nexpose_csv_generator 0.0.1

data/bin/csv_creator

@@ -0,0 +1,143 @@
+#!/usr/bin/env ruby
+
+require 'nexpose'
+require File.expand_path(File.join(File.dirname(__FILE__), '../lib/raw_xml_data_builder'))
+require File.expand_path(File.join(File.dirname(__FILE__), '../lib/formatters/default_formatter'))
+require File.expand_path(File.join(File.dirname(__FILE__), '../lib/report_generator_options'))
+
+
+def output_data file, data_array, csv_separator
+	line_item = ''
+
+	data_array.each do |data|
+		data = data || ''
+		line_item << '"'
+		line_item << data
+		line_item << '"'
+		line_item << csv_separator
+	end
+
+	file.puts line_item
+end
+
+def parse_and_verify_options options
+	vuln_only = options.report_vuln_only.to_s.downcase
+	if vuln_only == 'true'
+		options.report_vuln_only = true
+	elsif vuln_only == 'false'
+		options.report_vuln_only = false
+	else
+		raise ArgumentError.new "Illegal option for -v : #{options.report_vuln_only}"
+	end
+
+	if options.host.nil?
+		raise ArgumentError.new "The NeXpose host is required"
+	end
+
+	if options.user.nil?
+		raise ArgumentError.new "The NeXpose username is required"
+	end
+
+	if options.password.nil?
+		raise ArgumentError.new "The NeXpose password is required"
+	end
+
+	if options.ofn.nil?
+		raise ArgumentError.new "The output file name needs to be specified"
+	end
+
+end
+
+begin
+	options = Options.parse ARGV
+	parse_and_verify_options options
+
+	csv_separator = options.separator
+
+	# Log into NeXpose
+	client_api = Nexpose::Connection.new options.host, options.user, options.password, options.port
+	client_api.login
+
+	export_file = File.open options.ofn, 'w'
+
+	# Output headers
+	output_data export_file, options.headers.split(/,/), csv_separator
+
+	# get sites
+  sites = []
+  if options.sites.nil?
+	  sites = client_api.site_listing
+  else
+    sites_array = options.sites.to_s.split(",")
+    sites_array.each do |site_id|
+      sites << {:site_id => site_id.to_i}
+    end
+  end
+
+	# For each site get the adhoc report data
+	data_builder = RawXMLDataBuilder.new client_api, options.report_vuln_only
+
+	formatter = DefaultFormatter.new
+
+	sites.each do |site|
+		puts "Correlating data for site: #{site[:site_id]}"
+		nodes_data = data_builder.get_node_data site[:site_id]
+		vuln_data = data_builder.get_vuln_data
+
+		nodes_data.each do |node_data|
+
+			vuln_id = node_data[:vuln_id]
+			node_vuln_data = vuln_data[vuln_id]
+
+			vuln_status = node_data[:vuln_status]
+
+			port_protocol = ''
+		  if node_data[:port] and not node_data[:port].to_s.chomp.empty?
+				port_protocol << node_data[:port]
+				port_protocol << ','
+				port_protocol << node_data[:protocol]
+			else
+				port_protocol << '0'
+			end
+
+			host = node_data[:name]
+			ip = node_data[:ip]
+
+			vuln_descrription_needed = {:description => node_vuln_data[:description]}
+			vuln_description = formatter.do_description_format vuln_descrription_needed
+			vuln_description.to_s.squeeze!(" ")
+			vuln_description.to_s.gsub!(/"/, '')
+
+			vuln_solution_needed = {:solution    => node_vuln_data[:solution]}
+			vuln_solution = formatter.do_description_format vuln_solution_needed
+			vuln_solution.to_s.squeeze!(" ")
+			vuln_solution.to_s.gsub!(/"/, '')
+
+			os = node_data[:fingerprint]
+
+			vuln_category = (node_data[:port] and not node_data[:port].to_s.chomp.empty?) ? 'Application' : 'Platform'
+
+			proof_data_needed = {:proof => node_data[:proof]}
+			proof_info = formatter.do_description_format proof_data_needed
+			proof_info.to_s.squeeze!(" ")
+			proof_info.to_s.gsub!(/"/, '')
+
+			cvss = node_vuln_data[:cvss]
+
+			data_array = []
+			data_array << vuln_status
+			data_array << port_protocol
+			data_array << host
+			data_array << ip
+			data_array << vuln_description
+			data_array << vuln_solution
+			data_array << vuln_id
+			data_array << os
+			data_array << vuln_category
+			data_array << proof_info
+			data_array << cvss
+			output_data export_file, data_array, csv_separator
+
+		end
+	end
+end

data/lib/formatters/default_formatter.rb

@@ -0,0 +1,50 @@
+require File.expand_path(File.join(File.dirname(__FILE__), 'formatter'))
+
+class DefaultFormatter < Formatter
+  def do_description_format ticket_info
+		# Build description section
+		formatted_output = ''
+		if ticket_info[:description]
+			vuln_description_paragraph = build_paragraph ticket_info[:description]
+			vuln_description_paragraph.get_paragraph.each do |output|
+				do_formated_paragraph formatted_output, output
+			end
+		end
+
+    # Build Proof
+		if ticket_info[:proof]
+			vuln_proof_paragraph = build_paragraph ticket_info[:proof]
+			vuln_proof_paragraph.get_paragraph.each do |output|
+				do_formated_paragraph formatted_output, output
+			end
+		end
+
+		# Build solution section
+		if ticket_info[:solution]
+			vuln_solution_paragraph = build_paragraph ticket_info[:solution]
+			vuln_solution_paragraph.get_paragraph.each do |output|
+				do_formated_paragraph formatted_output, output
+			end
+		end
+
+    formatted_output
+  end
+
+  def do_formated_paragraph appended, output
+      if output[:sentence]
+        appended << output[:sentence]
+        appended << ' '
+      else
+        if output[:link]
+          description = output[:link][0]
+          link = output[:link][1]
+          line_item = ''
+          line_item << description
+          line_item << ': '
+          line_item << link
+          appended << line_item
+          appended << ' '
+        end
+      end
+  end
+end

