Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- NESSUS REPORT
- List of PlugIn IDs
- The following plugin IDs have problems associated with them. Select the ID to review more detail.
- PLUGIN ID#
- #
- PLUGIN NAME
- SEVERITY
- 42411
- 1
- Microsoft Windows SMB Shares Unprivileged Access
- High Severity problem(s) found
- 51192
- 1
- SSL Certificate signed with an unknown Certificate Authority
- Medium Severity problem(s) found
- 45411
- 1
- SSL Certificate with Wrong Hostname
- Medium Severity problem(s) found
- 44135
- 1
- Web Server Generic Cookie Injection
- Medium Severity problem(s) found
- 42873
- 1
- SSL Medium Strength Cipher Suites Supported
- Medium Severity problem(s) found
- 26928
- 1
- SSL Weak Cipher Suites Supported
- Medium Severity problem(s) found
- 26919
- 1
- SMB Guest Account Local User Access
- Medium Severity problem(s) found
- 12218
- 1
- mDNS Detection
- Medium Severity problem(s) found
- 10815
- 1
- Web Server Generic XSS
- Medium Severity problem(s) found
- 22964
- 5
- Service Detection
- Low Severity problem(s) found
- 10107
- 4
- HTTP Server Type and Version
- Low Severity problem(s) found
- 24260
- 3
- HyperText Transfer Protocol (HTTP) Information
- Low Severity problem(s) found
- 11032
- 3
- Web Server Directory Enumeration
- Low Severity problem(s) found
- 40984
- 2
- Browsable Web Directories
- Low Severity problem(s) found
- 33817
- 2
- Web Application Tests : Load Estimation
- Low Severity problem(s) found
- 11011
- 2
- SMB Service Detection
- Low Severity problem(s) found
- 10662
- 2
- Web mirroring
- Low Severity problem(s) found
- 50845
- 1
- OpenSSL Detection
- Low Severity problem(s) found
- 45590
- 1
- Common Platform Enumeration (CPE)
- Low Severity problem(s) found
- 45410
- 1
- SSL Certificate commonName Mismatch
- Low Severity problem(s) found
- 45380
- 1
- AFP Server Share Enumeration (guest)
- Low Severity problem(s) found
- 43111
- 1
- HTTP Methods Allowed (per directory)
- Low Severity problem(s) found
- 42880
- 1
- SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
- Low Severity problem(s) found
- 35716
- 1
- Ethernet card brand
- Low Severity problem(s) found
- 26920
- 1
- Windows SMB NULL Session Authentication
- Low Severity problem(s) found
- 25240
- 1
- Samba Server Detection
- Low Severity problem(s) found
- 25220
- 1
- TCP/IP Timestamps Supported
- Low Severity problem(s) found
- 24786
- 1
- Nessus Windows Scan Not Performed with Admin Privileges
- Low Severity problem(s) found
- 21643
- 1
- SSL Cipher Suites Supported
- Low Severity problem(s) found
- 17651
- 1
- Obtains the password policy
- Low Severity problem(s) found
- 12053
- 1
- Host Fully Qualified Domain Name (FQDN) Resolution
- Low Severity problem(s) found
- 11936
- 1
- OS Identification
- Low Severity problem(s) found
- 10863
- 1
- SSL Certificate Information
- Low Severity problem(s) found
- 10860
- 1
- SMB Use Host SID to Enumerate Local Users
- Low Severity problem(s) found
- 10859
- 1
- SMB LsaQueryInformationPolicy Function SID Enumeration
- Low Severity problem(s) found
- 10785
- 1
- SMB NativeLanManager Remote System Information Disclosure
- Low Severity problem(s) found
- 10666
- 1
- Apple Filing Protocol Server Detection
- Low Severity problem(s) found
- 10397
- 1
- SMB LanMan Pipe Server Listing Disclosure
- Low Severity problem(s) found
- 10395
- 1
- SMB Shares Enumeration
- Low Severity problem(s) found
- 10394
- 1
- SMB Log In Possible
- Low Severity problem(s) found
- 10287
- 1
- Traceroute Information
- Low Severity problem(s) found
- 10180
- 1
- Ping the remote host
- Low Severity problem(s) found
- 10150
- 1
- Windows NetBIOS / SMB Remote Host Information Disclosure
- Low Severity problem(s) found
- 10114
- 1
- ICMP Timestamp Request Remote Date Disclosure
- Low Severity problem(s) found
- PORT CIFS (445/TCP)
- Plugin ID: 10395
- SMB Shares Enumeration
- Synopsis
- It is possible to enumerate remote network shares.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- Here are the SMB shares available on the remote host when logged as sbdmjsap:
- - music
- - public
- - backups
- - movies
- - photos
- - ActiveFolders
- - IPC$
- Description
- By connecting to the remote host, Nessus was able to enumerate
- the network share names.
- Solution
- N/A
- Risk Factor
- None
- Plugin publication date: 2000/05/09
- PORT (0/TCP)
- Plugin ID: 24786
- Nessus Windows Scan Not Performed with Admin Privileges
- Synopsis
- The Nessus scan of this host may be incomplete due to insufficient\privileges provided.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- It was not possible to connect to \\IOMEGA-055805\ADMIN$
- Description
- The Nessus scanner testing the remote host has been given SMB
- credentials to log into the remote host, however these credentials
- do not have administrative privileges.
- Typically, when Nessus performs a patch audit, it logs into the
- remote host and reads the version of the DLLs on the remote host
- to determine if a given patch has been applied or not. This is
- the method Microsoft recommends to determine if a patch has been
- applied.
- If your Nessus scanner does not have administrative privileges when
- doing a scan, then Nessus has to fall back to perform a patch audit
- through the registry which may lead to false positives (especially
- when using third party patch auditing tools) or to false negatives
- (not all patches can be detected thru the registry).
- Solution
- Reconfigure your scanner to use credentials with administrative
- privileges.
- Risk Factor
- None
- Plugin publication date: 2007/03/12
- PORT WWW (443/TCP)
- Plugin ID: 33817
- Web Application Tests : Load Estimation
- Synopsis
- Load estimation for web application tests.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- Here are the estimated number of requests in miscellaneous modes
- for the GET method only :
- [Single / Some Pairs / All Pairs / Some Combinations / All Combinations]
- arbitrary command execution : S=64 SP=64 AP=64 SC=64 AC=64
- format string : S=8 SP=8 AP=8 SC=8 AC=8
- SSI injection : S=12 SP=12 AP=12 SC=12 AC=12
- unseen parameters : S=140 SP=140 AP=140 SC=140 AC=140
- SQL injection (2nd order) : S=4 SP=4 AP=4 SC=4 AC=4
- blind SQL injection : S=48 SP=48 AP=48 SC=48 AC=48
- SQL injection : S=96 SP=96 AP=96 SC=96 AC=96
- directory traversal (extended test) : S=200 SP=200 AP=200 SC=200 AC=200
- directory traversal : S=100 SP=100 AP=100 SC=100 AC=100
- directory traversal (write access) : S=8 SP=8 AP=8 SC=8 AC=8
- local file inclusion : S=4 SP=4 AP=4 SC=4 AC=4
- web code injection : S=4 SP=4 AP=4 SC=4 AC=4
- cross-site scripting (extended patterns) : S=16 SP=16 AP=16 SC=16 AC=16
- DOM XSS : S=4 SP=4 AP=4 SC=4 AC=4
- persistent XSS : S=16 SP=16 AP=16 SC=16 AC=16
- injectable parameter : S=8 SP=8 AP=8 SC=8 AC=8
- XML injection : S=4 SP=4 AP=4 SC=4 AC=4
- All tests : S=736 SP=736 AP=736 SC=736 AC=736
- Here are the estimated number of requests in miscellaneous modes
- for both methods (GET & POST) :
- [Single / Some Pairs / All Pairs / Some Combinations / All Combinations]
- arbitrary command execution : S=128 SP=128 AP=128 SC=128 AC=128
- format string : S=16 SP=16 AP=16 SC=16 AC=16
- SSI injection : S=24 SP=24 AP=24 SC=24 AC=24
- unseen parameters : S=280 SP=280 AP=280 SC=280 AC=280
- SQL injection (2nd order) : S=8 SP=8 AP=8 SC=8 AC=8
- blind SQL injection : S=96 SP=96 AP=96 SC=96 AC=96
- SQL injection : S=192 SP=192 AP=192 SC=192 AC=192
- directory traversal (extended test) : S=400 SP=400 AP=400 SC=400 AC=400
- directory traversal : S=200 SP=200 AP=200 SC=200 AC=200
- directory traversal (write access) : S=16 SP=16 AP=16 SC=16 AC=16
- local file inclusion : S=8 SP=8 AP=8 SC=8 AC=8
- web code injection : S=8 SP=8 AP=8 SC=8 AC=8
- cross-site scripting (extended patterns) : S=32 SP=32 AP=32 SC=32 AC=32
- DOM XSS : S=8 SP=8 AP=8 SC=8 AC=8
- persistent XSS : S=32 SP=32 AP=32 SC=32 AC=32
- injectable parameter : S=16 SP=16 AP=16 SC=16 AC=16
- XML injection : S=8 SP=8 AP=8 SC=8 AC=8
- All tests : S=1472 SP=1472 AP=1472 SC=1472 AC=1472
- Your mode : single, GET & POST.
- Maximum number of requests : 1472
- Description
- This script computes the maximum number of requests that would be done
- by the generic web tests, depending on miscellaneous options.
- It does not perform any test by itself.
- The results can be used to estimate the duration of these tests, or
- the complexity of additional manual tests.
