.6.1.4.1.25623.1.0.80110 wapiti report filename is empty. that could mean that wrong version of wapiti is used or tmp dir is not accessible. Make sure to have wapiti 2.x as wapiti 1.x is not supported. In short: check installation of wapiti and OpenVAS Details:wapiti (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.80110 Version used: $Revision: 14 $ NVT: Apache Web ServerVersion Detection Detection of installed version of Apache Web Server The script detects the version of Apache HTTP Server on remote host and sets the KB. OID of test routine: 1.3.6.1.4.1.25623.1.0.900498 Detected Apache version: 2.2.15 Location: 80/tcp CPE: cpe:/a:apache:http_server:2.2.15 Concluded from version identification result: Server: Apache/2.2.15 Details:Apache Web ServerVersion Detection OID:1.3.6.1.4.1.25623.1.0.900498 Page 11 of 36

Version used: $Revision: 365 $ Ethos Info Vulnerability Scanning Service Report 2.1.9 Log 113/tcp NVT: Services This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. OID of test routine: 1.3.6.1.4.1.25623.1.0.10330 A web server is running on this port Details:Services OID:1.3.6.1.4.1.25623.1.0.10330 Version used: $Revision: 69 $ NVT: arachni (NASL wrapper) This plugin uses arachni ruby command line to find web security issues. See the preferences section for arachni options. Note that OpenVAS is using limited set of arachni options. Therefore, for more complete web assessment, you should use standalone arachni tool for deeper/customized checks. OID of test routine: 1.3.6.1.4.1.25623.1.0.110001 arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS Page 12 of 36

Details:arachni (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.110001 Version used: $Revision: 683 $ NVT: Nikto (NASL wrapper) This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web server security. See the preferences section for configuration options. OID of test routine: 1.3.6.1.4.1.25623.1.0.14260 Here is the Nikto report: - Nikto v2.1.4 --------------------------------------------------------------------------- + No web server found on 192.168.100.1:113 --------------------------------------------------------------------------- + 0 host(s) tested Details:Nikto (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.14260 Version used: $Revision: 17 $ NVT: PHP Version Detection Detection of installed version of PHP. This script sends HTTP GET request and try to get the version from the responce, and sets the result in KB. OID of test routine: 1.3.6.1.4.1.25623.1.0.800109 Detected PHP version: 5.3.3 Location: tcp/113 CPE: cpe:/a:php:php:5.3.3 Page 13 of 36

Concluded from version identification result: X-Powered-By: PHP/5.3.3 Ethos Info Vulnerability Scanning Service Report Details:PHP Version Detection OID:1.3.6.1.4.1.25623.1.0.800109 Version used: $Revision: 365 $ NVT: wapiti (NASL wrapper) This plugin uses wapiti to find web security issues. Make sure to have wapiti 2.x as wapiti 1.x is not supported. See the preferences section for wapiti options. Note that OpenVAS is using limited set of wapiti options. Therefore, for more complete web assessment, you should use standalone wapiti tool for deeper/customized checks. OID of test routine: 1.3.6.1.4.1.25623.1.0.80110 wapiti report filename is empty. that could mean that wrong version of wapiti is used or tmp dir is not accessible. Make sure to have wapiti 2.x as wapiti 1.x is not supported. In short: check installation of wapiti and OpenVAS Details:wapiti (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.80110 Version used: $Revision: 14 $ NVT: Apache Web ServerVersion Detection Detection of installed version of Apache Web Server The script detects the version of Apache HTTP Server on remote host and sets the KB. OID of test routine: 1.3.6.1.4.1.25623.1.0.900498 Page 14 of 36