data/lib/formatters/formatter.rb

@@ -0,0 +1,35 @@
+require File.expand_path(File.join(File.dirname(__FILE__), 'paragraph'))
+
+#------------------------------------------------------------------------------------------------------
+#
+#------------------------------------------------------------------------------------------------------
+class Formatter
+
+  # Both parameters are array input from the parser of either string or hash which contains the link
+  # ticket_info: Contains :description, :solution, and :proof
+  def do_description_format ticket_info
+    raise 'Formatter abstracion called!'
+  end
+
+  #------------------------------------------------------------------------------------------------------
+  # input: An input array
+  #------------------------------------------------------------------------------------------------------
+  def build_paragraph input
+    paragraph = Paragraph.new
+    input.each do |line|
+      if line.kind_of? Hash
+        line.each {|key,value| paragraph.add_link key, value}
+      else
+        line.gsub!(/[\r\n\t]/, '\r' => '', '\n' => '', '\t' => '')
+        if line.empty?
+          next
+        else
+          paragraph.add_sentence line
+        end
+      end
+    end
+
+    paragraph
+  end
+
+end

data/lib/formatters/paragraph.rb

@@ -0,0 +1,20 @@
+
+class Paragraph
+
+  def initialize
+    # An array of sentences (strings) and links
+    @paragraph = []
+  end
+
+  def add_link description, link
+    @paragraph << {:link => [description, link]}
+  end
+
+  def add_sentence sentence
+    @paragraph << {:sentence => sentence}
+  end
+
+  def get_paragraph
+    @paragraph
+  end
+end

data/lib/raw_xml_data_builder.rb

@@ -0,0 +1,117 @@
+require 'rubygems'
+require 'rex/parser/nexpose_xml'
+
+class RawXMLDataBuilder
+
+	def initialize client_api, parse_vuln_states_only
+		@client_api = client_api
+		@adhoc_report_generator = Nexpose::ReportAdHoc.new client_api
+
+		@vuln_map = {}
+		@host_data = []
+    @vuln_data = []
+
+    @parser = Rex::Parser::NexposeXMLStreamParser.new
+		@parser.parse_vulnerable_states_only parse_vuln_states_only
+    @parser.callback = proc { |type, value|
+      case type
+        when :host
+          @host_data << value
+        when :vuln
+          @vuln_data << value
+      end
+    }
+	end
+
+	def get_node_data site_id
+	  @adhoc_report_generator.addFilter 'site', site_id
+    data = @adhoc_report_generator.generate
+
+    # The only way to get the corresponding device-id is though mappings
+    site_device_listing = @client_api.site_device_listing site_id
+
+    REXML::Document.parse_stream(data.to_s, @parser)
+
+		populate_vuln_map
+    build_node_data site_device_listing
+	end
+
+	def get_vuln_data
+		@vuln_map
+	end
+
+	#------------------------------------------------------------------------------------------------------
+  #
+  #------------------------------------------------------------------------------------------------------
+  def build_node_data site_device_listing
+    res = []
+    @host_data.each do |host_data|
+      ip = host_data["addr"]
+      device_id = get_device_id ip, site_device_listing
+
+      # Just take the first name
+      names = host_data["names"]
+      name = ''
+      unless names.nil? or names.empty?
+        name = names[0]
+      end
+
+      fingerprint = ''
+      fingerprint <<  host_data["os_vendor"]
+      fingerprint << ' '
+      fingerprint <<  host_data["os_family"]
+
+      host_data["vulns"].each { |vuln_id, vuln_info|
+
+         vkey = vuln_info["key"] || ''
+         vuln_endpoint_data = vuln_info["endpoint_data"]
+
+         port = ''
+         protocol = ''
+         if vuln_endpoint_data
+            port = vuln_endpoint_data["port"] || ''
+            protocol = vuln_endpoint_data["protocol"] || ''
+         end
+
+         res << {
+            :ip          => ip,
+            :device_id   => device_id,
+            :name        => name,
+            :fingerprint => fingerprint,
+            :vuln_id     => vuln_id,
+            :vuln_status => vuln_info["status"],
+            :port        => port,
+            :protocol    => protocol,
+            :vkey        => vkey,
+            :proof       => vuln_info["proof"]
+        }
+      }
+    end
+
+    res
+  end
+
+  def populate_vuln_map
+    @vuln_data.each do |vuln_data|
+       id = vuln_data["id"].to_s.downcase.chomp
+       unless @vuln_map.has_key? id
+         @vuln_map[id] = {
+             :severity    => vuln_data["severity"],
+             :title       => vuln_data["title"],
+             :description => vuln_data["description"],
+             :solution    => vuln_data["solution"],
+						 :cvss        => vuln_data["cvssScore"]
+         }
+       end
+     end
+	end
+
+	def get_device_id ip, site_device_listing
+		site_device_listing.each do |device_info|
+			if	device_info[:address] =~ /#{ip}/
+				return device_info[:device_id]
+			end
+		end
+	end
+
+end

