Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Auditing for: www.rhinohornauction.com.
- #####################################################
- @NFAGov
- #NFA
- | Target Information:
- Server/OS: HP P2000 G3 NAS Device.
- Server(WEB) IP: 129.232.249.181
- CMS Type: SemiColonWeb
- Server Type: Apache
- MX Info:
- origin = ns1.host-h.net
- mail addr = postmaster.your-server.co.za
- serial = 2017060702
- refresh = 86400
- retry = 1800
- expire = 3600000
- minimum = 86400
- ---------------------------------------
- ===============OPEN Ports==============
- [ PORT ] | [TYPE]
- ---------------------------------------
- 143 | SSL/HTTPS
- 995 | Transport Layer Security(TLS)
- 21 | FTP
- 80 | HTTP/WEB
- 587 | SMTP
- 110 | POP3
- 993 | IMAP
- 25 | SMTP
- 443 | HTTPS
- 22 | SSH
- 465 | SMTP
- ===============================================
- -----------VULNERABILITIES---------------------
- ===============================================
- http-csrf:
- Path: http://www.rhinohornauction.com:80/
- Form id: template-contactform
- Form action: include/sendemail.php
- ============================================
- -----------NETWORK VULNERABILITIES----------
- ============================================
- 110/tcp open pop3
- | ssl-poodle:
- | VULNERABLE:
- | SSL POODLE information leak
- | State: LIKELY VULNERABLE
- | IDs: OSVDB:113251 CVE:CVE-2014-3566
- | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
- | products, uses nondeterministic CBC padding, which makes it easier
- | for man-in-the-middle attackers to obtain cleartext data via a
- | padding-oracle attack, aka the "POODLE" issue.
- | Disclosure date: 2014-10-14
- | Check results:
- | TLS_RSA_WITH_AES_128_CBC_SHA
- | TLS_FALLBACK_SCSV properly implemented
- | References:
- | https://www.imperialviolet.org/2014/10/14/poodle.html
- | https://www.openssl.org/~bodo/ssl-poodle.pdf
- | http://osvdb.org/113251
- |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
- 143/tcp open imap
- | ssl-poodle:
- | VULNERABLE:
- | SSL POODLE information leak
- | State: LIKELY VULNERABLE
- | IDs: OSVDB:113251 CVE:CVE-2014-3566
- | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
- | products, uses nondeterministic CBC padding, which makes it easier
- | for man-in-the-middle attackers to obtain cleartext data via a
- | padding-oracle attack, aka the "POODLE" issue.
- | Disclosure date: 2014-10-14
- | Check results:
- | TLS_RSA_WITH_AES_128_CBC_SHA
- | TLS_FALLBACK_SCSV properly implemented
- | References:
- | https://www.imperialviolet.org/2014/10/14/poodle.html
- | https://www.openssl.org/~bodo/ssl-poodle.pdf
- | http://osvdb.org/113251
- |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
- 993/tcp open imaps
- | ssl-poodle:
- | VULNERABLE:
- | SSL POODLE information leak
- | State: LIKELY VULNERABLE
- | IDs: OSVDB:113251 CVE:CVE-2014-3566
- | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
- | products, uses nondeterministic CBC padding, which makes it easier
- | for man-in-the-middle attackers to obtain cleartext data via a
- | padding-oracle attack, aka the "POODLE" issue.
- | Disclosure date: 2014-10-14
- | Check results:
- | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- | TLS_FALLBACK_SCSV properly implemented
- | References:
- | https://www.imperialviolet.org/2014/10/14/poodle.html
- | https://www.openssl.org/~bodo/ssl-poodle.pdf
- | http://osvdb.org/113251
- |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
- 995/tcp open pop3s
- | ssl-poodle:
- | VULNERABLE:
- | SSL POODLE information leak
- | State: LIKELY VULNERABLE
- | IDs: OSVDB:113251 CVE:CVE-2014-3566
- | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
- | products, uses nondeterministic CBC padding, which makes it easier
- | for man-in-the-middle attackers to obtain cleartext data via a
- | padding-oracle attack, aka the "POODLE" issue.
- | Disclosure date: 2014-10-14
- | Check results:
- | TLS_RSA_WITH_AES_128_CBC_SHA
- | TLS_FALLBACK_SCSV properly implemented
- | References:
- | https://www.imperialviolet.org/2014/10/14/poodle.html
- | https://www.openssl.org/~bodo/ssl-poodle.pdf
- | http://osvdb.org/113251
- |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
- ===================================================================
Add Comment
Please, Sign In to add comment