- Note that the script does not try to compute this duration based
- on external factors such as the network and web servers loads.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2009/10/26
- Plugin last modification date: 2010/12/27
- PORT WWW (80/TCP)
- Plugin ID: 33817
- Web Application Tests : Load Estimation
- Synopsis
- Load estimation for web application tests.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- Here are the estimated number of requests in miscellaneous modes
- for the GET method only :
- [Single / Some Pairs / All Pairs / Some Combinations / All Combinations]
- arbitrary command execution : S=64 SP=64 AP=64 SC=64 AC=64
- format string : S=8 SP=8 AP=8 SC=8 AC=8
- SSI injection : S=12 SP=12 AP=12 SC=12 AC=12
- unseen parameters : S=140 SP=140 AP=140 SC=140 AC=140
- SQL injection (2nd order) : S=4 SP=4 AP=4 SC=4 AC=4
- blind SQL injection : S=48 SP=48 AP=48 SC=48 AC=48
- SQL injection : S=96 SP=96 AP=96 SC=96 AC=96
- directory traversal (extended test) : S=200 SP=200 AP=200 SC=200 AC=200
- directory traversal : S=100 SP=100 AP=100 SC=100 AC=100
- directory traversal (write access) : S=8 SP=8 AP=8 SC=8 AC=8
- local file inclusion : S=4 SP=4 AP=4 SC=4 AC=4
- web code injection : S=4 SP=4 AP=4 SC=4 AC=4
- cross-site scripting (extended patterns) : S=16 SP=16 AP=16 SC=16 AC=16
- DOM XSS : S=4 SP=4 AP=4 SC=4 AC=4
- persistent XSS : S=16 SP=16 AP=16 SC=16 AC=16
- injectable parameter : S=8 SP=8 AP=8 SC=8 AC=8
- XML injection : S=4 SP=4 AP=4 SC=4 AC=4
- All tests : S=736 SP=736 AP=736 SC=736 AC=736
- Here are the estimated number of requests in miscellaneous modes
- for both methods (GET & POST) :
- [Single / Some Pairs / All Pairs / Some Combinations / All Combinations]
- arbitrary command execution : S=128 SP=128 AP=128 SC=128 AC=128
- format string : S=16 SP=16 AP=16 SC=16 AC=16
- SSI injection : S=24 SP=24 AP=24 SC=24 AC=24
- unseen parameters : S=280 SP=280 AP=280 SC=280 AC=280
- SQL injection (2nd order) : S=8 SP=8 AP=8 SC=8 AC=8
- blind SQL injection : S=96 SP=96 AP=96 SC=96 AC=96
- SQL injection : S=192 SP=192 AP=192 SC=192 AC=192
- directory traversal (extended test) : S=400 SP=400 AP=400 SC=400 AC=400
- directory traversal : S=200 SP=200 AP=200 SC=200 AC=200
- directory traversal (write access) : S=16 SP=16 AP=16 SC=16 AC=16
- local file inclusion : S=8 SP=8 AP=8 SC=8 AC=8
- web code injection : S=8 SP=8 AP=8 SC=8 AC=8
- cross-site scripting (extended patterns) : S=32 SP=32 AP=32 SC=32 AC=32
- DOM XSS : S=8 SP=8 AP=8 SC=8 AC=8
- persistent XSS : S=32 SP=32 AP=32 SC=32 AC=32
- injectable parameter : S=16 SP=16 AP=16 SC=16 AC=16
- XML injection : S=8 SP=8 AP=8 SC=8 AC=8
- All tests : S=1472 SP=1472 AP=1472 SC=1472 AC=1472
- Your mode : single, GET & POST.
- Maximum number of requests : 1472
- Description
- This script computes the maximum number of requests that would be done
- by the generic web tests, depending on miscellaneous options.
- It does not perform any test by itself.
- The results can be used to estimate the duration of these tests, or
- the complexity of additional manual tests.
- Note that the script does not try to compute this duration based
- on external factors such as the network and web servers loads.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2009/10/26
- Plugin last modification date: 2010/12/27
- PORT CIFS (445/TCP)
- Plugin ID: 10785
- SMB NativeLanManager Remote System Information Disclosure
- Synopsis
- It is possible to obtain information about the remote operating\system.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The remote Operating System is : Unix
- The remote native lan manager is : Samba 3.2.5
- The remote SMB Domain Name is : IOMEGA-055805
- Description
- It is possible to get the remote operating system name and
- version (Windows and/or Samba) by sending an authentication
- request to port 139 or 445.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2001/10/17
- PORT (0/TCP)
- Plugin ID: 12053
- Host Fully Qualified Domain Name (FQDN) Resolution
- Synopsis
- It was possible to resolve the name of the remote host.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- 192.168.1.100 resolves as Iomega-055805.local.
- Description
- Nessus was able to resolve the FQDN of the remote host.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2004/02/11
- Plugin last modification date: 2010/12/29
- PORT (0/TCP)
- Plugin ID: 25220
- TCP/IP Timestamps Supported
- Synopsis
- The remote service implements TCP timestamps.
- List of Hosts
- Iomega-055805.local
- Description
- The remote host implements TCP timestamps, as defined by RFC1323. A
- side effect of this feature is that the uptime of the remote host can
- sometimes be computed.
- Solution
- n/a
- See also
- http://www.ietf.org/rfc/rfc1323.txt
- Risk Factor
- None
- Plugin publication date: 2007/05/16
- Plugin last modification date: 2010/03/22
- PORT WWW (9000/TCP)
- Plugin ID: 24260
- HyperText Transfer Protocol (HTTP) Information
- Synopsis
- Some information about the remote HTTP configuration can be extracted.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- Protocol version : HTTP/1.1
- SSL : no
- Keep-Alive : no
- Options allowed : (Not implemented)
- Headers :
- Content-Type: text/html; charset=utf-8
- Content-Length: 201
- Date: Tue, 17 Nov 2009 23:18:21 GMT
- Accept-Ranges: bytes
- Connection: keep-alive
- EXT:
- Server: Linux/2.x.x, UPnP/1.0, pvConnect UPnP SDK/1.0
- Description
- This test gives some information about the remote HTTP protocol - the
- version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
- etc...
- This test is informational only and does not denote any security
- problem.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2007/01/30
- PORT WWW (443/TCP)
- Plugin ID: 24260
- HyperText Transfer Protocol (HTTP) Information
- Synopsis
- Some information about the remote HTTP configuration can be extracted.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- Protocol version : HTTP/1.1
- SSL : yes
- Keep-Alive : no
- Options allowed : OPTIONS, GET, HEAD, POST
- Headers :
- Connection: close
- Transfer-Encoding: chunked
- Date: Tue, 17 Nov 2009 23:18:21 GMT
- Server: lighttpd/1.4.19
- Description
- This test gives some information about the remote HTTP protocol - the
- version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
- etc...
- This test is informational only and does not denote any security
- problem.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2007/01/30
- PORT WWW (80/TCP)
- Plugin ID: 24260
- HyperText Transfer Protocol (HTTP) Information
- Synopsis
- Some information about the remote HTTP configuration can be extracted.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- Protocol version : HTTP/1.1
- SSL : no
- Keep-Alive : no
- Options allowed : OPTIONS, GET, HEAD, POST
- Headers :
- Connection: close
- Transfer-Encoding: chunked
- Date: Tue, 17 Nov 2009 23:18:20 GMT
- Server: lighttpd/1.4.19
- Description
- This test gives some information about the remote HTTP protocol - the
- version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
- etc...
- This test is informational only and does not denote any security
- problem.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2007/01/30
- PORT WWW (9000/TCP)
- Plugin ID: 10815
- Web Server Generic XSS
- Synopsis
- The remote web server is prone to cross-site scripting attacks.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The request string used to detect this flaw was :
- /<script>cross_site_scripting.nasl</script>.asp
- The output was :
- HTTP/1.1 404 Not Found
- Content-Type: text/html; charset=utf-8
- Content-Length: 162
- Date: Tue, 17 Nov 2009 23:16:44 GMT
- Accept-Ranges: bytes
- Connection: keep-alive
- EXT:
- Server: Linux/2.x.x, UPnP/1.0, pvConnect UPnP SDK/1.0
- <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found [...]
- Description
- The remote host is running a web server that fails to adequately
- sanitize request strings of malicious JavaScript. By leveraging this
- issue, an attacker may be able to cause arbitrary HTML and script code
- to be executed in a user's browser within the security context of the
- affected site.
- Solution
- Contact the vendor for a patch or upgrade.
- See also
- http://en.wikipedia.org/wiki/Cross-site_scripting
- Risk Factor
- Medium/ CVSS Base Score: 4.3
- (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
- CVSS Temporal Score: 3.6(CVSS2#E:F/RL:OF/RC:C)
- CVE CVE-2002-1700
- CVE-2003-1543
- CVE-2005-2453
- CVE-2006-1681
- Bugtraq ID
- 5011
- 5305
- 7344
- 7353
- 8037
- 14473
- 17408
- Other References OSVDB:18525
- OSVDB:24469
- OSVDB:42314
- OSVDB:4989
- OSVDB:58976
- CWE:79
- CWE:80
- CWE:81
- CWE:83
- CWE:20
- CWE:74
- CWE:442
- CWE:712
- CWE:722
- CWE:725
- CWE:811
- CWE:751
- CWE:801
- CWE:116
- Vulnerability publication date: 2004/04/09
- Plugin publication date: 2001/11/30
- Plugin last modification date: 2010/10/11
- Ease of exploitability : Exploits are available
- PORT (0/ICMP)
- Plugin ID: 10114
- ICMP Timestamp Request Remote Date Disclosure
- Synopsis
- It is possible to determine the exact time set on the remote host.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The difference between the local and remote clocks is -76101 seconds.