data/lib/report_generator_options.rb

@@ -0,0 +1,46 @@
+require 'ostruct'
+require 'optparse'
+
+#------------------------------------------------------------------------------------------------------
+# Defines options to be executed against the NeXpose API
+#------------------------------------------------------------------------------------------------------
+class Options
+    def self.parse(args)
+      options = OpenStruct.new
+      options.verbose = false
+			options.port = 3780
+			options.dbn = 'nexpose'
+			options.dbu = 'nxpgsql'
+			options.separator = ','
+			options.host = 'localhost'
+			options.report_vuln_only = false
+      options.sites = nil
+			options.headers = 'Vulnerable Status,Port Details,HostName,IP,Vulnerability Description,Vulnerability Remediations,Unique ID,Operating System,Vulnerability Category,Vulnerability Proof,CVSS Score'
+
+      option_parser = OptionParser.new  do |option_parser|
+        option_parser.on("-h host", "The network address of the NeXpose instance - Defaults to 'localhost'") {|arg| options.host=arg.chomp}
+        option_parser.on("-u user_name", "The NeXpose user name - Required") {|arg| options.user=arg.chomp}
+        option_parser.on("-p password", "The NeXpose password - Required") {|arg| options.password=arg.chomp}
+				option_parser.on("-s delimeter", "The report delimiter - Defaults to ','") {|arg| options.separator=arg.chomp}
+				option_parser.on("-v [true|false]", "Report on vulnerable data only - Defaults to false") {|arg| options.report_vuln_only=arg.chomp}
+        option_parser.on("--sites site1,site2", "A list of sites to report on - Defaults to ALL") {|arg| options.sites=arg.chomp}
+				option_parser.on("--port port", "The NSC port - Defaults to 3780") {|arg| options.port=arg.chomp}
+				option_parser.on("--ofn file", "The output file name -Required") {|arg| options.ofn=arg.chomp}
+				option_parser.on("--headers headers", "A comma separated list of the headers -Default #{options.headers}") {|arg| options.headers=arg.chomp}
+
+        option_parser.on_tail("--help", "Help") do
+          puts option_parser
+          exit 0
+        end
+      end
+
+      begin
+       option_parser.parse!(args)
+        rescue OptionParser::ParseError => e
+            puts "#{e}\n\n#{option_parser}"
+            exit 1
+      end
+
+			options
+    end
+end