Detected Apache version: 2.2.15 Location: 113/tcp CPE: cpe:/a:apache:http_server:2.2.15 Concluded from version identification result: Server: Apache/2.2.15 Ethos Info Vulnerability Scanning Service Report Details:Apache Web ServerVersion Detection OID:1.3.6.1.4.1.25623.1.0.900498 Version used: $Revision: 365 $ 2.1.10 Log general/tcp Log (CVSS: 7.8) NVT: 3com switch2hub The remote host is subject to the switch to hub flood attack. Description : The remote host on the local network seems to be connected through a switch which can be turned into a hub when flooded by different mac addresses. The theory is to send a lot of packets (> 1000000) to the port of the switch we are connected to, with random mac addresses. This turns the switch into learning mode, where traffic goes everywhere. An attacker may use this flaw in the remote switch to sniff data going to this host Reference : http://www.securitybugware.org/other/2041.html OID of test routine: 1.3.6.1.4.1.25623.1.0.80103 Fake IP address not specified. Skipping this check. Solution Lock Mac addresses on each port of the remote switch or buy newer switch. Vulnerability Detection Method Details:3com switch2hub Page 15 of 36

OID:1.3.6.1.4.1.25623.1.0.80103 Version used: $Revision: 15 $ Ethos Info Vulnerability Scanning Service Report NVT: Dnsmasq Detection Detection of Dnsmasq The script sends a connection request to the server and attempts to extract the version number from the reply. OID of test routine: 1.3.6.1.4.1.25623.1.0.100266 Detected Dnsmasq version: 2.48 Location: 53/udp CPE: cpe:/a:thekelleys:dnsmasq:2.48 Concluded from version identification result: dnsmasq-2.48 Details:Dnsmasq Detection OID:1.3.6.1.4.1.25623.1.0.100266 Version used: $Revision: 43 $ NVT: Check open ports This plugin checks if the port scanners did not kill a service. OID of test routine: 1.3.6.1.4.1.25623.1.0.10919 OpenVAS cannot reach any of the previously open ports of the remote host at the end of its scan. This might be an availability problem related which might be due to the following reasons : - The remote host is now down, either because a user turned it off during the scan or a selected denial of service was effective against this host - A network outage has been experienced during the scan, and the remote network cannot be reached from the OpenVAS server any more - This OpenVAS server has been blacklisted by the system administrator Page 16 of 36

or by automatic intrusion detection/prevention systems which have detected the vulnerability assessment. In any case, the audit of the remote host might be incomplete and may need to be done again Details:Check open ports OID:1.3.6.1.4.1.25623.1.0.10919 Version used: $Revision: 382 $ NVT: Traceroute A traceroute from the scanning server to the target system was conducted. This traceroute is provided primarily for informational value only. In the vast majority of cases, it does not represent a vulnerability. However, if the displayed traceroute contains any private addresses that should not have been publicly visible, then you have an issue you need to correct. OID of test routine: 1.3.6.1.4.1.25623.1.0.51662 Here is the route from 172.16.13.226 to 192.168.100.1: 172.16.13.226 192.168.100.1 Solution Block unwanted packets from escaping your network. Details:Traceroute OID:1.3.6.1.4.1.25623.1.0.51662 Version used: $Revision: 14 $ 2.1.11 Log general/cpe-t NVT: CPE Inventory Page 17 of 36

This routine uses information collected by other routines about CPE identities (http://cpe.mitre.org/) of operating systems, services and applications detected during the scan. OID of test routine: 1.3.6.1.4.1.25623.1.0.810002 192.168.100.1 cpe:/a:thekelleys:dnsmasq:2.48 192.168.100.1 cpe:/a:apache:http_server:2.2.15 192.168.100.1 cpe:/a:php:php:5.3.3 Details:CPE Inventory OID:1.3.6.1.4.1.25623.1.0.810002 Version used: $Revision: 314 $ 2.1.12 Log 82/tcp NVT: Services This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. OID of test routine: 1.3.6.1.4.1.25623.1.0.10330 A web server is running on this port Details:Services OID:1.3.6.1.4.1.25623.1.0.10330 Version used: $Revision: 69 $ NVT: arachni (NASL wrapper) Page 18 of 36

This plugin uses arachni ruby command line to find web security issues. See the preferences section for arachni options. Note that OpenVAS is using limited set of arachni options. Therefore, for more complete web assessment, you should use standalone arachni tool for deeper/customized checks. OID of test routine: 1.3.6.1.4.1.25623.1.0.110001 arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS Details:arachni (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.110001 Version used: $Revision: 683 $ NVT: Nikto (NASL wrapper) This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web server security. See the preferences section for configuration options. OID of test routine: 1.3.6.1.4.1.25623.1.0.14260 Here is the Nikto report: - Nikto v2.1.4 --------------------------------------------------------------------------- + No web server found on 192.168.100.1:82 --------------------------------------------------------------------------- + 0 host(s) tested Details:Nikto (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.14260 Version used: $Revision: 17 $ Page 19 of 36