- Description
- The remote host answers to an ICMP timestamp request. This allows an
- attacker to know the date which is set on your machine.
- This may help him to defeat all your time based authentication
- protocols.
- Solution
- Filter out the ICMP timestamp requests (13), and the outgoing ICMP
- timestamp replies (14).
- Risk Factor
- None
- CVE CVE-1999-0524
- Other References OSVDB:94
- CWE:200
- Vulnerability publication date: 1995/01/01
- Plugin publication date: 1999/08/01
- Plugin last modification date: 2010/10/06
- PORT WWW (9000/TCP)
- Plugin ID: 10107
- HTTP Server Type and Version
- Synopsis
- A web server is running on the remote host.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The remote web server type is :
- Linux/2.x.x, UPnP/1.0, pvConnect UPnP SDK/1.0
- Description
- This plugin attempts to determine the type and the version of the
- remote web server.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2000/01/04
- Plugin last modification date: 2010/11/22
- PORT WWW (3689/TCP)
- Plugin ID: 10107
- HTTP Server Type and Version
- Synopsis
- A web server is running on the remote host.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The remote web server type is :
- mt-daapd/svn-1696
- Description
- This plugin attempts to determine the type and the version of the
- remote web server.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2000/01/04
- Plugin last modification date: 2010/11/22
- PORT WWW (443/TCP)
- Plugin ID: 10107
- HTTP Server Type and Version
- Synopsis
- A web server is running on the remote host.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The remote web server type is :
- lighttpd/1.4.19
- Description
- This plugin attempts to determine the type and the version of the
- remote web server.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2000/01/04
- Plugin last modification date: 2010/11/22
- PORT WWW (80/TCP)
- Plugin ID: 10107
- HTTP Server Type and Version
- Synopsis
- A web server is running on the remote host.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The remote web server type is :
- lighttpd/1.4.19
- Description
- This plugin attempts to determine the type and the version of the
- remote web server.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2000/01/04
- Plugin last modification date: 2010/11/22
- PORT CIFS (445/TCP)
- Plugin ID: 42411
- Microsoft Windows SMB Shares Unprivileged Access
- Synopsis
- It is possible to access a network share.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The following shares can be accessed as sbdmjsap :
- - ActiveFolders - (readable,writable)
- + Content of this share :
- ..
- demo
- ftp
- torrents
- DefaultPicture.bmp
- - photos - (readable,writable)
- + Content of this share :
- ..
- DefaultPicture.bmp
- - movies - (readable,writable)
- + Content of this share :
- ..
- DefaultPicture.bmp
- - backups - (readable,writable)
- + Content of this share :
- ..
- DefaultPicture.bmp
- - public - (readable,writable)
- + Content of this share :
- ..
- DefaultPicture.bmp
- - music - (readable,writable)
- + Content of this share :
- ..
- DefaultPicture.bmp
- Description
- The remote has one or more Windows shares that can be accessed through
- the network with the given credentials.
- Depending on the share rights, it may allow an attacker to read/write
- confidential data.
- Solution
- To restrict access under Windows, open Explorer, do a right click on
- each share, go to the 'sharing' tab, and click on 'permissions'.
- Risk Factor
- High/ CVSS Base Score: 7.5
- (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
- CVSS Temporal Score: 7.5(CVSS2#E:H/RL:U/RC:ND)
- CVE CVE-1999-0519
- CVE-1999-0520
- Bugtraq ID
- 8026
- Other References OSVDB:299
- Vulnerability publication date: 1999/07/14
- Plugin publication date: 2009/11/06
- Plugin last modification date: 2011/01/04
- Ease of exploitability : No exploit is required
- PORT WWW (9000/TCP)
- Plugin ID: 11032
- Web Server Directory Enumeration
- Synopsis
- It is possible to enumerate directories on the web server.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The following directories were discovered:
- /config, /help, /images, /setup
- While this is not, in and of itself, a bug, you should manually inspect
- these directories to ensure that they are in compliance with company
- security standards
- Description
- This plugin attempts to determine the presence of various common
- directories on the remote web server. By sending a request for a
- directory, the web server response code indicates if it is a valid
- directory or not.
- Solution
- n/a
- See also
- http://projects.webappsec.org/Predictable-Resource-Location
- Risk Factor
- None
- Other References OWASP:OWASP-CM-006
- Plugin publication date: 2002/06/26
- Plugin last modification date: 2010/11/07
- PORT WWW (443/TCP)
- Plugin ID: 11032
- Web Server Directory Enumeration
- Synopsis
- It is possible to enumerate directories on the web server.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The following directories were discovered:
- /demo, /css, /help, /images, /js, /php
- While this is not, in and of itself, a bug, you should manually inspect
- these directories to ensure that they are in compliance with company
- security standards
- Description
- This plugin attempts to determine the presence of various common
- directories on the remote web server. By sending a request for a
- directory, the web server response code indicates if it is a valid
- directory or not.
- Solution
- n/a
- See also
- http://projects.webappsec.org/Predictable-Resource-Location
- Risk Factor
- None
- Other References OWASP:OWASP-CM-006
- Plugin publication date: 2002/06/26
- Plugin last modification date: 2010/11/07
- PORT WWW (80/TCP)
- Plugin ID: 11032
- Web Server Directory Enumeration
- Synopsis
- It is possible to enumerate directories on the web server.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The following directories were discovered:
- /cgi-bin, /demo, /css, /help, /images, /js, /php
- While this is not, in and of itself, a bug, you should manually inspect
- these directories to ensure that they are in compliance with company
- security standards
- Description
- This plugin attempts to determine the presence of various common
- directories on the remote web server. By sending a request for a
- directory, the web server response code indicates if it is a valid
- directory or not.
- Solution
- n/a
- See also
- http://projects.webappsec.org/Predictable-Resource-Location
- Risk Factor
- None
- Other References OWASP:OWASP-CM-006
- Plugin publication date: 2002/06/26
- Plugin last modification date: 2010/11/07
- PORT WWW (9000/TCP)
- Plugin ID: 22964
- Service Detection
- Synopsis
- The remote service could be identified.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- A web server is running on this port.
- Description
- It was possible to identify the remote service by its banner or by looking
- at the error message it sends when it receives an HTTP request.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2007/08/19
- Plugin last modification date: 2010/11/18
- PORT WWW (3689/TCP)
- Plugin ID: 22964
- Service Detection
- Synopsis
- The remote service could be identified.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- A web server is running on this port.
- Description
- It was possible to identify the remote service by its banner or by looking
- at the error message it sends when it receives an HTTP request.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2007/08/19
- Plugin last modification date: 2010/11/18
- PORT WWW (443/TCP)
- Plugin ID: 22964
- Service Detection
- Synopsis
- The remote service could be identified.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- A web server is running on this port through TLSv1.
- Iomega-055805.local
- Plugin Output
- A TLSv1 server answered on this port.
- Description
- It was possible to identify the remote service by its banner or by looking
- at the error message it sends when it receives an HTTP request.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2007/08/19
- Plugin last modification date: 2010/11/18
- PORT WWW (80/TCP)
- Plugin ID: 22964
- Service Detection
- Synopsis
- The remote service could be identified.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- A web server is running on this port.
- Description
- It was possible to identify the remote service by its banner or by looking
- at the error message it sends when it receives an HTTP request.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2007/08/19
- Plugin last modification date: 2010/11/18
- PORT CIFS (445/TCP)
- Plugin ID: 17651
- Obtains the password policy
- Synopsis
- It is possible to retrieve the remote host's password policy using the\supplied credentials.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The following password policy is defined on the remote host:
- Minimum password len: 5
- Password history len: 0
- Maximum password age (d): No limit
- Password must meet complexity requirements: Disabled
- Minimum password age (d): 0
- Forced logoff time (s): Not set
- Locked account time (s): 1800
- Time between failed logon (s): 1800
- Number of invalid logon before locked out (s): 0
- Description
- Using the supplied credentials it was possible to extract the
- password policy for the remote Windows host. The password policy must
- conform to the Informational System Policy.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2005/03/30
- PORT WWW (443/TCP)
- Plugin ID: 42873
- SSL Medium Strength Cipher Suites Supported
- Synopsis
- The remote service supports the use of medium strength SSL ciphers.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- Here are the medium strength SSL ciphers supported by the remote server :
- Medium Strength Ciphers (>= 56-bit and < 112-bit key)
- SSLv2
- DES-CBC-MD5 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5
- SSLv3
- DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
- TLSv1
- DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
- The fields above are :
- {OpenSSL ciphername}
- Kx={key exchange}
- Au={authentication}
- Enc={symmetric encryption method}
- Mac={message authentication code}
- {export flag}
- Description
- The remote host supports the use of SSL ciphers that offer medium
- strength encryption, which we currently regard as those with key
- lengths at least 56 bits and less than 112 bits.
- Note: This is considerably easier to exploit if the attacker is on the
- same physical network.
- Solution
- Reconfigure the affected application if possible to avoid use of
- medium strength ciphers.
- Risk Factor
- Medium/ CVSS Base Score: 4.3
- (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
- Plugin publication date: 2009/11/23
- Plugin last modification date: 2010/10/08
- PORT (0/TCP)
- Plugin ID: 10180
- Ping the remote host
- Synopsis
- It was possible to identify the status of the remote host (alive or dead)
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The remote host is up
- The host replied to an ARP who-is query.
- Hardware address : 00:d0:b8:05:58:05
- Description
- This plugin attempts to determine if the remote host is alive using one or more
- ping types :
- - An ARP ping, provided the host is on the local subnet
- and Nessus is running over ethernet.