data/lib/test.csv

@@ -0,0 +1,40 @@
+"Vulnerable Status","Port Details","HostName","IP","Vulnerability Description","Vulnerability Remediations","Unique ID","Operating System","Vulnerability Category","Vulnerability Proof","CVSS Score",
+"vulnerable-exploited","0","rhel54-6tsc_reg","10.2.62.27"," TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. ","Microsoft Windows Server 2003, Web Edition < SP1, Microsoft Windows Server 2003, Enterprise Edition < SP1, Microsoft Windows Server 2003, Datacenter Edition < SP1, Microsoft Windows Server 2003, Standard Edition < SP1, Microsoft Windows Small Business Server 2003 < SP1 Download and apply the patch from: LinkTitle: http://download.microsoft.com/download/3/9/C/39C7DB36-2F55-4FD7-BD4C-EBBB58A2A21D/WindowsServer2003-KB893066-v2-x86-enu.exe LinkURL: http://download.microsoft.com/download/3/9/C/39C7DB36-2F55-4FD7-BD4C-EBBB58A2A21D/WindowsServer2003-KB893066-v2-x86-enu.exe Microsoft Windows Server 2003 < SP1 (x86), Microsoft Windows Server 2003, Standard Edition < SP1 (x86), Microsoft Windows Server 2003, Enterprise Edition < SP1 (x86), Microsoft Windows Server 2003, Datacenter Edition < SP1 (x86), Microsoft Windows Server 2003, Web Edition < SP1 (x86), Microsoft Windows Small Business Server 2003 < SP1 (x86) Download and apply the patch from: LinkTitle: http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003-kb893066-v2-x86-enu_ed6adba942906756fec6fea17347ba1a526c594b.exe LinkURL: http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003-kb893066-v2-x86-enu_ed6adba942906756fec6fea17347ba1a526c594b.exe Microsoft Windows 2000 SP4 OR SP3 (x86), Microsoft Windows 2000 Professional SP4 OR SP3 (x86), Microsoft Windows 2000 Server SP4 OR SP3 (x86), Microsoft Windows 2000 Advanced Server SP4 OR SP3 (x86), Microsoft Windows 2000 Datacenter Server SP4 OR SP3 (x86) Download and apply the patch from: LinkTitle: http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windows2000-kb893066-v2-x86-enu_a5b95ec14e70e531e784ea83e633d24a0ea83795.exe LinkURL: http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windows2000-kb893066-v2-x86-enu_a5b95ec14e70e531e784ea83e633d24a0ea83795.exe Microsoft Windows XP Professional SP2 OR SP1 (x86), Microsoft Windows XP Home SP2 OR SP1 (x86) Download and apply the patch from: LinkTitle: http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsxp-kb893066-v2-x86-enu_3d2029a4300c0b7943b20c1287c8143087045d52.exe LinkURL: http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsxp-kb893066-v2-x86-enu_3d2029a4300c0b7943b20c1287c8143087045d52.exe Microsoft Windows Server 2003 SP1 OR < SP1 (x86), Microsoft Windows Server 2003, Standard Edition SP1 OR < SP1 (x86), Microsoft Windows Server 2003, Enterprise Edition SP1 OR < SP1 (x86), Microsoft Windows Server 2003, Datacenter Edition SP1 OR < SP1 (x86), Microsoft Windows Server 2003, Web Edition SP1 OR < SP1 (x86), Microsoft Windows Small Business Server 2003 SP1 OR < SP1 (x86) Download and apply the patch from: LinkTitle: http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003-kb922819-x86-enu_22c5d80f99afb4a79b6245a4b5db1e8c95cb03fa.exe LinkURL: http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003-kb922819-x86-enu_22c5d80f99afb4a79b6245a4b5db1e8c95cb03fa.exe Microsoft Windows Server 2003 SP1 (x86_64), Microsoft Windows Server 2003, Standard Edition SP1 (x86_64), Microsoft Windows Server 2003, Enterprise Edition SP1 (x86_64), Microsoft Windows Server 2003, Datacenter Edition SP1 (x86_64), Microsoft Windows Server 2003, Web Edition SP1 (x86_64), Microsoft Windows Small Business Server 2003 SP1 (x86_64) Download and apply the patch from: LinkTitle: http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003.windowsxp-kb922819-x64-enu_4c34629b0664f2d2cd78c0276e4bd6b5e72ede61.exe LinkURL: http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003.windowsxp-kb922819-x64-enu_4c34629b0664f2d2cd78c0276e4bd6b5e72ede61.exe Microsoft Windows XP Professional SP1 OR SP2 (x86), Microsoft Windows XP Home SP1 OR SP2 (x86) Download and apply the patch from: LinkTitle: http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsxp-kb922819-x86-enu_e4dceecdd4a72e5ad91cc78fe5f4572f91ee5db0.exe LinkURL: http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsxp-kb922819-x86-enu_e4dceecdd4a72e5ad91cc78fe5f4572f91ee5db0.exe Microsoft Windows Server 2003 SP1 OR < SP1 (ia64), Microsoft Windows Server 2003, Standard Edition SP1 OR < SP1 (ia64), Microsoft Windows Server 2003, Enterprise Edition SP1 OR < SP1 (ia64), Microsoft Windows Server 2003, Datacenter Edition SP1 OR < SP1 (ia64), Microsoft Windows Server 2003, Web Edition SP1 OR < SP1 (ia64), Microsoft Windows Small Business Server 2003 SP1 OR < SP1 (ia64) Download and apply the patch from: LinkTitle: http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003-kb922819-ia64-enu_34ecda284c6fc7b6fbbbfd6e2c823525ab9c838a.exe LinkURL: http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003-kb922819-ia64-enu_34ecda284c6fc7b6fbbbfd6e2c823525ab9c838a.exe Microsoft Windows XP Professional SP1 (x86_64) Download and apply the patch from: LinkTitle: http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003.windowsxp-kb922819-x64-enu_4c34629b0664f2d2cd78c0276e4bd6b5e72ede61.exe LinkURL: http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003.windowsxp-kb922819-x64-enu_4c34629b0664f2d2cd78c0276e4bd6b5e72ede61.exe Enable the TCP MD5 signature option as documented in LinkTitle: http://www.ietf.org/rfc/rfc2385.txt LinkURL: http://www.ietf.org/rfc/rfc2385.txt href: http://www.ietf.org/rfc/rfc2385.txt RFC 2385 . It was designed to reduce the danger from certain security attacks on BGP, such as TCP resets. In many situations, target systems are, by themselves, patched or otherwise unaffected by this vulnerability. In certain configurations, however, unaffected systems can be made vulnerable if the path between an attacker and the target system contains an affected and unpatched network device such as a firewall or router and that device is responsible for handling TCP connections for the target. In this case, locate and apply remediation steps for network devices along the route that are affected. ","tcp-seq-num-approximation","Red Hat Linux","Platform","TCP reset with incorrect sequence number triggered this fault on rhel54-6tsc_reg:22: An existing connection was forcibly closed by the remote host No response ","5.0",
+"vulnerable-exploited","0","rhel54-6tsc_reg","10.2.62.27","The remote host responded to an ICMP timestamp request. The ICMP timestamp response contains the remote host's date and time. This information could theoretically be used against some systems to exploit weak time-based random number generators in other services. In addition, the versions of some operating systems can be accurately fingerprinted by analyzing their responses to invalid ICMP timestamp requests. ","HP-UX Execute the following command: ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0 The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response). Cisco IOS Use ACLs to block ICMP types 13 and 14. For example: deny icmp any any 13 deny icmp any any 14 Note that it is generally preferable to use ACLs that block everything by default and then selectively allow certain types of traffic in. For example, block everything and then only allow ICMP unreachable, ICMP echo reply, ICMP time exceeded, and ICMP source quench: permit icmp any any unreachable permit icmp any any echo-reply permit icmp any any time-exceeded permit icmp any any source-quench The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response). SGI Irix IRIX does not offer a way to disable ICMP timestamp responses. Therefore, you should block ICMP on the affected host using ipfilterd, and/or block it at any external firewalls. The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response). Linux Linux offers neither a sysctl nor a /proc/sys/net/ipv4 interface to disable ICMP timestamp responses. Therefore, you should block ICMP on the affected host using iptables, and/or block it at the firewall. For example: ipchains -A input -p icmp --icmp-type timestamp-request -j DROP ipchains -A output -p icmp --icmp-type timestamp-reply -j DROP The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response). Microsoft Windows NT, Microsoft Windows NT Workstation, Microsoft Windows NT Server, Microsoft Windows NT Advanced Server, Microsoft Windows NT Server, Enterprise Edition, Microsoft Windows NT Server, Terminal Server Edition Windows NT 4 does not provide a way to block ICMP packets. Therefore, you should block them at the firewall. The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response). OpenBSD Set the net.inet.icmp.tstamprepl sysctl variable to 0. sysctl -w net.inet.icmp.tstamprepl=0 The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response). Cisco PIX A properly configured PIX firewall should never respond to ICMP packets on its external interface. In PIX Software versions 4.1(6) until 5.2.1, ICMP traffic to the PIX's internal interface is permitted; the PIX cannot be configured to NOT respond. Beginning in PIX Software version 5.2.1, ICMP is still permitted on the internal interface by default, but ICMP responses from its internal interfaces can be disabled with the icmp command, as follows, where <inside> is the name of the internal interface: icmp deny any 13 <inside> icmp deny any 14 <inside> Don't forget to save the configuration when you are finished. See Cisco's support document LinkTitle: http://www.cisco.com/warp/public/110/31.html LinkURL: http://www.cisco.com/warp/public/110/31.html href: http://www.cisco.com/warp/public/110/31.html Handling ICMP Pings with the PIX Firewall for more information. The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response). Sun Solaris Execute the following commands: /usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp 0 /usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0 The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response). Microsoft Windows 2000, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Datacenter Server Use the IPSec filter feature to define and apply an IP filter list that blocks ICMP types 13 and 14. Note that the standard TCP/IP blocking capability under the Networking and Dialup Connections control panel is NOT capable of blocking ICMP (only TCP and UDP). The IPSec filter features, while they may seem strictly related to the IPSec standards, will allow you to selectively block these ICMP packets. See LinkTitle: http://support.microsoft.com/kb/313190 LinkURL: http://support.microsoft.com/kb/313190 href: http://support.microsoft.com/kb/313190 for more information. The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response). Microsoft