NVT: wapiti (NASL wrapper) Ethos Info Vulnerability Scanning Service Report This plugin uses wapiti to find web security issues. Make sure to have wapiti 2.x as wapiti 1.x is not supported. See the preferences section for wapiti options. Note that OpenVAS is using limited set of wapiti options. Therefore, for more complete web assessment, you should use standalone wapiti tool for deeper/customized checks. OID of test routine: 1.3.6.1.4.1.25623.1.0.80110 wapiti report filename is empty. that could mean that wrong version of wapiti is used or tmp dir is not accessible. Make sure to have wapiti 2.x as wapiti 1.x is not supported. In short: check installation of wapiti and OpenVAS Details:wapiti (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.80110 Version used: $Revision: 14 $ NVT: Apache Web ServerVersion Detection Detection of installed version of Apache Web Server The script detects the version of Apache HTTP Server on remote host and sets the KB. OID of test routine: 1.3.6.1.4.1.25623.1.0.900498 Detected Apache version: 2.2.15 Location: 82/tcp CPE: cpe:/a:apache:http_server:2.2.15 Concluded from version identification result: Server: Apache/2.2.15 Details:Apache Web ServerVersion Detection OID:1.3.6.1.4.1.25623.1.0.900498 Page 20 of 36

Version used: $Revision: 365 $ Ethos Info Vulnerability Scanning Service Report 2.1.13 Log 81/tcp NVT: Services This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. OID of test routine: 1.3.6.1.4.1.25623.1.0.10330 A web server is running on this port Details:Services OID:1.3.6.1.4.1.25623.1.0.10330 Version used: $Revision: 69 $ NVT: arachni (NASL wrapper) This plugin uses arachni ruby command line to find web security issues. See the preferences section for arachni options. Note that OpenVAS is using limited set of arachni options. Therefore, for more complete web assessment, you should use standalone arachni tool for deeper/customized checks. OID of test routine: 1.3.6.1.4.1.25623.1.0.110001 arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS Page 21 of 36

Details:arachni (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.110001 Version used: $Revision: 683 $ NVT: Nikto (NASL wrapper) This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web server security. See the preferences section for configuration options. OID of test routine: 1.3.6.1.4.1.25623.1.0.14260 Here is the Nikto report: - Nikto v2.1.4 --------------------------------------------------------------------------- + No web server found on 192.168.100.1:81 --------------------------------------------------------------------------- + 0 host(s) tested Details:Nikto (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.14260 Version used: $Revision: 17 $ NVT: wapiti (NASL wrapper) This plugin uses wapiti to find web security issues. Make sure to have wapiti 2.x as wapiti 1.x is not supported. See the preferences section for wapiti options. Note that OpenVAS is using limited set of wapiti options. Therefore, for more complete web assessment, you should use standalone wapiti tool for deeper/customized checks. OID of test routine: 1.3.6.1.4.1.25623.1.0.80110 Page 22 of 36

wapiti report filename is empty. that could mean that wrong version of wapiti is used or tmp dir is not accessible. Make sure to have wapiti 2.x as wapiti 1.x is not supported. In short: check installation of wapiti and OpenVAS Details:wapiti (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.80110 Version used: $Revision: 14 $ NVT: Apache Web ServerVersion Detection Detection of installed version of Apache Web Server The script detects the version of Apache HTTP Server on remote host and sets the KB. OID of test routine: 1.3.6.1.4.1.25623.1.0.900498 Detected Apache version: 2.2.15 Location: 81/tcp CPE: cpe:/a:apache:http_server:2.2.15 Concluded from version identification result: Server: Apache/2.2.15 Details:Apache Web ServerVersion Detection OID:1.3.6.1.4.1.25623.1.0.900498 Version used: $Revision: 365 $ 2.1.14 Log 53/udp NVT: DNS Server Detection A DNS Server is running at this Host. A Name Server translates domain names into IP addresses. This makes it possible for a user to access a website by typing in the domain name instead of the website s actual IP address. Page 23 of 36