- - An ICMP ping.
- - A TCP ping, in which the plugin sends to the remote host
- a packet with the flag SYN, and the host will reply with
- a RST or a SYN/ACK.
- - A UDP ping (DNS, RPC, NTP, etc).
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 1999/06/24
- Plugin last modification date: 2010/12/30
- PORT CIFS (445/TCP)
- Plugin ID: 10860
- SMB Use Host SID to Enumerate Local Users
- Synopsis
- It is possible to enumerate local users.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- - nobody (id 501, Guest account)
- Note that, in addition to the Administrator and Guest accounts, Nessus
- has enumerated only those local users with IDs between 1000 and 1200.
- To use a different range, edit the scan policy and change the 'Start
- UID' and/or 'End UID' preferences for this plugin, then re-run the
- scan.
- Description
- Using the host security identifier (SID), it is possible to enumerate local users
- on the remote Windows system.
- Solution
- n/a
- Risk Factor
- None
- CVE CVE-2000-1200
- Bugtraq ID
- 959
- Other References OSVDB:714
- Vulnerability publication date: 1998/04/28
- Plugin publication date: 2002/02/13
- Plugin last modification date: 2010/10/06
- Ease of exploitability : Exploits are available
- PORT CIFS (445/TCP)
- Plugin ID: 26919
- SMB Guest Account Local User Access
- Synopsis
- It is possible to log into the remote host.
- List of Hosts
- Iomega-055805.local
- Description
- The remote host is running one of the Microsoft Windows operating
- systems. It was possible to log into it as a guest user using a
- random account.
- Solution
- In the group policy change the setting for
- 'Network access: Sharing and security model for local accounts' from
- 'Guest only - local users authenticate as Guest' to
- 'Classic - local users authenticate as themselves'.
- Risk Factor
- Medium/ CVSS Base Score: 5.0
- (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
- CVE CVE-1999-0505
- Plugin publication date: 2007/10/04
- PORT NETBIOS-NS (137/UDP)
- Plugin ID: 10150
- Windows NetBIOS / SMB Remote Host Information Disclosure
- Synopsis
- It is possible to obtain the network name of the remote host.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The following 5 NetBIOS names have been gathered :
- IOMEGA-055805 = Computer name
- IOMEGA-055805 = Messenger Service
- IOMEGA-055805 = File Server Service
- WORKGROUP = Browser Service Elections
- WORKGROUP = Workgroup / Domain name
- This SMB server seems to be a SAMBA server (MAC address is NULL).
- Description
- The remote host listens on UDP port 137 or TCP port 445 and replies to
- NetBIOS nbtscan or SMB requests.
- Note that this plugin gathers information to be used in other plugins
- but does not itself generate a report.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 1999/10/12
- Plugin last modification date: 2010/07/14
- PORT WWW (443/TCP)
- Plugin ID: 40984
- Browsable Web Directories
- Synopsis
- Some directories on the remote web server are browsable.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The following directories are browsable :
- /php/ytlibrary/Zend/Validate/Hostname/
- /php/ytlibrary/Zend/Http/Client/
- /php/ytlibrary/Zend/Gdata/YouTube/
- /php/ytlibrary/Zend/Gdata/Spreadsheets/
- /php/ytlibrary/Zend/Gdata/Photos/
- /php/ytlibrary/Zend/Gdata/Media/
- /php/ytlibrary/Zend/Gdata/Kind/
- /php/ytlibrary/Zend/Gdata/Health/
- /php/ytlibrary/Zend/Gdata/Geo/
- /php/ytlibrary/Zend/Gdata/Gbase/
- /php/ytlibrary/Zend/Gdata/Gapps/
- /php/ytlibrary/Zend/Http/
- /php/ytlibrary/Zend/Gdata/
- /php/lib/PEAR/Net/
- /php/lib/PEAR/HTTP/
- /php/lib/PEAR/DB/
- /php/facebook-api/jsonwrapper/JSON/
- /js/GreyBox_v5_53/greybox_source/
- /php/ytlibrary/Zend/
- /php/lib/PEAR/
- /php/facebook-api/jsonwrapper/
- /js/greybox/
- /js/GreyBox_v5_53/
- /php/ytlibrary/
- /php/lib/
- /php/facebook-api/
- /demo/
- /css/
- /help/
- /images/
- /js/
- /php/
- /php/ytlibrary/Zend/Uri/
- /php/ytlibrary/Zend/Validate/
- /js/GreyBox_v5_53/greybox_source/base/
- /js/GreyBox_v5_53/greybox_source/gallery/
- /js/GreyBox_v5_53/greybox_source/set/
- /js/GreyBox_v5_53/greybox_source/window/
- /help/bp/javascript/
- /help/cs/javascript/
- /help/ct/javascript/
- /help/de/javascript/
- /help/en/javascript/
- /help/es/javascript/
- /help/fr/javascript/
- /help/ital/javascript/
- /help/jp/javascript/
- /help/ru/javascript/
- /php/lib/PEAR/HTTP/Request/
- /php/ytlibrary/Zend/Gdata/App/
- /php/ytlibrary/Zend/Gdata/Books/
- /php/ytlibrary/Zend/Gdata/Calendar/
- /php/ytlibrary/Zend/Gdata/Docs/
- /php/ytlibrary/Zend/Gdata/DublinCore/
- /php/ytlibrary/Zend/Gdata/Exif/
- /php/ytlibrary/Zend/Gdata/Extension/
- Description
- Miscellaneous Nessus plugins identified directories on this web
- server that are browsable.
- Solution
- Make sure that browsable directories do not leak confidential
- informative or give access to sensitive resources. And use access
- restrictions or disable directory indexing for any that do.
- See also
- http://projects.webappsec.org/Directory-Indexing
- Risk Factor
- None
- Plugin publication date: 2009/09/15
- PORT WWW (80/TCP)
- Plugin ID: 40984
- Browsable Web Directories
- Synopsis
- Some directories on the remote web server are browsable.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The following directories are browsable :
- /php/ytlibrary/Zend/Validate/Hostname/
- /php/ytlibrary/Zend/Http/Client/
- /php/ytlibrary/Zend/Gdata/YouTube/
- /php/ytlibrary/Zend/Gdata/Spreadsheets/
- /php/ytlibrary/Zend/Gdata/Photos/
- /php/ytlibrary/Zend/Gdata/Media/
- /php/ytlibrary/Zend/Gdata/Kind/
- /php/ytlibrary/Zend/Gdata/Health/
- /php/ytlibrary/Zend/Gdata/Geo/
- /php/ytlibrary/Zend/Gdata/Gbase/
- /php/ytlibrary/Zend/Gdata/Gapps/
- /php/ytlibrary/Zend/Http/
- /php/ytlibrary/Zend/Gdata/
- /php/lib/PEAR/Net/
- /php/lib/PEAR/HTTP/
- /php/lib/PEAR/DB/
- /php/facebook-api/jsonwrapper/JSON/
- /js/GreyBox_v5_53/greybox_source/
- /php/ytlibrary/Zend/
- /php/lib/PEAR/
- /php/facebook-api/jsonwrapper/
- /js/greybox/
- /js/GreyBox_v5_53/
- /php/ytlibrary/
- /php/lib/
- /php/facebook-api/
- /demo/
- /css/
- /help/
- /images/
- /js/
- /php/
- /php/ytlibrary/Zend/Uri/
- /php/ytlibrary/Zend/Validate/
- /js/GreyBox_v5_53/greybox_source/base/
- /js/GreyBox_v5_53/greybox_source/gallery/
- /js/GreyBox_v5_53/greybox_source/set/
- /js/GreyBox_v5_53/greybox_source/window/
- /help/bp/javascript/
- /help/cs/javascript/
- /help/ct/javascript/
- /help/de/javascript/
- /help/en/javascript/
- /help/es/javascript/
- /help/fr/javascript/
- /help/ital/javascript/
- /help/jp/javascript/
- /help/ru/javascript/
- /php/lib/PEAR/HTTP/Request/
- /php/ytlibrary/Zend/Gdata/App/
- /php/ytlibrary/Zend/Gdata/Books/
- /php/ytlibrary/Zend/Gdata/Calendar/
- /php/ytlibrary/Zend/Gdata/Docs/
- /php/ytlibrary/Zend/Gdata/DublinCore/
- /php/ytlibrary/Zend/Gdata/Exif/
- /php/ytlibrary/Zend/Gdata/Extension/
- Description
- Miscellaneous Nessus plugins identified directories on this web
- server that are browsable.
- Solution
- Make sure that browsable directories do not leak confidential
- informative or give access to sensitive resources. And use access
- restrictions or disable directory indexing for any that do.
- See also
- http://projects.webappsec.org/Directory-Indexing
- Risk Factor
- None
- Plugin publication date: 2009/09/15
- PORT CIFS (445/TCP)
- Plugin ID: 10859
- SMB LsaQueryInformationPolicy Function SID Enumeration
- Synopsis
- It is possible to obtain the host SID for the remote host.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The remote host SID value is :
- 1-5-21-3715228791-1718835495-3915224457
- The value of 'RestrictAnonymous' setting is : unknown
- Description
- By emulating the call to LsaQueryInformationPolicy(), it was possible
- to obtain the host SID (Security Identifier).
- The host SID can then be used to get the list of local users.
- Solution
- You can prevent anonymous lookups of the host SID by setting the
- 'RestrictAnonymous' registry setting to an appropriate value.
- Refer to the 'See also' section for guidance.