Windows XP, Microsoft Windows XP Home, Microsoft Windows XP Professional, Microsoft Windows Server 2003, Microsoft Windows Server 2003, Standard Edition, Microsoft Windows Server 2003, Enterprise Edition, Microsoft Windows Server 2003, Datacenter Edition, Microsoft Windows Server 2003, Web Edition, Microsoft Windows Small Business Server 2003 ICMP timestamp responses can be disabled by deselecting the allow incoming timestamp request option in the ICMP configuration panel of Windows Firewall. Go to the Network Connections control panel. Right click on the network adapter and select properties, or select the internet adapter and select File->Properties. Select the Advanced tab. In the Windows Firewall box, select Settings. Select the General tab. Enable the firewall by selecting the on (recommended) option. Select the Advanced tab. In the ICMP box, select Settings. Deselect (uncheck) the Allow incoming timestamp request option. Select OK to exit the ICMP Settings dialog and save the settings. Select OK to exit the Windows Firewall dialog and save the settings. Select OK to exit the internet adapter dialog. For more information, see: LinkTitle: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true LinkURL: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true href: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true Microsoft Windows Vista, Microsoft Windows Vista Home, Basic Edition, Microsoft Windows Vista Home, Basic N Edition, Microsoft Windows Vista Home, Premium Edition, Microsoft Windows Vista Ultimate Edition, Microsoft Windows Vista Enterprise Edition, Microsoft Windows Vista Business Edition, Microsoft Windows Vista Business N Edition, Microsoft Windows Vista Starter Edition, Microsoft Windows Server 2008, Microsoft Windows Server 2008 Standard Edition, Microsoft Windows Server 2008 Enterprise Edition, Microsoft Windows Server 2008 Datacenter Edition, Microsoft Windows Server 2008 HPC Edition, Microsoft Windows Server 2008 Web Edition, Microsoft Windows Server 2008 Storage Edition, Microsoft Windows Small Business Server 2008, Microsoft Windows Essential Business Server 2008 ICMP timestamp responses can be disabled via the netsh command line utility. Go to the Windows Control Panel. Select Windows Firewall. In the Windows Firewall box, select Change Settings. Enable the firewall by selecting the on (recommended) option. Open a Command Prompt. Enter netsh firewall set icmpsetting 13 disable For more information, see: LinkTitle: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true LinkURL: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true href: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true Disable ICMP timestamp replies for the device. If the device does not support this level of configuration, the easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response). ","generic-icmp-timestamp","Red Hat Linux","Platform","Remote system time: 04:14:13.769 PDT ","0.0",
+"vulnerable-exploited","0","rhel54-6tsc_reg","10.2.62.27"," The remote host responded with a TCP timestamp. The TCP timestamp response can be used to approximate the remote host's uptime, potentially aiding in further attacks. Additionally, some operating systems can be fingerprinted based on the behavior of their TCP timestamps. ","Cisco Run the following command to disable TCP timestamps: no ip tcp timestamp FreeBSD Set the value of net.inet.tcp.rfc1323 to 0 by running the following command: sysctl -w net.inet.tcp.rfc1323=0 Additionally, put the following value in the default sysctl configuration file, generally sysctl.conf: net.inet.tcp.rfc1323=0 Linux Set the value of net.ipv4.tcp_timestamps to 0 by running the following command: sysctl -w net.ipv4.tcp_timestamps=0 Additionally, put the following value in the default sysctl configuration file, generally sysctl.conf: net.ipv4.tcp_timestamps=0 OpenBSD Set the value of net.inet.tcp.rfc1323 to 0 by running the following command: sysctl -w net.inet.tcp.rfc1323=0 Additionally, put the following value in the default sysctl configuration file, generally sysctl.conf: net.inet.tcp.rfc1323=0 Microsoft Windows Set the Tcp1323Opts value in the following key to 0: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters ","generic-tcp-timestamp","Red Hat Linux","Platform","Apparent system boot time: Wed Apr 27 19:07:59 PDT 2011 ","0.0",
+"vulnerable-version","22,tcp","rhel54-6tsc_reg","10.2.62.27"," Before version 4.7, OpenSSH did not properly handle when an untrusted cookie could not be created. In its place, it uses a trusted X11 cookie. This allows attackers to violate intended policy and gain user privileges by causing an X client to be treated as trusted. ","Download and apply the upgrade from: LinkTitle: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.7p1.tar.gz LinkURL: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.7p1.tar.gz Version 4.7 of OpenSSH was released on September 4th, 2007. While you can always LinkTitle: http://www.openssh.com/portable.html LinkURL: http://www.openssh.com/portable.html href: http://www.openssh.com/portable.html build OpenSSH from source , many platforms and distributions provide pre-built binary packages for OpenSSH. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","openssh-x11-cookie-auth-bypass","Red Hat Linux","Application","Running vulnerable SSH service: OpenSSH 4.3. SSH public key with fingerprint D06066CF8D93030436C9254A46B0850D is not a known weak key Running vulnerable SSH service. Was not able to authenticate to the SSH service with no credentials. Running vulnerable SSH service. Was not able to authenticate to the SSH service with no credentials. Running not-vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. Running vulnerable SSH service. Was not able to authenticate to the SSH service with no credentials. Running not-vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. ","7.5",
+"vulnerable-version","22,tcp","rhel54-6tsc_reg","10.2.62.27"," Certain versions of OpenSSH do not properly bind TCP ports on the local IPv6 interface if the required IPv4 ports are in use. This could allow a local attacker to hijack a forwarded X11 session via opening TCP port 6010 (IPv4). ","Download and apply the upgrade from: LinkTitle: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.0p1.tar.gz LinkURL: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.0p1.tar.gz Version 5.0 of OpenSSH was released on April 3rd, 2008. While you can always LinkTitle: http://www.openssh.com/portable.html LinkURL: http://www.openssh.com/portable.html href: http://www.openssh.com/portable.html build OpenSSH from source , many platforms and distributions provide pre-built binary packages for OpenSSH. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","ssh-openssh-x11-fowarding-info-disclosure","Red Hat Linux","Application","Running vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. ","6.0",
+"vulnerable-version","22,tcp","rhel54-6tsc_reg","10.2.62.27"," Certain versions of OpenSSH ship with a flawed implementation of the block cipher algorithm in the Cipher Block Chaining (CBC) mode. This could allow a remote attacker to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors. ","Download and apply the upgrade from: LinkTitle: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.2p1.tar.gz LinkURL: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.2p1.tar.gz Version 5.2 of OpenSSH was released on February 22nd, 2009. While you can always LinkTitle: http://www.openssh.com/portable.html LinkURL: http://www.openssh.com/portable.html href: http://www.openssh.com/portable.html build OpenSSH from source , many platforms and distributions provide pre-built binary packages for OpenSSH. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","ssh-openssh-cbc-mode-info-disclosure","Red Hat Linux","Application","Running vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. ","2.6",
+"vulnerable-version","22,tcp","rhel54-6tsc_reg","10.2.62.27"," Certain versions of OpenSSH set the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled. This could allow a local attacker to hijack the X11 forwarding port via a bind to a single IP address. ","Download and apply the upgrade from: LinkTitle: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.1p1.tar.gz LinkURL: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.1p1.tar.gz Version 5.1 of OpenSSH was released on July 21st, 2008. While you can always LinkTitle: http://www.openssh.com/portable.html LinkURL: http://www.openssh.com/portable.html href: http://www.openssh.com/portable.html build OpenSSH from source , many platforms and distributions provide pre-built binary packages for OpenSSH. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","ssh-openssh-x11uselocalhost-x11-forwarding-session-hijack","Red Hat Linux","Application","Running vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service. Running not-vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. Running not-vulnerable SSH service: OpenSSH 4.3. ","1.2",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A flaw was found with within mod_isapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using mod_isapi, a remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one process, this would result in a denial of service, and potentially allow arbitrary code execution.Acknowledgements: We would like to thank Brett Gervasoni of Sense of Security for reporting and proposing a patch fix for this issue. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.15.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.15.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","apache-httpd-2_2_x-mod_isapi-module-unload-flaw-cve-2010-0425","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service. ","10.0",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.13.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.13.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","http-apache-apr_palloc-heap-overflow","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service. Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service. Running vulnerable HTTP service. Running vulnerable HTTP service. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. ","10.0",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A flaw was found in the mod_proxy_ftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.14.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.14.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","apache-httpd-2_2_x-mod_proxy_ftp-ftp-command-injection-cve-2009-3095","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. ","7.5",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.12.