OID of test routine: 1.3.6.1.4.1.25623.1.0.100069 Vulnerability was detected according to the Vulnerability Detection Method. Details:DNS Server Detection OID:1.3.6.1.4.1.25623.1.0.100069 Version used: $Revision: 488 $ 2.1.15 Log 5060/udp NVT: Detect SIP Compatible Hosts A Voice Over IP service is listening on the remote port. Description : The remote host is running SIP (Session Initiation Protocol), a protocol used for Internet conferencing and telephony. Make sure the use of this program is done in accordance with your corporate security policy. OID of test routine: 1.3.6.1.4.1.25623.1.0.11963 : A Voice Over IP service is listening on the remote port. Description : The remote host is running SIP (Session Initiation Protocol), a protocol used for Internet conferencing and telephony. Make sure the use of this program is done in accordance with your corporate security policy. Solution: If this service is not needed, disable it or filter incoming traffic to this port. Plugin output : FPBX-12.0.13(11.12.0) Supported Options: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESS AGE Page 24 of 36

Solution If this service is not needed, disable it or filter incoming traffic to this port. Details:Detect SIP Compatible Hosts OID:1.3.6.1.4.1.25623.1.0.11963 Version used: $Revision: 762 $ References Other: URL:http://www.cs.columbia.edu/sip/ 2.1.16 Log 4569/tcp NVT: Inter-Asterisk exchange Protocol Detection The remote system is running a server that speaks the Inter-Asterisk exchange Protocol. Description : The Inter-Asterisk exchange protocol (IAX2) is used by the Asterisk PBX Server and other IP Telephony clients/servers to enable voice communication between them. OID of test routine: 1.3.6.1.4.1.25623.1.0.20834 Vulnerability was detected according to the Vulnerability Detection Method. Solution If possible, filter incoming connections to the port so that it is used by trusted sources only. Details:Inter-Asterisk exchange Protocol Detection OID:1.3.6.1.4.1.25623.1.0.20834 Version used: $Revision: 17 $ References Page 25 of 36

Other: URL:http://en.wikipedia.org/wiki/IAX Ethos Info Vulnerability Scanning Service Report 2.1.17 Log 3306/tcp NVT: MySQL/MariaDB Detection Detection of installed version of MySQL/MariaDB. Detect a running MySQL/MariaDB by getting the banner, Extract the version from the banner and store the information in KB OID of test routine: 1.3.6.1.4.1.25623.1.0.100152 Scanner received a ER_HOST_NOT_PRIVILEGED error from the remote MySQL/MariaDB se rver.\ Some tests may fail. Allow the scanner to access the remote MySQL server for bet ter results. Details:MySQL/MariaDB Detection OID:1.3.6.1.4.1.25623.1.0.100152 Version used: $Revision: 41 $ NVT: Services This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. OID of test routine: 1.3.6.1.4.1.25623.1.0.10330 An unknown service is running on this port. It is usually reserved for MySQL Page 26 of 36

Details:Services OID:1.3.6.1.4.1.25623.1.0.10330 Version used: $Revision: 69 $ NVT: Unknown services banners This plugin prints the banners from unknown service so that the OpenVAS team can take them into account. OID of test routine: 1.3.6.1.4.1.25623.1.0.11154 An unknown server is running on this port. If you know what it is, please send this banner to the OpenVAS team: 0x00: 46 00 00 00 FF 6A 04 48 6F 73 74 20 27 31 37 32 F...j.Host 172 0x10: 2E 31 36 2E 31 33 2E 32 32 36 27 20 69 73 20 6E.16.13.226 is n 0x20: 6F 74 20 61 6C 6C 6F 77 65 64 20 74 6F 20 63 6F ot allowed to co 0x30: 6E 6E 65 63 74 20 74 6F 20 74 68 69 73 20 4D 79 nnect to this My 0x40: 53 51 4C 20 73 65 72 76 65 72 SQL server Details:Unknown services banners OID:1.3.6.1.4.1.25623.1.0.11154 Version used: $Revision: 17 $ 2.1.18 Log 22/tcp NVT: Services This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. OID of test routine: 1.3.6.1.4.1.25623.1.0.10330 Page 27 of 36