- See also
- http://technet.microsoft.com/en-us/library/bb418944.aspx
- Risk Factor
- None
- CVE CVE-2000-1200
- Bugtraq ID
- 959
- Other References OSVDB:715
- Vulnerability publication date: 2000/01/31
- Plugin publication date: 2002/02/13
- Plugin last modification date: 2010/10/06
- Ease of exploitability : Exploits are available
- PORT CIFS (445/TCP)
- Plugin ID: 25240
- Samba Server Detection
- Synopsis
- An SMB server is running on the remote host.
- List of Hosts
- Iomega-055805.local
- Description
- The remote host is running Samba, a CIFS/SMB server for Unix.
- Solution
- n/a
- See also
- http://www.samba.org/
- Risk Factor
- None
- Plugin publication date: 2007/05/16
- PORT WWW (443/TCP)
- Plugin ID: 45410
- SSL Certificate commonName Mismatch
- Synopsis
- The SSL certificate commonName does not match the host name.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The host name known by Nessus is : iomega-055805.local
- The CommonName of the certificate is : Iomega.
- Description
- This service presents an SSL certificate for which the 'commonName'
- (CN) does not match the host name on which the service listens.
- Solution
- If the machine has several names, make sure that users connect to the
- service through the DNS host name that matches the common name in the
- certificate.
- Risk Factor
- None
- Plugin publication date: 2010/04/03
- Plugin last modification date: 2010/06/14
- PORT (0/TCP)
- Plugin ID: 11936
- OS Identification
- Synopsis
- It is possible to guess the remote operating system
- List of Hosts
- Iomega-055805.local
- Plugin Output
- Remote operating system : Linux Kernel 2.4
- Linux Kernel 2.6
- Confidence Level : 54
- Method : SinFP
- The remote host is running one of these operating systems :
- Linux Kernel 2.4
- Linux Kernel 2.6
- Description
- Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...)
- it is possible to guess the name of the remote operating system in use, and
- sometimes its version
- Solution
- N/A
- Risk Factor
- None
- Plugin publication date: 2003/12/09
- Plugin last modification date: 2010/11/10
- PORT WWW (443/TCP)
- Plugin ID: 21643
- SSL Cipher Suites Supported
- Synopsis
- The remote service encrypts communications using SSL.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- Here is the list of SSL ciphers supported by the remote server :
- Low Strength Ciphers (< 56-bit key)
- SSLv2
- EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
- EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
- Medium Strength Ciphers (>= 56-bit and < 112-bit key)
- SSLv2
- DES-CBC-MD5 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5
- SSLv3
- DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
- TLSv1
- DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
- High Strength Ciphers (>= 112-bit key)
- SSLv2
- DES-CBC3-MD5 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5
- RC2-CBC-MD5 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5
- RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
- SSLv3
- DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
- RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
- RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
- TLSv1
- DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
- AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
- AES256-SHA Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
- RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
- RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
- The fields above are :
- {OpenSSL ciphername}
- Kx={key exchange}
- Au={authentication}
- Enc={symmetric encryption method}
- Mac={message authentication code}
- {export flag}
- Description
- This script detects which SSL ciphers are supported by the remote
- service for encrypting communications.
- Solution
- n/a
- See also
- http://www.openssl.org/docs/apps/ciphers.html
- Risk Factor
- None
- Plugin publication date: 2006/06/05
- Plugin last modification date: 2010/07/21
- PORT CIFS (445/TCP)
- Plugin ID: 11011
- SMB Service Detection
- Synopsis
- A file / print sharing service is listening on the remote host.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- A CIFS server is running on this port.
- Description
- The remote service understands the CIFS (Common Internet File System)
- or Server Message Block (SMB) protocol, used to provide shared access
- to files, printers, etc between nodes on a network.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2002/06/05
- PORT SMB (139/TCP)
- Plugin ID: 11011
- SMB Service Detection
- Synopsis
- A file / print sharing service is listening on the remote host.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- An SMB server is running on this port.
- Description
- The remote service understands the CIFS (Common Internet File System)
- or Server Message Block (SMB) protocol, used to provide shared access
- to files, printers, etc between nodes on a network.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2002/06/05
- PORT (0/TCP)
- Plugin ID: 35716
- Ethernet card brand
- Synopsis
- The manufacturer can be deduced from the Ethernet OUI.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The following card manufacturers were identified :
- 00:d0:b8:05:58:05 : Iomega Corporation
- Description
- Each ethernet MAC address starts with a 24-bit 'Organizationally
- Unique Identifier'.
- These OUI are registered by IEEE.
- Solution
- n/a
- See also
- http://standards.ieee.org/faqs/OUI.html
- http://standards.ieee.org/regauth/oui/index.shtml
- Risk Factor
- None
- Plugin publication date: 2009/02/19
- Plugin last modification date: 2010/10/26
- PORT WWW (443/TCP)
- Plugin ID: 42880
- SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
- Synopsis
- The remote service allows renegotiation of TLS / SSL connections.
- List of Hosts
- Iomega-055805.local
- Description
- The remote service encrypts traffic using TLS / SSL but allows a
- client to renegotiate the connection after the initial handshake. An
- unauthenticated remote attacker may be able to leverage this issue to
- inject an arbitrary amount of plaintext into the beginning of the
- application protocol stream, which could facilitate man-in-the-middle
- attacks if the service assumes that the sessions before and after
- renegotiation are from the same 'client' and merges them at the
- application layer.
- Solution
- Contact the vendor for specific patch information.
- See also
- http://extendedsubset.com/?p=8
- http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
- http://www.kb.cert.org/vuls/id/120541
- http://www.g-sec.lu/practicaltls.pdf
- http://tools.ietf.org/html/rfc5746
- Risk Factor
- Low/ CVSS Base Score: 2.6
- (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
- CVSS Temporal Score: 2.1(CVSS2#E:F/RL:OF/RC:C)
- CVE CVE-2009-3555
- Bugtraq ID
- 36935
- Other References OSVDB:59968
- OSVDB:59969
- OSVDB:59970
- OSVDB:59971
- OSVDB:59972
- OSVDB:59973
- OSVDB:59974
- OSVDB:60521
- OSVDB:61234
- OSVDB:61718
- OSVDB:62210
- OSVDB:62536
- CWE:310
- Vulnerability publication date: 2009/11/04
- Patch publication date: 2009/11/05
- Plugin publication date: 2009/11/24
- Plugin last modification date: 2010/10/06
- Ease of exploitability : Exploits are available
- PORT WWW (443/TCP)
- Plugin ID: 45411
- SSL Certificate with Wrong Hostname
- Synopsis
- The SSL certificate for this service is for a different host.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The following hostnames were checked :
- Iomega
- Description
- The commonName (CN) of the SSL certificate presented on this port is
- for a different machine.
- Solution
- Purchase or generate a proper certificate for this service.
- Risk Factor
- Medium/ CVSS Base Score: 5.0
- (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
- Plugin publication date: 2010/04/03
- Plugin last modification date: 2010/09/22
- PORT WWW (9000/TCP)
- Plugin ID: 44135
- Web Server Generic Cookie Injection
- Synopsis
- The remote web server is prone to a cookie injection attack.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The request string used to detect this flaw was :
- /08fs7qiz.asp?<script>document.cookie=%22testtbfv=5086;%22</script>
- The output was :
- HTTP/1.1 404 Not Found
- Content-Type: text/html; charset=utf-8
- Content-Length: 178
- Date: Tue, 17 Nov 2009 23:15:53 GMT
- Accept-Ranges: bytes
- Connection: keep-alive
- EXT:
- Server: Linux/2.x.x, UPnP/1.0, pvConnect UPnP SDK/1.0
- <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>/08fs7qiz.asp?<script>document.cookie="testtbfv=5086;"</script> was not found on this server.</BODY></HTML>
- Description
- The remote host is running a web server that fails to adequately
- sanitize request strings of malicious JavaScript. By leveraging this
- issue, an attacker may be able to inject arbitrary cookies. Depending
- on the structure of the web application, it may be possible to launch
- a 'session fixation' attack using this mechanism.
- Please note that :
- - Nessus did not check if the session fixation attack is
- feasible.
- - This is not the only vector of session fixation.
- Solution
- Contact the vendor for a patch or upgrade.
- See also
- http://en.wikipedia.org/wiki/Session_fixation
- http://www.owasp.org/index.php/Session_Fixation
- http://www.acros.si/papers/session_fixation.pdf
- http://projects.webappsec.org/Session-Fixation
- Risk Factor
- Medium/ CVSS Base Score: 4.3
- (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
- Plugin publication date: 2010/01/25
- Plugin last modification date: 2010/09/10
- PORT WWW (443/TCP)
- Plugin ID: 51192
- SSL Certificate signed with an unknown Certificate Authority
- Synopsis
- The SSL certificate for this service is signed by an unknown\certificate authority.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- *** ERROR: Unknown root CA in the chain:
- Country: US
- State/Province: UTAH
- Locality: ROY
- Organization: IOMEGA CORP
- Organization Unit: CSB
- Common Name: Iomega
- Email Address: support@iomega.com
- Certificate chain:
- |-Country: US
- |-State/Province: UTAH
- |-Locality: ROY
- |-Organization: IOMEGA CORP
- |-Organization Unit: CSB
- |-Common Name: Iomega
- |-Email Address: support@iomega.com
- |
- Description
- The X.509 certificate of the remote host is not signed by a known
- public certificate authority. If the remote host is a public host in
- production, this nullifies the use of SSL as anyone could establish a
- man in the middle attack against the remote host.
- Solution
- Purchase or generate a proper certificate for this service.