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.12.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","http-apache-apr-util-xml-dos","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service. Running vulnerable HTTP service. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service. Running vulnerable HTTP service. /r7.txt was not successfully PUT on the server. Could not find a URL to verify Could not find a URL to verify Could not find a URL to verify Could not find a URL to verify Could not find a URL to verify Could not find a URL to verify Could not find a URL to verify Could not find a URL to verify Could not find a URL to verify Could not find a URL to verify Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. ","7.8",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A denial of service flaw was found in the mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.12.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.12.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","http-apache-mod_deflate-dos","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. ","7.1",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A denial of service flaw was found in the mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.12.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.12.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","http-apache-mod_proxy-reverse-proxy-dos","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service. Running vulnerable HTTP service. Running vulnerable HTTP service. Running vulnerable HTTP service. Running vulnerable HTTP service. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service. Diagnostics page not returned ","7.1",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.12.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.12.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","http-apache-apr-util-off-by-one-overflow","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Login failed. Running vulnerable HTTP service. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. ","6.4",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://www.apache.org/dist/httpd/httpd-2.2.17.tar.gz LinkURL: http://www.apache.org/dist/httpd/httpd-2.2.17.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","apache-httpd-2_2_x-cve-2009-3560","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. ","5.0",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://www.apache.org/dist/httpd/httpd-2.2.17.tar.gz LinkURL: http://www.apache.org/dist/httpd/httpd-2.2.17.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","apache-httpd-2_2_x-cve-2009-3720","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. ","5.0",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A flaw was found in the apr_brigade_split_line() function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://www.apache.org/dist/httpd/httpd-2.2.17.tar.gz LinkURL: http://www.apache.org/dist/httpd/httpd-2.2.17.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","apache-httpd-2_2_x-cve-2010-1623","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. ","5.0",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A flaw was found in the handling of requests by mod_cache and mod_dav. A malicious remote attacker could send a carefully crafted request and cause a httpd child process to crash. This crash would only be a denial of service if using the worker MPM. This issue is further mitigated as mod_dav is only affected by requests that are most likely to be authenticated, and mod_cache is only affected if the uncommon CacheIgnoreURLSessionIdentifiers directive, introduced in version 2.2.14, is used.Acknowledgements: This issue was reported by Mark Drayton. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.16.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.16.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","apache-httpd-2_2_x-mod_cache-and-mod_dav-dos-cve-2010-1452","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. ","5.0",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.6.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.6.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","apache-httpd-2_2_x-mod_proxy-crash-cve-2007-3847","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. ","5.0",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A flaw was found in the handling of excessive interim responses from an origin server when using mod_proxy_http. A remote attacker could cause a denial of service or high memory usage. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.9.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.9.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","apache-httpd-2_2_x-mod_proxy_http-dos-cve-2008-2364","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. ","5.0",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.6.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.6.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","apache-httpd-2_2_x-signals-to-arbitrary-processes-cve-2007-3304","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. ","4.7",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A flaw was found in the handling of the Options and AllowOverride directives. In configurations using the AllowOverride directive with certain Options= arguments, local users were not restricted from executing commands from a Server-Side-Include script as intended. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.12.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.12.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","http-apache-allowoveride-options-handling-bypass","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. ","4.9",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A bug was found in the mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.6.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.6.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","http-apache-mod_cache-proxy-dos","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. ","5.0",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service.Acknowledgements: We would like to thank Niku Toivola of Sulake Corporation for reporting and proposing a patch fix for this issue. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.15.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.15.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","http-apache-mod_proxy_ajp-dos","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. ","5.0",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A NULL pointer dereference flaw was found in the mod_proxy_ftp module. A malicious FTP server to which requests are being proxied could use this flaw to crash an httpd child process via a malformed reply to the EPSV or PASV commands, resulting in a limited denial of service. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.14.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.14.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","http-apache-mod_proxy_ftp-dos","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. ","5.4",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," Faulty error handling was found affecting Solaris pollset support (Event Port backend) caused by a bug in APR. A remote attacker could trigger this issue on Solaris servers which used prefork or event MPMs, resulting in a denial of service. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.14.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.14.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","http-apache-solaris-pollset-dos","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service. Running vulnerable HTTP service. ","5.0",
+"vulnerable-exploited","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A web directory was found to be browsable, which means that anyone can see the contents of the directory. These directories can be found: via page spidering (following hyperlinks), or as part of a parent path (checking each directory along the path and searching for Directory Listing or similar strings), or by brute forcing a list of common directories. Browsable directories could allow an attacker to view hidden files in the web root, including CGI scripts, data files, or backup pages. Web Directory Browsing ","Apache In your httpd.conf file, disable the Indexes option for the appropriate <Directory> tag by removing it from the Options line. In addition, you should always make sure that proper permissions are set on all files and directories within the web root (including CGI scripts and backup files). Do not copy files in the web root unless you want these files to be available over the web. Periodically go through your web directories and clean out any unused, obsolete, or unknown files and directories. IIS, PWS, Microsoft-IIS, Internet Information Server, Internet Information Services, Microsoft-PWS In the Internet Information Services control panel or MMC, choose the appropriate virtual directory entry and select Properties. Uncheck the 'Allow Directory Browsing' option. In addition, you should always make sure that proper permissions are set on all files and directories within the web root (including CGI scripts and backup files). Do not copy files in the web root unless you want these files to be available over the web. Periodically go through your web directories and clean out any unused, obsolete, or unknown files and directories. Java System Web Server, iPlanet The iPlanet web server indexes directories by searching the directory for an index file (by default index.html or home.html). If an index file is not found, the Document Preferences settings are checked to see what the Directory Indexing setting contains. This should be set to None to disable directory indexing. For older versions of iPlanet that do not support the Directory Indexing setting, create a file called index.html or home.html in each directory. This page will then be served instead of a directory listing. Apache Tomcat, Tomcat, Tomcat Web Server, Apache Coyote, Apache-Coyote Edit Tomcat's web.xml file. In the default servlet, change the listings parameter from true to false. Restart the server. In addition, you should always make sure that proper permissions are set on all files and directories within the web root (including CGI scripts and backup files). Do not copy files in the web root unless you want these files to be available over the web. Periodically go through your web directories and clean out any unused, obsolete, or unknown files and directories. ","http-generic-browsable-dir","Red Hat Linux","Application","4: <title>Index of /icons</title>5: </head>6: <body>7: <h1>Index of /icons</h1>8: ...CO]></th><th><a href=?C=N;O=D>Name</a></th><th><a href=?C=M;O=A... Running vulnerable HTTP service. Running vulnerable HTTP service. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. ","5.0",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A flaw was found in the mod_imagemap module. On sites where mod_imagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.8.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.8.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","apache-httpd-2_2_x-mod_imagemap-xss-cve-2007-5000","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service. ","4.3",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A flaw was found in the handling of wildcards in the path of a FTP URL with mod_proxy_ftp. If mod_proxy_ftp is enabled to support FTP-over-HTTP, requests containing globbing characters could lead to cross-site scripting (XSS) attacks. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.10.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.10.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","apache-httpd-2_2_x-mod_proxy_ftp-globbing-xss-cve-2008-2939","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. ","4.3",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A workaround was added in the mod_proxy_ftp module. On sites where mod_proxy_ftp is enabled and a forward proxy is configured, a cross-site scripting attack is possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.8.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.8.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","apache-httpd-2_2_x-mod_proxy_ftp-utf-7-xss-cve-2008-0005","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service. ","4.3",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.8.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.8.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","apache-httpd-2_2_x-mod_status-xss-cve-2007-6388","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. ","4.3",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.12.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.12.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","http-apache-apr-util-heap-underwrite","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. ","4.3",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," The mod_proxy_balancer provided an administrative interface that could be vulnerable to cross-site request forgery (CSRF) attacks. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.9.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.9.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","http-apache-mod_proxy_balancer-csrf","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. ","4.3",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A flaw was found in the mod_proxy_balancer module. On sites where mod_proxy_balancer is enabled, an authorized user could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.8.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.8.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","http-apache-mod_proxy_balancer-dos","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. ","4.0",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A flaw was found in the mod_proxy_balancer module. On sites where mod_proxy_balancer is enabled, a cross-site scripting attack against an authorized user is possible. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.8.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.8.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","http-apache-mod_proxy_balancer-xss","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service. Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. ","3.5",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A flaw was found in the mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.6.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.6.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","http-apache-mod_status-xss","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. ","4.3",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27"," A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headers_in array to the subrequest, instead of a pointer to the parent request's array as it had for requests without request bodies. This meant all modules such as mod_headers which may manipulate the input headers for a subrequest would poison the parent request in two ways, one by modifying the parent request, which might not be intended, and second by leaving pointers to modified header fields in memory allocated to the subrequest scope, which could be freed before the main request processing was finished, resulting in a segfault or in revealing data from another request on threaded servers, such as the worker or winnt MPMs.Acknowledgements: We would like to thank Philip Pickett of VMware for reporting and proposing a fix for this issue. ","Apache >= 2.2 and < 2.3 Download and apply the upgrade from: LinkTitle: http://archive.apache.org/dist/httpd/httpd-2.2.15.tar.gz LinkURL: http://archive.apache.org/dist/httpd/httpd-2.2.15.tar.gz Many platforms and distributions provide pre-built binary packages for Apache. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system. ","http-apache-request-header-info-disclosure","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service. Running vulnerable HTTP service. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service. Running vulnerable HTTP service: Apache 2.2.3. Running not-vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. Running vulnerable HTTP service: Apache 2.2.3. MIME boundary was not retrieved. ","4.3",
+"vulnerable-exploited","80,tcp","rhel54-6tsc_reg","10.2.62.27","The HTTP TRACE method is normally used to return the full HTTP request back to the requesting client for proxy-debugging purposes. An attacker can create a webpage using XMLHTTP, ActiveX, or XMLDOM to cause a client to issue a TRACE request and capture the client's cookies. This effectively results in a Cross-Site Scripting attack. ","Apache Newer versions of Apache (1.3.34 and 2.0.55 and later) provide a configuration directive called TraceEnable. To deny TRACE requests, add the following line to the server configuration: TraceEnable off For older versions of the Apache webserver, use the mod_rewrite module to deny the TRACE requests: RewriteEngine OnRewriteCond %{REQUEST_METHOD} ^TRACERewriteRule .* - [F] IIS, PWS, Microsoft-IIS, Internet Information Server, Internet Information Services, Microsoft-PWS For Microsoft Internet Information Services (IIS), you may use the URLScan tool, freely available at LinkTitle: http://www.microsoft.com/technet/security/tools/urlscan.mspx LinkURL: http://www.microsoft.com/technet/security/tools/urlscan.mspx href: http://www.microsoft.com/technet/security/tools/urlscan.mspx http://www.microsoft.com/technet/security/tools/urlscan.mspx Java System Web Server, SunONE WebServer, Sun-ONE-Web-Server, iPlanet For Sun ONE/iPlanet Web Server v6.0 SP2 and later, add the following configuration to the top of the default object in the 'obj.conf' file: <Client method=TRACE> AuthTrans fn=set-variable remove-headers=transfer-encoding set-headers=content-length: -1 error=501</Client> You must then restart the server for the changes to take effect. For Sun ONE/iPlanet Web Server prior to v6.0 SP2, follow the instructions provided the 'Relief/Workaround' section of Sun's official advisory: LinkTitle: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603 LinkURL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603 href: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603 Lotus Domino Follow LinkTitle: http://www-1.ibm.com/support/docview.wss?&uid=swg21201202 LinkURL: http://www-1.ibm.com/support/docview.wss?&uid=swg21201202 href: http://www-1.ibm.com/support/docview.wss?&uid=swg21201202 IBM's instructions for disabling HTTP methods on the Domino server by adding the following line to theserver's NOTES.INI file: HTTPDisableMethods=TRACE After saving NOTES.INI, restart the Notes web server by issuing the consolecommand tell http restart. ","http-trace-method-enabled","Red Hat Linux","Application","Running vulnerable HTTP service. 1: TRACE / HTTP/1.12: Host: rhel54-6tsc_reg3: Cookie: vulnerable=yes Running vulnerable HTTP service. No WebDAV HTTP methods were found to be enabled on '/icons/' No WebDAV HTTP methods were found to be enabled on '/icons/' No WebDAV HTTP methods were found to be enabled on '/error/' No WebDAV HTTP methods were found to be enabled on '/' No WebDAV HTTP methods were found to be enabled on '/icons/small/' Server did not respond to OPTIONS request with an Allow header. ","4.0",
+"vulnerable-version","80,tcp","rhel54-6tsc_reg","10.2.62.27","WebDAV is a set of extensions to the HTTP protocol that allows users to collaboratively edit and manage files on remote web servers. Many web servers enable WebDAV extensions by default, even when they are not needed. Because of its added complexity, it is considered good practice to disable WebDAV if it is not currently in use. Web ","IIS, PWS, Microsoft-IIS, Internet Information Server, Internet Information Services, Microsoft-PWS For Microsoft IIS, follow LinkTitle: http://support.microsoft.com/default.aspx?kbid=241520 LinkURL: http://support.microsoft.com/default.aspx?kbid=241520 href: http://support.microsoft.com/default.aspx?kbid=241520 Microsoft's instructions to disable WebDAV for the entire server. Apache Make sure the mod_dav module is disabled, or ensure that authentication is required on directories where DAV is required. Apache Tomcat, Tomcat, Tomcat Web Server Disable the WebDAV Servlet for all web applications found on the web server.This can be done by removing the servlet definition for WebDAV(the org.apache.catalina.servlets.WebdavServlet class) and remove all servletmappings referring to the WebDAV servlet. Java System Web Server, iPlanet, SunONE WebServer, Sun-ONE-Web-Server Disable WebDAV on the web server. This can be done by disabling WebDAV forthe server instance and for all virtual servers. To disable WebDAV for the server instance, enter the Server Manager anduncheck the Enable WebDAV Globally checkbox then click the OK button. To disable WebDAV for each virtual server, enter the Class Manager anduncheck the Enable WebDAV Globally checkbox next to each server instancethen click the OK button. ","http-generic-webdav-enabled","Red Hat Linux","Application","Running vulnerable HTTP service: Apache 2.2.3. Server did not respond to OPTIONS request with an Allow header. No WebDAV HTTP methods were found to be enabled on '/' No WebDAV HTTP methods were found to be enabled on '/icons/small/' No WebDAV HTTP methods were found to be enabled on '/error/' ","5.0",