An ssh server is running on this port Details:Services OID:1.3.6.1.4.1.25623.1.0.10330 Version used: $Revision: 69 $ 2.1.19 Log 21/tcp NVT: FTP Banner Detection This Plugin detects the FTP Server Banner OID of test routine: 1.3.6.1.4.1.25623.1.0.10092 Remote FTP server banner : 220 (vsftpd 2.2.2) Details:FTP Banner Detection OID:1.3.6.1.4.1.25623.1.0.10092 Version used: $Revision: 563 $ NVT: Services This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. OID of test routine: 1.3.6.1.4.1.25623.1.0.10330 Page 28 of 36

An FTP server is running on this port. Here is its banner : 220 (vsftpd 2.2.2) Details:Services OID:1.3.6.1.4.1.25623.1.0.10330 Version used: $Revision: 69 $ 2.1.20 Log 123/udp NVT: NTP read variables A NTP (Network Time Protocol) server is listening on this port. OID of test routine: 1.3.6.1.4.1.25623.1.0.10884 Vulnerability was detected according to the Vulnerability Detection Method. Details:NTP read variables OID:1.3.6.1.4.1.25623.1.0.10884 Version used: $Revision: 487 $ 2.1.21 Log 114/tcp NVT: HTTP Server type and version This detects the HTTP Server s type and version. OID of test routine: 1.3.6.1.4.1.25623.1.0.10107 Page 29 of 36

The remote web server type is : Apache/2.2.15 (CentOS) Solution : You can set the directive ServerTokens Prod to limit the information emanating from the server in its response headers. Solution Configure your server to use an alternate name like Wintendo httpd w/dotmatrix display Be sure to remove common logos like apache_pb.gif. With Apache, you can set the directive ServerTokens Prod to limit the information emanating from the server in its response headers. Details:HTTP Server type and version OID:1.3.6.1.4.1.25623.1.0.10107 Version used: $Revision: 229 $ NVT: DIRB (NASL wrapper) This script uses DIRB to find directories and files on web applications via brute forcing. OID of test routine: 1.3.6.1.4.1.25623.1.0.103079 This are the directories/files found with brute force: http://192.168.100.1:114/ Details:DIRB (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.103079 Version used: $Revision: 13 $ NVT: Services This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on Page 30 of 36

another port than 80 and set the results in the plugins knowledge base. Ethos Info Vulnerability Scanning Service Report OID of test routine: 1.3.6.1.4.1.25623.1.0.10330 A web server is running on this port Details:Services OID:1.3.6.1.4.1.25623.1.0.10330 Version used: $Revision: 69 $ NVT: arachni (NASL wrapper) This plugin uses arachni ruby command line to find web security issues. See the preferences section for arachni options. Note that OpenVAS is using limited set of arachni options. Therefore, for more complete web assessment, you should use standalone arachni tool for deeper/customized checks. OID of test routine: 1.3.6.1.4.1.25623.1.0.110001 arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS Details:arachni (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.110001 Version used: $Revision: 683 $ NVT: Nikto (NASL wrapper) This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web server security. See the preferences section for configuration options. Page 31 of 36

OID of test routine: 1.3.6.1.4.1.25623.1.0.14260 Here is the Nikto report: - Nikto v2.1.4 --------------------------------------------------------------------------- + No web server found on 192.168.100.1:114 --------------------------------------------------------------------------- + 0 host(s) tested Details:Nikto (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.14260 Version used: $Revision: 17 $ NVT: wapiti (NASL wrapper) This plugin uses wapiti to find web security issues. Make sure to have wapiti 2.x as wapiti 1.x is not supported. See the preferences section for wapiti options. Note that OpenVAS is using limited set of wapiti options. Therefore, for more complete web assessment, you should use standalone wapiti tool for deeper/customized checks. OID of test routine: 1.3.6.1.4.1.25623.1.0.80110 wapiti report filename is empty. that could mean that wrong version of wapiti is used or tmp dir is not accessible. Make sure to have wapiti 2.x as wapiti 1.x is not supported. In short: check installation of wapiti and OpenVAS Details:wapiti (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.80110 Version used: $Revision: 14 $ Page 32 of 36

NVT: Apache Web ServerVersion Detection Ethos Info Vulnerability Scanning Service Report Detection of installed version of Apache Web Server The script detects the version of Apache HTTP Server on remote host and sets the KB. OID of test routine: 1.3.6.1.4.1.25623.1.0.900498 Detected Apache version: 2.2.15 Location: 114/tcp CPE: cpe:/a:apache:http_server:2.2.15 Concluded from version identification result: Server: Apache/2.2.15 Details:Apache Web ServerVersion Detection OID:1.3.6.1.4.1.25623.1.0.900498 Version used: $Revision: 365 $ 2.1.22 Log 112/tcp NVT: DIRB (NASL wrapper) This script uses DIRB to find directories and files on web applications via brute forcing. OID of test routine: 1.3.6.1.4.1.25623.1.0.103079 This are the directories/files found with brute force: http://192.168.100.1:112/ Details:DIRB (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.103079 Version used: $Revision: 13 $ Page 33 of 36

NVT: Services Ethos Info Vulnerability Scanning Service Report This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. OID of test routine: 1.3.6.1.4.1.25623.1.0.10330 A web server is running on this port Details:Services OID:1.3.6.1.4.1.25623.1.0.10330 Version used: $Revision: 69 $ NVT: arachni (NASL wrapper) This plugin uses arachni ruby command line to find web security issues. See the preferences section for arachni options. Note that OpenVAS is using limited set of arachni options. Therefore, for more complete web assessment, you should use standalone arachni tool for deeper/customized checks. OID of test routine: 1.3.6.1.4.1.25623.1.0.110001 arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS Details:arachni (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.110001 Version used: $Revision: 683 $ Page 34 of 36

NVT: Nikto (NASL wrapper) Ethos Info Vulnerability Scanning Service Report This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web server security. See the preferences section for configuration options. OID of test routine: 1.3.6.1.4.1.25623.1.0.14260 Here is the Nikto report: - Nikto v2.1.4 --------------------------------------------------------------------------- + No web server found on 192.168.100.1:112 --------------------------------------------------------------------------- + 0 host(s) tested Details:Nikto (NASL wrapper) OID:1.3.6.1.4.1.25623.1.0.14260 Version used: $Revision: 17 $ NVT: wapiti (NASL wrapper) This plugin uses wapiti to find web security issues. Make sure to have wapiti 2.x as wapiti 1.x is not supported. See the preferences section for wapiti options. Note that OpenVAS is using limited set of wapiti options. Therefore, for more complete web assessment, you should use standalone wapiti tool for deeper/customized checks. OID of test routine: 1.3.6.1.4.1.25623.1.0.80110 wapiti report filename is empty. that could mean that wrong version of wapiti is used or tmp dir is not accessible. Make sure to have wapiti 2.x as wapiti 1.x is not supported. In short: check installation of wapiti and OpenVAS Details:wapiti (NASL wrapper) Page 35 of 36

OID:1.3.6.1.4.1.25623.1.0.80110 Version used: $Revision: 14 $ Ethos Info Vulnerability Scanning Service Report NVT: Apache Web ServerVersion Detection Detection of installed version of Apache Web Server The script detects the version of Apache HTTP Server on remote host and sets the KB. OID of test routine: 1.3.6.1.4.1.25623.1.0.900498 Detected Apache version: 2.2.15 Location: 112/tcp CPE: cpe:/a:apache:http_server:2.2.15 Concluded from version identification result: Server: Apache/2.2.15 Details:Apache Web ServerVersion Detection OID:1.3.6.1.4.1.25623.1.0.900498 Version used: $Revision: 365 $ This report was generated using the Ethos Info Vulnerability Scanning Service. If you have any questions, please contact our Network Operations Center via e-mail at noc@ethosinfo.com for details and interpretation. Page 36 of 36