- Risk Factor
- Medium/ CVSS Base Score: 6.4
- (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
- Plugin publication date: 2010/12/15
- Plugin last modification date: 2010/12/15
- PORT CIFS (445/TCP)
- Plugin ID: 26920
- Windows SMB NULL Session Authentication
- Synopsis
- It is possible to log into the remote Windows host with a NULL\session.
- List of Hosts
- Iomega-055805.local
- Description
- The remote host is running Microsoft Windows, and it was possible to
- log into it using a NULL session (i.e., with no login or password). An
- unauthenticated remote attacker can leverage this issue to get
- information about the remote host.
- Solution
- n/a
- See also
- http://support.microsoft.com/kb/q143474/
- http://support.microsoft.com/kb/q246261/
- Risk Factor
- None
- CVE CVE-1999-0519
- CVE-1999-0520
- CVE-2002-1117
- Bugtraq ID
- 494
- Other References OSVDB:299
- Vulnerability publication date: 1999/07/14
- Plugin publication date: 2007/10/04
- Plugin last modification date: 2010/10/06
- Ease of exploitability : No known exploits are available
- PORT WWW (80/TCP)
- Plugin ID: 43111
- HTTP Methods Allowed (per directory)
- Synopsis
- This plugin determines which HTTP methods are allowed on various CGI\directories.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- Based on the response to an OPTIONS request :
- - HTTP methods GET HEAD POST OPTIONS are allowed on :
- /css
- /demo
- /help
- /help/bp
- /help/bp/javascript
- /help/cs
- /help/cs/javascript
- /help/ct
- /help/ct/javascript
- /help/de
- /help/de/javascript
- /help/en
- /help/en/javascript
- /help/es
- /help/es/javascript
- /help/fr
- /help/fr/javascript
- /help/ital
- /help/ital/javascript
- /help/jp
- /help/jp/javascript
- /help/ru
- /help/ru/javascript
- /images
- /js
- /js/GreyBox_v5_53
- /js/GreyBox_v5_53/greybox_source
- /js/GreyBox_v5_53/greybox_source/base
- /js/GreyBox_v5_53/greybox_source/gallery
- /js/GreyBox_v5_53/greybox_source/set
- /js/GreyBox_v5_53/greybox_source/window
- /js/greybox
- /php
- /php/facebook-api
- /php/facebook-api/jsonwrapper
- /php/facebook-api/jsonwrapper/JSON
- /php/lib
- /php/lib/PEAR
- /php/lib/PEAR/DB
- /php/lib/PEAR/HTTP
- /php/lib/PEAR/HTTP/Request
- /php/lib/PEAR/Net
- /php/ytlibrary
- /php/ytlibrary/Zend
- /php/ytlibrary/Zend/Gdata
- /php/ytlibrary/Zend/Gdata/App
- /php/ytlibrary/Zend/Gdata/App/Extension
- /php/ytlibrary/Zend/Gdata/Books
- /php/ytlibrary/Zend/Gdata/Books/Extension
- /php/ytlibrary/Zend/Gdata/Calendar
- /php/ytlibrary/Zend/Gdata/Calendar/Extension
- /php/ytlibrary/Zend/Gdata/Docs
- /php/ytlibrary/Zend/Gdata/DublinCore
- /php/ytlibrary/Zend/Gdata/DublinCore/Extension
- /php/ytlibrary/Zend/Gdata/Exif
- /php/ytlibrary/Zend/Gdata/Exif/Extension
- /php/ytlibrary/Zend/Gdata/Extension
- /php/ytlibrary/Zend/Gdata/Gapps
- /php/ytlibrary/Zend/Gdata/Gapps/Extension
- /php/ytlibrary/Zend/Gdata/Gbase
- /php/ytlibrary/Zend/Gdata/Gbase/Extension
- /php/ytlibrary/Zend/Gdata/Geo
- /php/ytlibrary/Zend/Gdata/Geo/Extension
- /php/ytlibrary/Zend/Gdata/Health
- /php/ytlibrary/Zend/Gdata/Health/Extension
- /php/ytlibrary/Zend/Gdata/Kind
- /php/ytlibrary/Zend/Gdata/Media
- /php/ytlibrary/Zend/Gdata/Media/Extension
- /php/ytlibrary/Zend/Gdata/Photos
- /php/ytlibrary/Zend/Gdata/Photos/Extension
- /php/ytlibrary/Zend/Gdata/Spreadsheets
- /php/ytlibrary/Zend/Gdata/Spreadsheets/Extension
- /php/ytlibrary/Zend/Gdata/YouTube
- /php/ytlibrary/Zend/Gdata/YouTube/Extension
- /php/ytlibrary/Zend/Http
- /php/ytlibrary/Zend/Http/Client
- /php/ytlibrary/Zend/Http/Client/Adapter
- /php/ytlibrary/Zend/Uri
- /php/ytlibrary/Zend/Validate
- /php/ytlibrary/Zend/Validate/Hostname
- Based on tests of each method :
- - HTTP methods COPY DELETE GET HEAD LOCK MKCOL MOVE OPTIONS POST
- PROPFIND PROPPATCH PUT UNLOCK are allowed on :
- /
- /cgi-bin
- /css
- /demo
- /help
- /help/bp
- /help/bp/javascript
- /help/cs
- /help/cs/javascript
- /help/ct
- /help/ct/javascript
- /help/de
- /help/de/javascript
- /help/en
- /help/en/javascript
- /help/es
- /help/es/javascript
- /help/fr
- /help/fr/javascript
- /help/ital
- /help/ital/javascript
- /help/jp
- /help/jp/javascript
- /help/ru
- /help/ru/javascript
- /images
- /js
- /js/GreyBox_v5_53
- /js/GreyBox_v5_53/greybox_source
- /js/GreyBox_v5_53/greybox_source/base
- /js/GreyBox_v5_53/greybox_source/gallery
- /js/GreyBox_v5_53/greybox_source/set
- /js/GreyBox_v5_53/greybox_source/window
- /js/greybox
- /php
- /php/facebook-api
- /php/facebook-api/jsonwrapper
- /php/facebook-api/jsonwrapper/JSON
- /php/lib
- /php/lib/PEAR
- /php/lib/PEAR/DB
- /php/lib/PEAR/HTTP
- /php/lib/PEAR/HTTP/Request
- /php/lib/PEAR/Net
- /php/ytlibrary
- /php/ytlibrary/Zend
- /php/ytlibrary/Zend/Gdata
- /php/ytlibrary/Zend/Gdata/App
- /php/ytlibrary/Zend/Gdata/App/Extension
- /php/ytlibrary/Zend/Gdata/Books
- /php/ytlibrary/Zend/Gdata/Books/Extension
- /php/ytlibrary/Zend/Gdata/Calendar
- /php/ytlibrary/Zend/Gdata/Calendar/Extension
- /php/ytlibrary/Zend/Gdata/Docs
- /php/ytlibrary/Zend/Gdata/DublinCore
- /php/ytlibrary/Zend/Gdata/DublinCore/Extension
- /php/ytlibrary/Zend/Gdata/Exif
- /php/ytlibrary/Zend/Gdata/Exif/Extension
- /php/ytlibrary/Zend/Gdata/Extension
- /php/ytlibrary/Zend/Gdata/Gapps
- /php/ytlibrary/Zend/Gdata/Gapps/Extension
- /php/ytlibrary/Zend/Gdata/Gbase
- /php/ytlibrary/Zend/Gdata/Gbase/Extension
- /php/ytlibrary/Zend/Gdata/Geo
- /php/ytlibrary/Zend/Gdata/Geo/Extension
- /php/ytlibrary/Zend/Gdata/Health
- /php/ytlibrary/Zend/Gdata/Health/Extension
- /php/ytlibrary/Zend/Gdata/Kind
- /php/ytlibrary/Zend/Gdata/Media
- /php/ytlibrary/Zend/Gdata/Media/Extension
- /php/ytlibrary/Zend/Gdata/Photos
- /php/ytlibrary/Zend/Gdata/Photos/Extension
- /php/ytlibrary/Zend/Gdata/Spreadsheets
- /php/ytlibrary/Zend/Gdata/Spreadsheets/Extension
- /php/ytlibrary/Zend/Gdata/YouTube
- /php/ytlibrary/Zend/Gdata/YouTube/Extension
- /php/ytlibrary/Zend/Http
- /php/ytlibrary/Zend/Http/Client
- /php/ytlibrary/Zend/Http/Client/Adapter
- /php/ytlibrary/Zend/Uri
- /php/ytlibrary/Zend/Validate
- /php/ytlibrary/Zend/Validate/Hostname
- Description
- By calling the OPTIONS method, it is possible to determine which HTTP
- methods are allowed on each directory.
- As this list may be incomplete, the plugin also tests - if 'Thorough
- tests' are enabled or 'Enable web applications tests' is set to 'yes'
- in the scan policy - various known HTTP methods on each directory and
- considers them as unsupported if it receives a response code of 400,
- 403, 405, or 501.