metadata

@@ -0,0 +1,72 @@
+--- !ruby/object:Gem::Specification
+name: nexpose_csv_generator
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Christopher Lee
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2011-06-17 00:00:00.000000000 -07:00
+default_executable: 
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: nexpose
+  requirement: &25177128 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.0.3
+  type: :runtime
+  prerelease: false
+  version_requirements: *25177128
+description: ! "  This is a tool that connects to an NSC instance to generate a user
+  specified delimited report with the following fields:\n\tVulnerable Status || Port
+  Details || IP || Hostname || Vulnerability Description || Vulnerability Remediation
+  || Unique ID || Operating System || Vulnerability Category || Proof || CVSS Score\n\n
+  \ Execute 'csv_creator --help' for options after installing this gem.\n"
+email: christopher_lee@rapid7.com
+executables:
+- csv_creator
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/raw_xml_data_builder.rb
+- lib/report_generator_options.rb
+- lib/test.csv
+- lib/formatters/default_formatter.rb
+- lib/formatters/formatter.rb
+- lib/formatters/paragraph.rb
+- bin/csv_creator
+has_rdoc: true
+homepage: 
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.5.2
+signing_key: 
+specification_version: 3
+summary: ! 'Connects to an NSC instance to generate a user specified delimited report
+  with the following fields: Vulnerable Status || Port Details || DNS || Vulnerability
+  Information || Unique ID || Operating System || Vulnerability Category || Proof
+  || CVSS Score'
+test_files: []