- Note that the plugin output is only informational and does not
- necessarily indicate the presence of any security vulnerabilities.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2009/12/10
- Plugin last modification date: 2010/10/13
- PORT WWW (443/TCP)
- Plugin ID: 10863
- SSL Certificate Information
- Synopsis
- This plugin displays the SSL certificate.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- Subject Name:
- Country: US
- State/Province: UTAH
- Locality: ROY
- Organization: IOMEGA CORP
- Organization Unit: CSB
- Common Name: Iomega
- Email Address: support@iomega.com
- Issuer Name:
- Country: US
- State/Province: UTAH
- Locality: ROY
- Organization: IOMEGA CORP
- Organization Unit: CSB
- Common Name: Iomega
- Email Address: support@iomega.com
- Serial Number: 00 FD AC 1C 62 EB 96 63 3B
- Version: 3
- Signature Algorithm: SHA-1 With RSA Encryption
- Not Valid Before: May 07 10:34:53 2009 GMT
- Not Valid After: Jan 14 10:34:53 2023 GMT
- Public Key Info:
- Algorithm: RSA Encryption
- Public Key: 00 BC 8B C4 F8 02 7B 31 E0 7C 82 4F 40 29 E6 C2 90 03 6E 7F
- 39 E4 9B A9 A4 C5 03 98 7E F6 16 3C E6 9E BF E4 35 A8 D0 1B
- A5 99 0A 41 BE 37 1D D2 05 91 F0 03 FB F7 74 24 BC 4D 42 98
- 67 12 FA 7A ED A6 53 D0 86 33 DF F4 2C BB EB DA 29 05 1E 08
- FD 9E 32 EA 02 C7 5C 98 D9 31 E9 20 0E A4 1C 69 05 EF C6 6F
- EC 97 81 9C 0B 5C 12 DF 2B 1E 50 A0 79 6C DE D2 2E 8B 40 32
- E6 09 FB 41 AC 70 70 A2 7B
- Exponent: 01 00 01
- Signature: 00 9C C6 B2 A8 18 18 7E 85 14 57 D4 EE 61 57 6D 70 9C 68 A9
- 55 46 B7 92 0E 17 F9 D9 C1 1F 7B DE CD 82 C2 DA 05 40 88 97
- 34 41 F6 85 49 27 78 2A 86 E9 91 4B 54 E8 22 5F E1 C2 EE 3E
- 64 DC 93 A4 8E DA 00 30 02 0F CA 6C 2A A6 49 57 51 F9 B3 1B
- 42 67 E0 61 69 76 4C 87 92 C9 87 98 03 38 C1 EE 27 7C 44 0D
- 44 22 71 86 AD DF FB E6 56 83 05 4D A9 24 1A 0D C7 02 50 4D
- F6 C4 80 F1 B2 6B 30 50 BE
- Extension: Subject Key Identifier (2.5.29.14)
- Critical: 0
- Subject Key Identifier: 4C C9 2A 01 F5 12 67 A5 64 9E 0A BB A7 BC 5A 76 DB 93 98 23
- Extension: Authority Key Identifier (2.5.29.35)
- Critical: 0
- Extension: Basic Constraints (2.5.29.19)
- Critical: 0
- Data: 30 03 01 01 FF
- Description
- This plugin connects to every SSL-related port and attempts to
- extract and dump the X.509 certificate.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2008/05/19
- PORT (0/TCP)
- Plugin ID: 45590
- Common Platform Enumeration (CPE)
- Synopsis
- It is possible to enumerate CPE names that matched on the remote\system.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The remote operating system matched the following CPEs :
- cpe:/o:linux:linux_kernel:2.4
- cpe:/o:linux:linux_kernel:2.6
- Here is the list of application CPE IDs that matched on the remote system :
- cpe:/a:samba:samba:3.2.5 -> Samba Samba 3.2.5
- Description
- By using information obtained from a Nessus scan, this plugin reports
- CPE (Common Platform Enumeration) matches for various hardware and
- software products found on a host.
- Note that if an official CPE is not available for the product, this
- plugin computes the best possible CPE based on the information
- available from the scan.
- Solution
- n/a
- See also
- http://cpe.mitre.org/
- Risk Factor
- None
- Plugin publication date: 2010/04/21
- Plugin last modification date: 2010/04/21
- PORT (0/UDP)
- Plugin ID: 10287
- Traceroute Information
- Synopsis
- It was possible to obtain traceroute information.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- For your information, here is the traceroute from 192.168.1.133 to 192.168.1.100 :
- 192.168.1.133
- 192.168.1.100
- Description
- Makes a traceroute to the remote host.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 1999/11/27
- Plugin last modification date: 2010/10/18
- PORT MDNS (5353/UDP)
- Plugin ID: 12218
- mDNS Detection
- Synopsis
- It is possible to obtain information about the remote host.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- Nessus was able to extract the following information :
- - Computer name : Iomega-055805.local.
- - Ethernet addr : 00:d0:b8:05:58:05
- - Computer Type : ARMV5TEJL
- - Operating System : LINUX
- Description
- The remote service understands the Bonjour (also known as ZeroConf or
- mDNS) protocol, which allows anyone to uncover information from the
- remote host such as its operating system type and exact version, its
- hostname, and the list of services it is running.
- Solution
- Filter incoming traffic to UDP port 5353 if desired.
- Risk Factor
- Medium/ CVSS Base Score: 5.0
- (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
- Plugin publication date: 2004/04/28
- PORT APPLESHARE (548/TCP)
- Plugin ID: 10666
- Apple Filing Protocol Server Detection
- Synopsis
- An Apple file sharing service is listening on the remote port.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- Nessus collected the following information about the remote AFP service :
- Server name : Iomega-055805
- Machine type : Netatalk
- UAMs : No User Authent, DHCAST128, Cleartxt Passwrd
- AFP versions : AFPVersion 1.1, AFPVersion 2.0, AFPVersion 2.1, AFP2.2, AFPX03, AFP3.1
- The server allows the "guest" user to connect.
- Description
- The remote service understands the Apple Filing Protocol (AFP) and
- responds to a 'FPGetSrvrInfo' ('DSIGetStatus') request with
- information about itself.
- AFP is used to offer file services for Mac OS X as well as the older
- Mac OS. In the past, it has also been known as 'AppleTalk Filing
- Protocol' and 'AppleShare'.
- Solution
- n/a
- See also
- http://www.nessus.org/u?7cadff1c
- http://en.wikipedia.org/wiki/Apple_Filing_Protocol
- Risk Factor
- None
- Plugin publication date: 2001/05/12
- Plugin last modification date: 2010/09/21
- PORT WWW (443/TCP)
- Plugin ID: 50845
- OpenSSL Detection
- Synopsis
- The remote service appears to use OpenSSL to encrypt traffic.
- List of Hosts
- Iomega-055805.local
- Description
- Based on its behavior, it seems that the remote service is using the
- OpenSSL library to encrypt traffic.
- Note that this plugin can only detect OpenSSL implementations that
- have enabled support for TLS extensions (RFC 4366).
- Solution
- n/a
- See also
- http://www.openssl.org
- Risk Factor
- None
- Plugin publication date: 2010/11/30
- Plugin last modification date: 2010/12/02
- PORT CIFS (445/TCP)
- Plugin ID: 10394
- SMB Log In Possible
- Synopsis
- It is possible to log into the remote host.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- - NULL sessions are enabled on the remote host
- - Remote users are authenticated as 'Guest'
- Description
- The remote host is running Microsoft Windows operating
- system or Samba, a CIFS/SMB server for Unix. It was
- possible to log into it using one of the following
- account :
- - NULL session
- - Guest account
- - Given Credentials
- Solution
- n/a
- See also
- http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP
- http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP
- Risk Factor
- None
- CVE CVE-1999-0504
- CVE-1999-0505
- CVE-1999-0506
- CVE-2000-0222
- CVE-2002-1117
- CVE-2005-3595
- Bugtraq ID
- 494
- 990
- 11199
- Other References OSVDB:297
- OSVDB:3106
- OSVDB:8230
- OSVDB:10050
- Vulnerability publication date: 1999/01/01
- Plugin publication date: 2000/05/09
- Plugin last modification date: 2010/10/14
- Ease of exploitability : Exploits are available
- Exploitable with: Metasploit (Microsoft Windows Authenticated User Code Execution)
- PORT CIFS (445/TCP)
- Plugin ID: 10397
- SMB LanMan Pipe Server Listing Disclosure
- Synopsis
- It is possible to obtain network information.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- Here is the browse list of the remote host :
- IOMEGA-055805 ( os : 0.0 )
- Description
- It was possible to obtain the browse list of the remote Windows system
- by send a request to the LANMAN pipe. The browse list is the list of
- the nearest Windows systems of the remote host.
- Solution
- n/a
- Risk Factor
- None
- Other References OSVDB:300
- Vulnerability publication date: 2000/01/01
- Plugin publication date: 2000/05/09
- PORT APPLESHARE (548/TCP)
- Plugin ID: 45380
- AFP Server Share Enumeration (guest)
- Synopsis
- The "guest" user can access some network shares.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The following shares can be read as 'guest' :
- - ActiveFolders
- Contents :
- - demo
- - ftp
- - torrents
- - DefaultPicture.bmp
- - Network Trash Folder
- - Temporary Items
- - photos
- Contents :
- - DefaultPicture.bmp
- - Network Trash Folder
- - Temporary Items
- - movies
- Contents :
- - DefaultPicture.bmp
- - Network Trash Folder
- - Temporary Items
- - backups
- Contents :
- - DefaultPicture.bmp
- - Network Trash Folder
- - Temporary Items
- - public
- Contents :
- - DefaultPicture.bmp
- - Network Trash Folder
- - Temporary Items
- - music
- Contents :
- - DefaultPicture.bmp
- - Network Trash Folder
- - Temporary Items
- Description
- The remote AFP server allows guest users to connect to several
- shares.
- Make sure this is in line with your organization's security policy.
- Solution
- If you do not want the 'guest' user to be able to access any share on
- the remote system :
- - On Mac OS X client, edit System Preferences -> Accounts
- -> Guest and uncheck the option 'Allow guests to connect
- to shared folders'.
- - On Mac OS X server, edit the AFP service and disable
- option 'Allow guests to connect'.
- Risk Factor
- None
- Plugin publication date: 2010/03/30
- Plugin last modification date: 2010/11/17
- PORT WWW (443/TCP)
- Plugin ID: 26928
- SSL Weak Cipher Suites Supported
- Synopsis
- The remote service supports the use of weak SSL ciphers.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- Here is the list of weak SSL ciphers supported by the remote server :
- Low Strength Ciphers (< 56-bit key)
- SSLv2
- EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
- EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
- The fields above are :
- {OpenSSL ciphername}
- Kx={key exchange}
- Au={authentication}
- Enc={symmetric encryption method}
- Mac={message authentication code}
- {export flag}
- Description
- The remote host supports the use of SSL ciphers that offer either weak
- encryption or no encryption at all.
- Note: This is considerably easier to exploit if the attacker is on the
- same physical network.
- Solution
- Reconfigure the affected application if possible to avoid use of weak
- ciphers.
- See also
- http://www.openssl.org/docs/apps/ciphers.html
- Risk Factor
- Medium/ CVSS Base Score: 4.3
- (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
- Other References CWE:327
- CWE:326
- CWE:753
- CWE:803
- CWE:720
- Plugin publication date: 2007/10/08
- Plugin last modification date: 2010/10/08
- PORT WWW (443/TCP)
- Plugin ID: 10662
- Web mirroring
- Synopsis
- Nessus crawled the remote web site.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The following CGI have been discovered :
- Syntax : cginame (arguments [default value])
- /cgi-bin/makecgi-pro (tab_value [tab_status] session [878469] page_value [page_landing] task...)
- Directory index found at /php/
- Directory index found at /js/
- Directory index found at /images/
- Directory index found at /help/
- Directory index found at /css/
- Directory index found at /demo/
- Directory index found at /php/facebook-api/
- Directory index found at /php/lib/
- Directory index found at /php/ytlibrary/
- Directory index found at /js/GreyBox_v5_53/
- Directory index found at /js/greybox/
- Directory index found at /php/facebook-api/jsonwrapper/
- Directory index found at /php/lib/PEAR/
- Directory index found at /php/ytlibrary/Zend/
- Directory index found at /js/GreyBox_v5_53/greybox_source/
- Directory index found at /php/facebook-api/jsonwrapper/JSON/
- Directory index found at /php/lib/PEAR/DB/
- Directory index found at /php/lib/PEAR/HTTP/
- Directory index found at /php/lib/PEAR/Net/
- Directory index found at /php/ytlibrary/Zend/Gdata/
- Directory index found at /php/ytlibrary/Zend/Http/
- Directory index found at /php/ytlibrary/Zend/Uri/
- Directory index found at /php/ytlibrary/Zend/Validate/
- Directory index found at /js/GreyBox_v5_53/greybox_source/base/
- Directory index found at /js/GreyBox_v5_53/greybox_source/gallery/
- Directory index found at /js/GreyBox_v5_53/greybox_source/set/
- Directory index found at /js/GreyBox_v5_53/greybox_source/window/
- Directory index found at /help/bp/javascript/
- Directory index found at /help/cs/javascript/
- Directory index found at /help/ct/javascript/
- Directory index found at /help/de/javascript/
- Directory index found at /help/en/javascript/
- Directory index found at /help/es/javascript/
- Directory index found at /help/fr/javascript/
- Directory index found at /help/ital/javascript/
- Directory index found at /help/jp/javascript/
- Directory index found at /help/ru/javascript/
- Directory index found at /php/lib/PEAR/HTTP/Request/
- Directory index found at /php/ytlibrary/Zend/Gdata/App/
- Directory index found at /php/ytlibrary/Zend/Gdata/Books/
- Directory index found at /php/ytlibrary/Zend/Gdata/Calendar/
- Directory index found at /php/ytlibrary/Zend/Gdata/Docs/
- Directory index found at /php/ytlibrary/Zend/Gdata/DublinCore/
- Directory index found at /php/ytlibrary/Zend/Gdata/Exif/
- Directory index found at /php/ytlibrary/Zend/Gdata/Extension/
- Directory index found at /php/ytlibrary/Zend/Gdata/Gapps/
- Directory index found at /php/ytlibrary/Zend/Gdata/Gbase/
- Directory index found at /php/ytlibrary/Zend/Gdata/Geo/
- Directory index found at /php/ytlibrary/Zend/Gdata/Health/
- Directory index found at /php/ytlibrary/Zend/Gdata/Kind/
- Directory index found at /php/ytlibrary/Zend/Gdata/Media/
- Directory index found at /php/ytlibrary/Zend/Gdata/Photos/
- Directory index found at /php/ytlibrary/Zend/Gdata/Spreadsheets/
- Directory index found at /php/ytlibrary/Zend/Gdata/YouTube/
- Directory index found at /php/ytlibrary/Zend/Http/Client/
- Directory index found at /php/ytlibrary/Zend/Validate/Hostname/
- Description
- This script makes a mirror of the remote web site(s) and extracts the
- list of CGIs that are used by the remote host.
- It is suggested that you change the number of pages to mirror in the
- 'Options' section of the client.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2001/05/04
- Plugin last modification date: 2010/12/13
- PORT WWW (80/TCP)
- Plugin ID: 10662
- Web mirroring
- Synopsis
- Nessus crawled the remote web site.
- List of Hosts
- Iomega-055805.local
- Plugin Output
- The following CGI have been discovered :
- Syntax : cginame (arguments [default value])
- /cgi-bin/makecgi-pro (tab_value [tab_status] session [878469] page_value [page_landing] task...)
- Directory index found at /php/
- Directory index found at /js/
- Directory index found at /images/
- Directory index found at /help/
- Directory index found at /css/
- Directory index found at /demo/
- Directory index found at /php/facebook-api/
- Directory index found at /php/lib/
- Directory index found at /php/ytlibrary/
- Directory index found at /js/GreyBox_v5_53/
- Directory index found at /js/greybox/
- Directory index found at /php/facebook-api/jsonwrapper/
- Directory index found at /php/lib/PEAR/
- Directory index found at /php/ytlibrary/Zend/
- Directory index found at /js/GreyBox_v5_53/greybox_source/
- Directory index found at /php/facebook-api/jsonwrapper/JSON/
- Directory index found at /php/lib/PEAR/DB/
- Directory index found at /php/lib/PEAR/HTTP/
- Directory index found at /php/lib/PEAR/Net/
- Directory index found at /php/ytlibrary/Zend/Gdata/
- Directory index found at /php/ytlibrary/Zend/Http/
- Directory index found at /php/ytlibrary/Zend/Uri/
- Directory index found at /php/ytlibrary/Zend/Validate/
- Directory index found at /js/GreyBox_v5_53/greybox_source/base/
- Directory index found at /js/GreyBox_v5_53/greybox_source/gallery/
- Directory index found at /js/GreyBox_v5_53/greybox_source/set/
- Directory index found at /js/GreyBox_v5_53/greybox_source/window/
- Directory index found at /help/bp/javascript/
- Directory index found at /help/cs/javascript/
- Directory index found at /help/ct/javascript/
- Directory index found at /help/de/javascript/
- Directory index found at /help/en/javascript/
- Directory index found at /help/es/javascript/
- Directory index found at /help/fr/javascript/
- Directory index found at /help/ital/javascript/
- Directory index found at /help/jp/javascript/
- Directory index found at /help/ru/javascript/
- Directory index found at /php/lib/PEAR/HTTP/Request/
- Directory index found at /php/ytlibrary/Zend/Gdata/App/
- Directory index found at /php/ytlibrary/Zend/Gdata/Books/
- Directory index found at /php/ytlibrary/Zend/Gdata/Calendar/
- Directory index found at /php/ytlibrary/Zend/Gdata/Docs/
- Directory index found at /php/ytlibrary/Zend/Gdata/DublinCore/
- Directory index found at /php/ytlibrary/Zend/Gdata/Exif/
- Directory index found at /php/ytlibrary/Zend/Gdata/Extension/
- Directory index found at /php/ytlibrary/Zend/Gdata/Gapps/
- Directory index found at /php/ytlibrary/Zend/Gdata/Gbase/
- Directory index found at /php/ytlibrary/Zend/Gdata/Geo/
- Directory index found at /php/ytlibrary/Zend/Gdata/Health/
- Directory index found at /php/ytlibrary/Zend/Gdata/Kind/
- Directory index found at /php/ytlibrary/Zend/Gdata/Media/
- Directory index found at /php/ytlibrary/Zend/Gdata/Photos/
- Directory index found at /php/ytlibrary/Zend/Gdata/Spreadsheets/
- Directory index found at /php/ytlibrary/Zend/Gdata/YouTube/
- Directory index found at /php/ytlibrary/Zend/Http/Client/
- Directory index found at /php/ytlibrary/Zend/Validate/Hostname/
- Description
- This script makes a mirror of the remote web site(s) and extracts the
- list of CGIs that are used by the remote host.
- It is suggested that you change the number of pages to mirror in the
- 'Options' section of the client.
- Solution
- n/a
- Risk Factor
- None
- Plugin publication date: 2001/05/04
- Plugin last modification date: 2010/12/13
- Iomega-055805.local
- Scan Time
- Start time:
- Wed Jan 5 20:02:48 2011
- End time:
- Wed Jan 5 21:03:08 2011
- Number of vulnerabilities
- High
- 1
- Medium
- 8
- Low
- 50
- Remote Host Information
- Operating System:
- Linux Kernel 2.4Linux Kernel 2.6
- NetBIOS name:
- IOMEGA-055805
- DNS name:
- Iomega-055805.local
- IP address:
- 192.168.1.100
- MAC addresses:
- 00:d0:b8:05:58:05
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement