RubyGems - qualys - Versions diffs - 0.1.4 → 0.1.5 - Mend

qualys 0.1.4 → 0.1.5

Files changed (44) hide show

checksums.yaml +4 -4
data/.gitignore +3 -2
data/.rubocop.yml +7 -0
data/.rubocop_todo.yml +71 -0
data/.travis.yml +13 -1
data/Gemfile +3 -1
data/Gemfile.lock +91 -0
data/README.md +50 -10
data/Rakefile +3 -4
data/lib/qualys.rb +10 -11
data/lib/qualys/api.rb +38 -47
data/lib/qualys/auth.rb +11 -20
data/lib/qualys/compliance.rb +3 -7
data/lib/qualys/config.rb +3 -5
data/lib/qualys/host.rb +17 -0
data/lib/qualys/report.rb +90 -0
data/lib/qualys/scans.rb +10 -22
data/lib/qualys/version.rb +1 -1
data/lib/qualys/vulnerability.rb +74 -0
data/qualys.gemspec +18 -19
data/spec/fixtures/vcr_cassettes/api_get.yml +52 -0
data/spec/fixtures/vcr_cassettes/create_global_report.yml +68 -0
data/spec/fixtures/vcr_cassettes/emptyscans.yml +35 -0
data/spec/fixtures/vcr_cassettes/get.yml +107 -0
data/spec/fixtures/vcr_cassettes/global_report.yml +17800 -0
data/spec/fixtures/vcr_cassettes/load_global_report.yml +625 -0
data/spec/fixtures/vcr_cassettes/login.yml +50 -0
data/spec/fixtures/vcr_cassettes/logout.yml +50 -0
data/spec/fixtures/vcr_cassettes/scan.yml +73 -0
data/spec/fixtures/vcr_cassettes/scans.yml +89 -0
data/spec/fixtures/vcr_cassettes/templates.yml +121 -0
data/spec/fixtures/vcr_cassettes/try_load_not_existing_report.yml +63 -0
data/spec/fixtures/vcr_cassettes/unlogged.yml +45 -0
data/spec/fixtures/vcr_cassettes/wrong.yml +101 -0
data/spec/qualys/api_spec.rb +27 -0
data/spec/qualys/report_spec.rb +65 -0
data/spec/qualys/scans_spec.rb +75 -0
data/spec/qualys/version_spec.rb +11 -0
data/spec/qualys/vulnerability_spec.rb +53 -0
data/spec/qualys_spec.rb +20 -0
data/spec/spec_helper.rb +37 -0
metadata +61 -15
data/.rock.yml +0 -17
data/lib/qualys/reports.rb +0 -47

data/spec/fixtures/vcr_cassettes/load_global_report.yml ADDED

@@ -0,0 +1,625 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: https://qualysapi.qualys.eu/api/2.0/fo/report/?action=fetch&id=4888430
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      X-Requested-With:
+      - Qualys Ruby Client v0.1.3
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Date:
+      - Tue, 12 Dec 2017 10:00:00 GMT
+      Server:
+      - Qualys
+      X-Xss-Protection:
+      - '1'
+      X-Content-Type-Options:
+      - nosniff
+      X-Frame-Options:
+      - SAMEORIGIN
+      Expires:
+      - Thu, 19 Nov 1981 08:52:00 GMT
+      Cache-Control:
+      - ''
+      Pragma:
+      - ''
+      X-Ratelimit-Limit:
+      - '300'
+      X-Ratelimit-Window-Sec:
+      - '3600'
+      X-Concurrency-Limit-Limit:
+      - '2'
+      X-Concurrency-Limit-Running:
+      - '0'
+      X-Ratelimit-Towait-Sec:
+      - '0'
+      X-Ratelimit-Remaining:
+      - '292'
+      Content-Length:
+      - '55643'
+      Content-Disposition:
+      - attachment; filename=Scan_Report_Generated_by_Ruby_Qualys_gem_Thomas_20171212.xml
+      Content-Type:
+      - application/xml
+    body:
+      encoding: UTF-8
+      string: "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n\n<!DOCTYPE ASSET_DATA_REPORT
+        SYSTEM \"https://qualysguard.qualys.eu/asset_data_report.dtd\">\n<ASSET_DATA_REPORT>\n
+        \ <HEADER>\n    <COMPANY><![CDATA[ACME]]></COMPANY>\n    <USERNAME>Thomas</USERNAME>\n
+        \   <GENERATION_DATETIME>2017-12-12T09:55:42Z</GENERATION_DATETIME>\n    <TEMPLATE><![CDATA[Technical
+        Report]]></TEMPLATE>\n    <TARGET>\n      <USER_ASSET_GROUPS>\n        <ASSET_GROUP_TITLE><![CDATA[All]]></ASSET_GROUP_TITLE>\n
+        \     </USER_ASSET_GROUPS>\n      <COMBINED_IP_LIST>\n        <RANGE>\n          <START>47.69.112.62</START>\n
+        \         <END>47.69.112.62</END>\n        </RANGE>\n        <RANGE>\n          <START>88.78.187.177</START>\n
+        \         <END>88.78.187.177</END>\n        </RANGE>\n        <RANGE>\n          <START>192.168.1.100</START>\n
+        \         <END>192.168.1.100</END>\n        </RANGE>\n      </COMBINED_IP_LIST>\n
+        \   </TARGET>\n    <RISK_SCORE_SUMMARY>\n      <TOTAL_VULNERABILITIES>19</TOTAL_VULNERABILITIES>\n
+        \     <AVG_SECURITY_RISK>2.4</AVG_SECURITY_RISK>\n      <BUSINESS_RISK>12/100</BUSINESS_RISK>\n
+        \   </RISK_SCORE_SUMMARY>\n  </HEADER>\n  <HOST_LIST>\n    <HOST>\n      <IP>47.69.112.62</IP>\n
+        \     <TRACKING_METHOD>IP</TRACKING_METHOD>\n      <DNS><![CDATA[12.ip-34-56-789.ab]]></DNS>\n
+        \     <OPERATING_SYSTEM><![CDATA[Ubuntu / Tiny Core Linux / Linux 2.6.x]]></OPERATING_SYSTEM>\n
+        \     <VULN_INFO_LIST>\n        <VULN_INFO>\n          <QID id=\"qid_38173\">38173</QID>\n
+        \         <TYPE>Vuln</TYPE>\n          <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n
+        \         <PROTOCOL>tcp</PROTOCOL>\n          <SSL>true</SSL>\n          <RESULT><![CDATA[Certificate
+        #0 CN=localhost.localdomain self signed certificate]]></RESULT>\n          <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n        <VULN_INFO>\n
+        \         <QID id=\"qid_38685\">38685</QID>\n          <TYPE>Vuln</TYPE>\n
+        \         <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n
+        \         <SSL>true</SSL>\n          <RESULT><![CDATA[Certificate #0 CN=localhost.localdomain
+        \ is valid for more than 39 months]]></RESULT>\n          <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n        <VULN_INFO>\n
+        \         <QID id=\"qid_38169\">38169</QID>\n          <TYPE>Vuln</TYPE>\n
+        \         <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n
+        \         <SSL>true</SSL>\n          <RESULT><![CDATA[Certificate #0 CN=localhost.localdomain
+        \ is a self signed certificate.]]></RESULT>\n          <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n        <VULN_INFO>\n
+        \         <QID id=\"qid_38170\">38170</QID>\n          <TYPE>Vuln</TYPE>\n
+        \         <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n
+        \         <SSL>true</SSL>\n          <RESULT><![CDATA[Certificate #0 CN=localhost.localdomain
+        (localhost.localdomain) doesn&apos;t resolve]]></RESULT>\n          <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n        <VULN_INFO>\n
+        \         <QID id=\"qid_38628\">38628</QID>\n          <TYPE>Vuln</TYPE>\n
+        \         <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n
+        \         <SSL>true</SSL>\n          <RESULT><![CDATA[TLSv1.0 is supported]]></RESULT>\n
+        \         <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n          <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
+        \         <TIMES_FOUND>1</TIMES_FOUND>\n          <VULN_STATUS>New</VULN_STATUS>\n
+        \       </VULN_INFO>\n        <VULN_INFO>\n          <QID id=\"qid_38601\">38601</QID>\n
+        \         <TYPE>Vuln</TYPE>\n          <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n
+        \         <PROTOCOL>tcp</PROTOCOL>\n          <SSL>true</SSL>\n          <RESULT
+        format=\"table\"><![CDATA[CIPHER\tKEY-EXCHANGE\tAUTHENTICATION\tMAC\tENCRYPTION(KEY-STRENGTH)\tGRADE\nSSLv3
+        WITH RC4 CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nRC4-MD5\tRSA\tRSA\tMD5\tRC4(128)\tMEDIUM\nRC4-SHA\tRSA\tRSA\tSHA1\tRC4(128)\tMEDIUM\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nECDHE-RSA-RC4-SHA\tECDH\tRSA\tSHA1\tRC4(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nTLSv1
+        WITH RC4 CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nRC4-MD5\tRSA\tRSA\tMD5\tRC4(128)\tMEDIUM\nRC4-SHA\tRSA\tRSA\tSHA1\tRC4(128)\tMEDIUM\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nECDHE-RSA-RC4-SHA\tECDH\tRSA\tSHA1\tRC4(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nTLSv1.1
+        WITH RC4 CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nRC4-MD5\tRSA\tRSA\tMD5\tRC4(128)\tMEDIUM\nRC4-SHA\tRSA\tRSA\tSHA1\tRC4(128)\tMEDIUM\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nECDHE-RSA-RC4-SHA\tECDH\tRSA\tSHA1\tRC4(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nTLSv1.2
+        WITH RC4 CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nRC4-MD5\tRSA\tRSA\tMD5\tRC4(128)\tMEDIUM\nRC4-SHA\tRSA\tRSA\tSHA1\tRC4(128)\tMEDIUM\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nECDHE-RSA-RC4-SHA\tECDH\tRSA\tSHA1\tRC4(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM]]></RESULT>\n
+        \         <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n          <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
+        \         <TIMES_FOUND>1</TIMES_FOUND>\n          <VULN_STATUS>New</VULN_STATUS>\n
+        \       </VULN_INFO>\n        <VULN_INFO>\n          <QID id=\"qid_38140\">38140</QID>\n
+        \         <TYPE>Vuln</TYPE>\n          <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n
+        \         <PROTOCOL>tcp</PROTOCOL>\n          <SSL>true</SSL>\n          <RESULT
+        format=\"table\"><![CDATA[CIPHER\tKEY-EXCHANGE\tAUTHENTICATION\tMAC\tENCRYPTION(KEY-STRENGTH)\tGRADE\nSSLv3
+        WEAK CIPHERS\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nEXP-RC2-CBC-MD5\tRSA(512)\tRSA\tMD5\tRC2(40)\tLOW\nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nTLSv1
+        WEAK CIPHERS\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nEXP-RC2-CBC-MD5\tRSA(512)\tRSA\tMD5\tRC2(40)\tLOW\nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nTLSv1.1
+        WEAK CIPHERS\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nEXP-RC2-CBC-MD5\tRSA(512)\tRSA\tMD5\tRC2(40)\tLOW\nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nTLSv1.2
+        WEAK CIPHERS\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nEXP-RC2-CBC-MD5\tRSA(512)\tRSA\tMD5\tRC2(40)\tLOW\nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW]]></RESULT>\n
+        \         <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n          <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
+        \         <TIMES_FOUND>1</TIMES_FOUND>\n          <VULN_STATUS>New</VULN_STATUS>\n
+        \       </VULN_INFO>\n        <VULN_INFO>\n          <QID id=\"qid_38142\">38142</QID>\n
+        \         <TYPE>Vuln</TYPE>\n          <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n
+        \         <PROTOCOL>tcp</PROTOCOL>\n          <SSL>true</SSL>\n          <RESULT
+        format=\"table\"><![CDATA[CIPHER\tKEY-EXCHANGE\tAUTHENTICATION\tMAC\tENCRYPTION(KEY-STRENGTH)\tGRADE\nSSLv3
+        SUPPORTS CIPHERS WITH NO AUTHENTICATION\t \t \t \t \t \nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nADH-AES128-SHA\tDH\tNone\tSHA1\tAES(128)\tMEDIUM\nADH-AES256-SHA\tDH\tNone\tSHA1\tAES(256)\tHIGH\nADH-CAMELLIA128-SHA\tDH\tNone\tSHA1\tCamellia(128)\tMEDIUM\nADH-CAMELLIA256-SHA\tDH\tNone\tSHA1\tCamellia(256)\tHIGH\nADH-SEED-SHA\tDH\tNone\tSHA1\tSEED(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nAECDH-AES128-SHA\tECDH\tNone\tSHA1\tAES(128)\tMEDIUM\nAECDH-AES256-SHA\tECDH\tNone\tSHA1\tAES(256)\tHIGH\nTLSv1
+        SUPPORTS CIPHERS WITH NO AUTHENTICATION\t \t \t \t \t \nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nADH-AES128-SHA\tDH\tNone\tSHA1\tAES(128)\tMEDIUM\nADH-AES256-SHA\tDH\tNone\tSHA1\tAES(256)\tHIGH\nADH-CAMELLIA128-SHA\tDH\tNone\tSHA1\tCamellia(128)\tMEDIUM\nADH-CAMELLIA256-SHA\tDH\tNone\tSHA1\tCamellia(256)\tHIGH\nADH-SEED-SHA\tDH\tNone\tSHA1\tSEED(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nAECDH-AES128-SHA\tECDH\tNone\tSHA1\tAES(128)\tMEDIUM\nAECDH-AES256-SHA\tECDH\tNone\tSHA1\tAES(256)\tHIGH\nTLSv1.1
+        SUPPORTS CIPHERS WITH NO AUTHENTICATION\t \t \t \t \t \nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nADH-AES128-SHA\tDH\tNone\tSHA1\tAES(128)\tMEDIUM\nADH-AES256-SHA\tDH\tNone\tSHA1\tAES(256)\tHIGH\nADH-CAMELLIA128-SHA\tDH\tNone\tSHA1\tCamellia(128)\tMEDIUM\nADH-CAMELLIA256-SHA\tDH\tNone\tSHA1\tCamellia(256)\tHIGH\nADH-SEED-SHA\tDH\tNone\tSHA1\tSEED(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nAECDH-AES128-SHA\tECDH\tNone\tSHA1\tAES(128)\tMEDIUM\nAECDH-AES256-SHA\tECDH\tNone\tSHA1\tAES(256)\tHIGH\nTLSv1.2
+        SUPPORTS CIPHERS WITH NO AUTHENTICATION\t \t \t \t \t \nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nADH-AES128-SHA\tDH\tNone\tSHA1\tAES(128)\tMEDIUM\nADH-AES256-SHA\tDH\tNone\tSHA1\tAES(256)\tHIGH\nADH-CAMELLIA128-SHA\tDH\tNone\tSHA1\tCamellia(128)\tMEDIUM\nADH-AES128-SHA256\tDH\tNone\tSHA256\tAES(128)\tMEDIUM\nADH-AES256-SHA256\tDH\tNone\tSHA256\tAES(256)\tHIGH\nADH-CAMELLIA256-SHA\tDH\tNone\tSHA1\tCamellia(256)\tHIGH\nADH-SEED-SHA\tDH\tNone\tSHA1\tSEED(128)\tMEDIUM\nADH-AES128-GCM-SHA256\tDH\tNone\tAEAD\tAESGCM(128)\tMEDIUM\nADH-AES256-GCM-SHA384\tDH\tNone\tAEAD\tAESGCM(256)\tHIGH\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nAECDH-AES128-SHA\tECDH\tNone\tSHA1\tAES(128)\tMEDIUM\nAECDH-AES256-SHA\tECDH\tNone\tSHA1\tAES(256)\tHIGH]]></RESULT>\n
+        \         <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n          <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
+        \         <TIMES_FOUND>1</TIMES_FOUND>\n          <VULN_STATUS>New</VULN_STATUS>\n
+        \       </VULN_INFO>\n        <VULN_INFO>\n          <QID id=\"qid_38657\">38657</QID>\n
+        \         <TYPE>Vuln</TYPE>\n          <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n
+        \         <PROTOCOL>tcp</PROTOCOL>\n          <SSL>true</SSL>\n          <RESULT
+        format=\"table\"><![CDATA[CIPHER\tKEY-EXCHANGE\tAUTHENTICATION\tMAC\tENCRYPTION(KEY-STRENGTH)\tGRADE\nSSLv3
+        WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEDH-RSA-DES-CBC3-SHA\tDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nECDHE-RSA-DES-CBC3-SHA\tECDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nTLSv1
+        WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEDH-RSA-DES-CBC3-SHA\tDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nECDHE-RSA-DES-CBC3-SHA\tECDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nTLSv1.1
+        WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEDH-RSA-DES-CBC3-SHA\tDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nECDHE-RSA-DES-CBC3-SHA\tECDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nTLSv1.2
+        WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEDH-RSA-DES-CBC3-SHA\tDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nECDHE-RSA-DES-CBC3-SHA\tECDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM]]></RESULT>\n
+        \         <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n          <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
+        \         <TIMES_FOUND>1</TIMES_FOUND>\n          <VULN_STATUS>New</VULN_STATUS>\n
+        \       </VULN_INFO>\n        <VULN_INFO>\n          <QID id=\"qid_38606\">38606</QID>\n
+        \         <TYPE>Vuln</TYPE>\n          <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n
+        \         <PROTOCOL>tcp</PROTOCOL>\n          <SSL>true</SSL>\n          <RESULT><![CDATA[SSLv3
+        is supported]]></RESULT>\n          <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n        <VULN_INFO>\n
+        \         <QID id=\"qid_82003\">82003</QID>\n          <TYPE>Vuln</TYPE>\n
+        \         <SSL>false</SSL>\n          <RESULT><![CDATA[Timestamp of host (network
+        byte ordering): 08:05:40 GMT]]></RESULT>\n          <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n        <VULN_INFO>\n
+        \         <QID id=\"qid_38603\">38603</QID>\n          <TYPE>Vuln</TYPE>\n
+        \         <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n
+        \         <SSL>false</SSL>\n          <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n        <VULN_INFO>\n
+        \         <QID id=\"qid_11827\">11827</QID>\n          <TYPE>Vuln</TYPE>\n
+        \         <PORT>443</PORT>\n          <SERVICE>http over ssl</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n
+        \         <SSL>false</SSL>\n          <RESULT><![CDATA[X-Frame-Options or
+        Content-Security-Policy: frame-ancestors HTTP Headers missing on port 443.\nGET
+        / HTTP/1.1\nHost: 12.ip-34-56-789.ab\nConnection: Keep-Alive\n\n\n\nX-XSS-Protection
+        HTTP Header missing on port 443.\nX-Content-Type-Options HTTP Header missing
+        on port 443.\nContent-Security-Policy HTTP Header missing on port 443.\nStrict-Transport-Security
+        HTTP Header missing on port 443.]]></RESULT>\n          <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n        <VULN_INFO>\n
+        \         <QID id=\"qid_11827\">11827</QID>\n          <TYPE>Vuln</TYPE>\n
+        \         <PORT>80</PORT>\n          <SERVICE>http</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n
+        \         <SSL>false</SSL>\n          <RESULT><![CDATA[X-Frame-Options or
+        Content-Security-Policy: frame-ancestors HTTP Headers missing on port 80.\nGET
+        / HTTP/1.1\nHost: 12.ip-34-56-789.ab\nConnection: Keep-Alive\n\n\n\nX-XSS-Protection
+        HTTP Header missing on port 80.\nX-Content-Type-Options HTTP Header missing
+        on port 80.\nContent-Security-Policy HTTP Header missing on port 80.]]></RESULT>\n
+        \         <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n          <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
+        \         <TIMES_FOUND>1</TIMES_FOUND>\n          <VULN_STATUS>New</VULN_STATUS>\n
+        \       </VULN_INFO>\n        <VULN_INFO>\n          <QID id=\"qid_38628\">38628</QID>\n
+        \         <TYPE>Vuln</TYPE>\n          <PORT>443</PORT>\n          <SERVICE>http
+        over ssl</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n          <SSL>true</SSL>\n
+        \         <RESULT><![CDATA[TLSv1.0 is supported]]></RESULT>\n          <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n        <VULN_INFO>\n
+        \         <QID id=\"qid_38657\">38657</QID>\n          <TYPE>Vuln</TYPE>\n
+        \         <PORT>443</PORT>\n          <SERVICE>http over ssl</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n
+        \         <SSL>true</SSL>\n          <RESULT format=\"table\"><![CDATA[CIPHER\tKEY-EXCHANGE\tAUTHENTICATION\tMAC\tENCRYPTION(KEY-STRENGTH)\tGRADE\nTLSv1
+        WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM\nTLSv1.1
+        WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM\nTLSv1.2
+        WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM]]></RESULT>\n
+        \         <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n          <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
+        \         <TIMES_FOUND>1</TIMES_FOUND>\n          <VULN_STATUS>New</VULN_STATUS>\n
+        \       </VULN_INFO>\n      </VULN_INFO_LIST>\n    </HOST>\n    <HOST>\n      <IP>88.78.187.177</IP>\n
+        \     <TRACKING_METHOD>IP</TRACKING_METHOD>\n      <DNS><![CDATA[ip123.ip-45-67-891.eu]]></DNS>\n
+        \     <OPERATING_SYSTEM><![CDATA[Ubuntu / Fedora / Tiny Core Linux / Linux
+        3.x]]></OPERATING_SYSTEM>\n      <VULN_INFO_LIST>\n        <VULN_INFO>\n          <QID
+        id=\"qid_11827\">11827</QID>\n          <TYPE>Vuln</TYPE>\n          <PORT>80</PORT>\n
+        \         <SERVICE>http</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n          <SSL>false</SSL>\n
+        \         <RESULT><![CDATA[Content-Security-Policy HTTP Header missing on
+        port 80.\nGET / HTTP/1.1\nHost: ip123.ip-45-67-891.eu\nConnection: Keep-Alive]]></RESULT>\n
+        \         <FIRST_FOUND>2017-12-05T09:48:50Z</FIRST_FOUND>\n          <LAST_FOUND>2017-12-05T09:48:50Z</LAST_FOUND>\n
+        \         <TIMES_FOUND>1</TIMES_FOUND>\n          <VULN_STATUS>New</VULN_STATUS>\n
+        \       </VULN_INFO>\n        <VULN_INFO>\n          <QID id=\"qid_11827\">11827</QID>\n
+        \         <TYPE>Vuln</TYPE>\n          <PORT>443</PORT>\n          <SERVICE>http
+        over ssl</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n          <SSL>false</SSL>\n
+        \         <RESULT><![CDATA[Content-Security-Policy HTTP Header missing on
+        port 443.\nGET / HTTP/1.1\nHost: ip123.ip-45-67-891.eu\nConnection: Keep-Alive]]></RESULT>\n
+        \         <FIRST_FOUND>2017-12-05T09:48:50Z</FIRST_FOUND>\n          <LAST_FOUND>2017-12-05T09:48:50Z</LAST_FOUND>\n
+        \         <TIMES_FOUND>1</TIMES_FOUND>\n          <VULN_STATUS>New</VULN_STATUS>\n
+        \       </VULN_INFO>\n        <VULN_INFO>\n          <QID id=\"qid_38628\">38628</QID>\n
+        \         <TYPE>Vuln</TYPE>\n          <PORT>443</PORT>\n          <SERVICE>http
+        over ssl</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n          <SSL>true</SSL>\n
+        \         <RESULT><![CDATA[TLSv1.0 is supported]]></RESULT>\n          <FIRST_FOUND>2017-12-05T09:48:50Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-05T09:48:50Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n      </VULN_INFO_LIST>\n
+        \   </HOST>\n  </HOST_LIST>\n  <GLOSSARY>\n    <VULN_DETAILS_LIST>\n      <VULN_DETAILS
+        id=\"qid_11827\">\n        <QID id=\"qid_11827\">11827</QID>\n        <TITLE><![CDATA[HTTP
+        Security Header Not Detected]]></TITLE>\n        <SEVERITY>2</SEVERITY>\n
+        \       <CATEGORY>CGI</CATEGORY>\n        <THREAT><![CDATA[This QID reports
+        the absence of the following <A HREF=\"https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers\"
+        TARGET=\"_blank\">HTTP headers</A> according to <A HREF=\"https://cwe.mitre.org/data/definitions/693.html\"
+        TARGET=\"_blank\">CWE-693: Protection Mechanism Failure</A>:<BR>\nX-Frame-Options:
+        This HTTP response header improves the protection of web applications against
+        clickjacking attacks. Clickjacking, also known as a &quot;UI redress attack&quot;,
+        allows an attacker to use multiple transparent or opaque layers to trick a
+        targeted user into clicking on a button or link on another page when they
+        were intending to click on the the top level page. <BR>\nX-XSS-Protection:
+        This HTTP header enables the browser built-in Cross-Site Scripting (XSS) filter
+        to prevent cross-site scripting attacks. X-XSS-Protection: 0; disables this
+        functionality.<BR>\nX-Content-Type-Options: This HTTP header prevents attacks
+        based on MIME-type mismatch. The only possible value is nosniff. If your server
+        returns X-Content-Type-Options: nosniff in the response, the browser will
+        refuse to load the styles and scripts in case they have an incorrect MIME-type.
+        <BR>\nContent-Security-Policy: This HTTP header helps to detect and mitigate
+        certain types of attacks, including Cross Site Scripting (XSS), packet sniffing
+        attacks and data injection attacks.<BR>\nStrict-Transport-Security: The HTTP
+        Strict-Transport-Security response header (HSTS) is a security feature that
+        lets a web site tell browsers that it should only be communicated with using
+        HTTPS, instead of using HTTP.<P>\nQID Detection Logic:<BR>\nThis unauthenticated
+        QID looks for the presence of the following HTTP responses:<BR>\nValid directives
+        for X-Frame-Options are:<BR>\nX-Frame-Options: DENY - The page cannot be displayed
+        in a frame, regardless of the site attempting to do so.<BR>\nX-Frame-Options:
+        SAMEORIGIN - The page can only be displayed in a frame on the same origin
+        as the page itself.<BR>\nX-Frame-Options: ALLOW-FROM RESOURCE-URL - The page
+        can only be displayed in a frame on the specified origin.<P>\nContent-Security-Policy:
+        frame-ancestors - This directive specifies valid parents that may embed a
+        page using frame, iframe, object, embed, or applet\nValid directives for X-XSS-Protections
+        are:<BR>\nX-XSS-Protection: 1 - Enables XSS filtering (usually default in
+        browsers). If a cross-site scripting attack is detected, the browser will
+        sanitize the page (remove the unsafe parts).<BR>\nX-XSS-Protection: 1; mode=block
+        - Enables XSS filtering. Rather than sanitizing the page, the browser will
+        prevent rendering of the page if an attack is detected.<BR>\nX-XSS-Protection:
+        1; report=URI  - Enables XSS filtering. If a cross-site scripting attack is
+        detected, the browser will sanitize the page and report the violation. This
+        uses the functionality of the CSP report-uri directive to send a report.<BR>\nX-XSS-Protection:
+        0 disables this directive and hence is also treated as not detected.<P>\nA
+        valid directive for X-Content-Type-Options: nosniff<P>\nA valid directive
+        for Content-Security-Policy: &lt;policy-directive&gt;; &lt;policy-directive&gt;<P>\nA
+        valid HSTS directive Strict-Transport-Security: max-age=&lt;expire-time&gt;;
+        [; includeSubDomains][; preload]<P>\n<B>NOTE:</B> All report-only directives
+        (where applicable) are considered invalid.]]></THREAT>\n        <IMPACT><![CDATA[Depending
+        on the vulnerability being exploited, an unauthenticated remote attacker could
+        conduct cross-site scripting, clickjacking or MIME-type sniffing attacks.]]></IMPACT>\n
+        \       <SOLUTION><![CDATA[CWE-693: Protection Mechanism Failure mentions
+        the following - The product does not use or incorrectly uses a protection
+        mechanism that provides sufficient defense against directed attacks against
+        the product. A &quot;missing&quot; protection mechanism occurs when the application
+        does not define any mechanism against a certain class of attack. An &quot;insufficient&quot;
+        protection mechanism might provide some defenses - for example, against the
+        most common attacks - but it does not protect against everything that is intended.
+        Finally, an &quot;ignored&quot; mechanism occurs when a mechanism is available
+        and in active use within the product, but the developer has not applied it
+        in some code path.<P>\nCustomers are advised to set proper <A HREF=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options\"
+        TARGET=\"_blank\">X-Frame-Options</A>, <A HREF=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection\"
+        TARGET=\"_blank\">X-XSS-Protection</A>, <A HREF=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP\"
+        TARGET=\"_blank\">Content Security Policy</A>, <A HREF=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options\"
+        TARGET=\"_blank\">X-Content-Type-Options</A> and <A HREF=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security\"
+        TARGET=\"_blank\">Strict-Transport-Security</A> HTTP response headers.<P>\nDepending
+        on their server software, customers can set directives in their site configuration
+        or Web.config files. Few examples are:<P>\nX-Frame-Options:<BR>\nApache: Header
+        always append X-Frame-Options SAMEORIGIN<BR>\nnginx: add_header X-Frame-Options
+        SAMEORIGIN;<BR>\nHAProxy: rspadd X-Frame-Options:\\ SAMEORIGIN<BR>\nIIS: &lt;HTTPPROTOCOL&gt;&lt;CUSTOMHEADERS&gt;&lt;ADD
+        NAME=&quot;X-Frame-Options&quot; VALUE=&quot;SAMEORIGIN&quot;&gt;&lt;/ADD&gt;&lt;/CUSTOMHEADERS&gt;&lt;/HTTPPROTOCOL&gt;<P>\nX-XSS-Protection:<BR>\nApache:
+        Header always set X-XSS-Protection &quot;1; mode=block&quot; <BR>\nPHP: header(&quot;X-XSS-Protection:
+        1; mode=block&quot;);<P>\nX-Content-Type-Options:<BR>\nApache: Header always
+        set X-Content-Type-Options: nosniff<P>\nContent-Security-Policy: (Please note
+        that these values may differ from website to website. The values below are
+        for informational purposes only. The scanner simply looks for the presence
+        of the security header.)<BR>\nApache: Header set Content-Security-Policy &quot;script-src
+        'self'; object-src 'self'&quot;<BR>\nIIS: &lt;SYSTEM.WEBSERVER&gt;&lt;HTTPPROTOCOL&gt;&lt;CUSTOMHEADERS&gt;&lt;ADD
+        NAME=&quot;Content-Security-Policy&quot; VALUE=&quot;default-src 'self';&quot;&gt;&lt;/ADD&gt;&lt;/CUSTOMHEADERS&gt;&lt;/HTTPPROTOCOL&gt;&lt;/SYSTEM.WEBSERVER&gt;<BR>\nnginx:
+        add_header Content-Security-Policy &quot;default-src 'self'; script-src 'self';<P>\nHTTP
+        Strict-Transport-Security:<BR>\nApache: Header always set Strict-Transport-Security
+        &quot;max-age=31536000; includeSubDomains&quot;<BR>\nNginx: add_header Strict-Transport-Security
+        max-age=31536000;]]></SOLUTION>\n        <PCI_FLAG>1</PCI_FLAG>\n        <LAST_UPDATE>2017-11-09T00:47:11Z</LAST_UPDATE>\n
+        \     </VULN_DETAILS>\n      <VULN_DETAILS id=\"qid_38140\">\n        <QID
+        id=\"qid_38140\">38140</QID>\n        <TITLE><![CDATA[SSL Server Supports
+        Weak Encryption Vulnerability]]></TITLE>\n        <SEVERITY>3</SEVERITY>\n
+        \       <CATEGORY>General remote services</CATEGORY>\n        <THREAT><![CDATA[The
+        Secure Socket Layer (SSL) protocol allows for secure communication between
+        a client and a server.\n<P>\nSSL encryption ciphers are classified based on
+        encryption key length as follows:<BR>\n<UL>\n<LI>HIGH - key length larger
+        than 128 bits\n<LI>MEDIUM - key length equal to 128 bits\n<LI>LOW - key length
+        smaller than 128 bits\n</UL>\n<P>\nMessages encrypted with LOW encryption
+        ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM
+        or HIGH strength ciphers to guarantee transaction security.\n<P>\nThe following
+        link provides more information about this vulnerability:\n<UL>\n<LI><A HREF=\"http://www.schneier.com/paper-ssl-revised.pdf\"
+        TARGET=\"_blank\">Analysis of the SSL 3.0 protocol</A>\n</UL>\n<P>\nPlease
+        note that this detection only checks for weak cipher support at the SSL layer.
+        Some servers may implement additional protection at the data layer. For example,
+        some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation
+        to complete but send back an error message and abort further communication
+        on the secure channel. This vulnerability may not be exploitable for such
+        configurations.]]></THREAT>\n        <IMPACT><![CDATA[An attacker can exploit
+        this vulnerability to decrypt secure communications without authorization.]]></IMPACT>\n
+        \       <SOLUTION><![CDATA[Disable support for LOW encryption ciphers.<P>\n<B>Apache</B>\n<BR>
+        If TLSv1.1 or TLSv1.2 are available, then those protocols should be used.\n<BR>SSLProtocol
+        TLSv1.1 TLSv1.2<BR>\nIf TLSv1.1 and TLSv1.2 are not available then only TLS1.0
+        should be used:\n<BR>SSLProtocol TLSv1\n<BR>Typically, for Apache/mod_ssl,
+        httpd.conf or ssl.conf should have the following lines:<BR>\nSSLCipherSuite
+        ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM<BR><BR>\nFor Apache/apache_ssl
+        include the following line in the configuration file (httpsd.conf):<BR>\nSSLRequireCipher
+        ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM<BR><P>\n\n<B>Tomcat</B>\n<BR>\nsslProtocol=&quot;SSLv3&quot;
+        \               \n<BR>ciphers=&quot;SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W\n<BR>ITH_3DES_EDE_CBC_SHA&quot;\n<BR><P>\n<B>IIS</B>\n<BR>\n<A
+        HREF=\"http://support.microsoft.com/default.aspx?scid=kb;EN-US;245030\" TARGET=\"_blank\">How
+        to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll</A>
+        (Windows restart required)\n<BR><A HREF=\"http://support.microsoft.com/default.aspx?scid=kb;en-us;187498\"
+        TARGET=\"_blank\">How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in
+        Internet Information Services</A> (Windows restart required)\n<BR><A HREF=\"http://www.microsoft.com/technet/security/prodtech/IIS.mspx\"
+        TARGET=\"_blank\">Security Guidance for IIS</A>\n<P>For Novell Netware 6.5
+        please refer to the following document \n<A HREF=\"http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm\"
+        TARGET=\"_blank\">SSL Allows the use of Weak Ciphers. -TID10100633 </A>]]></SOLUTION>\n
+        \       <PCI_FLAG>1</PCI_FLAG>\n        <LAST_UPDATE>2015-01-20T19:50:33Z</LAST_UPDATE>\n
+        \     </VULN_DETAILS>\n      <VULN_DETAILS id=\"qid_38142\">\n        <QID
+        id=\"qid_38142\">38142</QID>\n        <TITLE><![CDATA[SSL Server Allows Anonymous
+        Authentication Vulnerability]]></TITLE>\n        <SEVERITY>4</SEVERITY>\n
+        \       <CATEGORY>General remote services</CATEGORY>\n        <THREAT><![CDATA[The
+        Secure Socket Layer (SSL) protocol allows for secure communication between
+        a client and a server. The client usually authenticates the server using an
+        algorithm like RSA or DSS. Some SSL ciphers allow SSL communication without
+        authentication. Most common Web browsers like Microsoft Internet Explorer,
+        Netscape and Mozilla do not use anonymous authentication ciphers by default.\n\n<P>A
+        vulnerability exists in SSL communications when clients are allowed to connect\nusing
+        no authentication algorithm. SSL client-server communication may use several
+        different types of\nauthentication: RSA, Diffie-Hellman, DSS or none. When
+        'none' is used, the\ncommunications are vulnerable to a man-in-the-middle
+        attack.&quot;]]></THREAT>\n        <IMPACT><![CDATA[An attacker can exploit
+        this vulnerability to impersonate your server to clients.]]></IMPACT>\n        <SOLUTION><![CDATA[Disable
+        support for anonymous authentication.<P>\n<B>1) How to disable for Apache:</B>\n<BR>Typically,
+        for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:<BR>\nSSLProtocol
+        -ALL +SSLv3 +TLSv1<BR>\nSSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM<BR><BR>\nFor
+        Apache/apache_ssl include the following line in the configuration file (httpsd.conf):<BR>\nSSLRequireCipher
+        ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM<BR>\n<P><B>2) IIS:</B>\n<BR>For
+        IIS please see: <A HREF=\"http://support.microsoft.com/kb/187498/en-us\" TARGET=\"_blank\">How
+        to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services</A>,
+        <A HREF=\"http://support.microsoft.com/kb/245030/en-us\" TARGET=\"_blank\">How
+        to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll</A>,
+        <A HREF=\"http://support.microsoft.com/kb/299520/en-us\" TARGET=\"_blank\">How
+        to Determine the Cipher Suite for the Server and Client</A>, , and <A HREF=\"http://support.microsoft.com/kb/241447\"
+        TARGET=\"_blank\">How to restrict the use of certain ciphers in Internet Information
+        Services 5.0</A>\n<P>\n<B>3) Wu-FTP:</B>\nFor Wu-FTP which supports TLS, the
+        ciphers parameter in TLS configuration file should be set to -ALL +SSLv3 +TLSv1<BR>
+        For more details please consult the docs/HOWTO/ssl_and_tls_ftpd.HOWTO  file
+        provided by wu-ftpd distribution.\n<P>\n<B>4) Lighttpd:</B>\nFor lighttpd:
+        Locate the lighttpd config file and modify the following  ssl.ciper-list line
+        to include !aNULL.  A restart of the lightttpd application is necessary.<BR>\nExample:
+        ssl.cipher-list = &quot;TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH&quot;\n\n<P>\n<B>It
+        is recommended that you follow SSL best security practices:</B>\n<BR><A HREF=\"https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices\"
+        TARGET=\"_blank\">SSL and TLS Deployment Best Practices</A>\n<BR><A HREF=\"http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-1/ssl.html\"
+        TARGET=\"_blank\">http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-1/ssl.html</A>\n<BR><A
+        HREF=\"http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite\"
+        TARGET=\"_blank\">http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite</A>\n<BR><A
+        HREF=\"http://www.megasecurity.org/Info/ssl_servers.html\" TARGET=\"_blank\">http://www.megasecurity.org/Info/ssl_servers.html</A><P>]]></SOLUTION>\n
+        \       <PCI_FLAG>1</PCI_FLAG>\n        <LAST_UPDATE>2017-03-17T00:12:11Z</LAST_UPDATE>\n
+        \     </VULN_DETAILS>\n      <VULN_DETAILS id=\"qid_38169\">\n        <QID
+        id=\"qid_38169\">38169</QID>\n        <TITLE><![CDATA[SSL Certificate - Self-Signed
+        Certificate]]></TITLE>\n        <SEVERITY>2</SEVERITY>\n        <CATEGORY>General
+        remote services</CATEGORY>\n        <THREAT><![CDATA[An SSL Certificate associates
+        an entity (person, organization, host, etc.) with a Public Key. In an SSL
+        connection, the client authenticates the remote server using the server's
+        Certificate and extracts the Public Key in the Certificate to establish the
+        secure connection.\n<P>\nThe client can trust that the Server Certificate
+        belongs the server only if it is signed by a mutually trusted third-party
+        Certificate Authority (CA). Self-signed certificates are created generally
+        for testing purposes or to avoid paying third-party CAs. These should not
+        be used on any production or critical servers.\n<P>\nBy exploiting this vulnerability,
+        an attacker can impersonate the server by presenting a fake self-signed certificate.
+        If the client knows that the server does not have a trusted certificate, it
+        will accept this spoofed certificate and communicate with the remote server.]]></THREAT>\n
+        \       <IMPACT><![CDATA[By exploiting this vulnerability, an attacker can
+        launch a man-in-the-middle attack.]]></IMPACT>\n        <SOLUTION><![CDATA[Please
+        install a server certificate signed by a trusted third-party Certificate Authority.]]></SOLUTION>\n
+        \       <PCI_FLAG>1</PCI_FLAG>\n        <LAST_UPDATE>2009-05-25T03:59:26Z</LAST_UPDATE>\n
+        \     </VULN_DETAILS>\n      <VULN_DETAILS id=\"qid_38170\">\n        <QID
+        id=\"qid_38170\">38170</QID>\n        <TITLE><![CDATA[SSL Certificate - Subject
+        Common Name Does Not Match Server FQDN]]></TITLE>\n        <SEVERITY>2</SEVERITY>\n
+        \       <CATEGORY>General remote services</CATEGORY>\n        <THREAT><![CDATA[An
+        SSL Certificate associates an entity (person, organization, host, etc.) with
+        a Public Key. In an SSL connection, the client authenticates the remote server
+        using the server's Certificate and extracts the Public Key in the Certificate
+        to establish the secure connection.\n<P>\nA certificate whose Subject commonName
+        or subjectAltName does not match the server FQDN offers only encryption without
+        authentication.\n<P>\nPlease note that a false positive reporting of this
+        vulnerability is possible in the following case:\n<UL>If the common name of
+        the certificate uses a wildcard such as *.somedomainname.com and the reverse
+        DNS resolution of the target IP is not configured. In this case there is no
+        way for Qualys to associate the wildcard common name to the IP. Adding a reverse
+        DNS lookup entry to the target IP will solve this problem.\n</UL>]]></THREAT>\n
+        \       <IMPACT><![CDATA[A man-in-the-middle attacker can exploit this vulnerability
+        in tandem with a DNS cache poisoning attack to lure the client to another
+        server, and then steal all the encryption communication.]]></IMPACT>\n        <SOLUTION><![CDATA[Please
+        install a server certificate whose Subject commonName or subjectAltName matches
+        the server FQDN.]]></SOLUTION>\n        <PCI_FLAG>0</PCI_FLAG>\n        <LAST_UPDATE>2015-08-12T17:39:01Z</LAST_UPDATE>\n
+        \     </VULN_DETAILS>\n      <VULN_DETAILS id=\"qid_38173\">\n        <QID
+        id=\"qid_38173\">38173</QID>\n        <TITLE><![CDATA[SSL Certificate - Signature
+        Verification Failed Vulnerability]]></TITLE>\n        <SEVERITY>2</SEVERITY>\n
+        \       <CATEGORY>General remote services</CATEGORY>\n        <THREAT><![CDATA[An
+        SSL Certificate associates an entity (person, organization, host, etc.) with
+        a Public Key. In an SSL connection, the client authenticates the remote server
+        using the server's Certificate and extracts the Public Key in the Certificate
+        to establish the secure connection. The authentication is done by verifying
+        that the public key in the certificate is signed by a trusted third-party
+        Certificate Authority.\n<P>\nIf a client is unable to verify the certificate,
+        it can abort communication or prompt the user to continue the communication
+        without authentication.]]></THREAT>\n        <IMPACT><![CDATA[By exploiting
+        this vulnerability, man-in-the-middle attacks in tandem with DNS cache poisoning
+        can occur.\n<P>\nException:<BR>\nIf the server communicates only with a restricted
+        set of clients who have the server certificate or the trusted CA certificate,
+        then the server or CA certificate may not be available publicly, and the scan
+        will be unable to verify the signature.]]></IMPACT>\n        <SOLUTION><![CDATA[Please
+        install a server certificate signed by a trusted third-party Certificate Authority.]]></SOLUTION>\n
+        \       <PCI_FLAG>1</PCI_FLAG>\n        <LAST_UPDATE>2009-05-23T00:02:29Z</LAST_UPDATE>\n
+        \     </VULN_DETAILS>\n      <VULN_DETAILS id=\"qid_38601\">\n        <QID
+        id=\"qid_38601\">38601</QID>\n        <TITLE><![CDATA[SSL/TLS use of weak
+        RC4 cipher]]></TITLE>\n        <SEVERITY>3</SEVERITY>\n        <CATEGORY>General
+        remote services</CATEGORY>\n        <THREAT><![CDATA[Secure Sockets Layer
+        (SSL v2/v3) and Transport Layer Security (TLS ) protocols provide integrity,
+        confidentiality and authenticity services to other protocols that lack these
+        features.\n<P>\nSSL/TLS protocols use ciphers such as AES,DES, 3DES and RC4
+        to encrypt the content of the higher layer protocols and thus provide the
+        confidentiality service. Normally the output of an encryption process is a
+        sequence of random looking bytes. It was known that RC4 output has some bias
+        in the output. Recently a group of researchers has discovered that the there
+        is a stronger bias in RC4, which make statistical analysis of ciphertext more
+        practical.\n<P>\nThe described attack is to inject a malicious javascript
+        into the victim's browser that would ensure that there are multiple connections
+        being established with a target website and the same HTTP cookie is sent multiple
+        times to the website in encrypted form. This provides the attacker a large
+        set of ciphertext samples, that can be used for statistical analysis.\n\n<P>NOTE:
+        On 3/12/15 NVD changed the CVSS v2 access complicity from high to medium.
+        As a result Qualys revised the CVSS score to 4.3 immediately. On 5/4/15 Qualys
+        is also revising the severity to level 3.]]></THREAT>\n        <IMPACT><![CDATA[If
+        this attack is carried out and an HTTP cookie is recovered, then the attacker
+        can use the cookie to impersonate the user whose cookie was recovered.\n<P>\nThis
+        attack is not very practical as it requires the attacker to have access to
+        millions of samples of ciphertext, but there are certain assumptions that
+        an attacker can make to improve the chances of recovering the cleartext from
+        cihpertext. For examples HTTP cookies are either base64 encoded or hex digits.
+        This information can help the attacker in their efforts to recover the cookie.]]></IMPACT>\n
+        \       <SOLUTION><![CDATA[RC4 should not be used where possible. One reason
+        that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode
+        ciphers in SSL and TLS. However, TLSv 1.2 or later address these issues.]]></SOLUTION>\n
+        \       <PCI_FLAG>0</PCI_FLAG>\n        <LAST_UPDATE>2016-01-29T19:32:26Z</LAST_UPDATE>\n
+        \       <CVE_ID_LIST>\n          <CVE_ID>\n            <ID><![CDATA[CVE-2013-2566]]></ID>\n
+        \           <URL><![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2566]]></URL>\n
+        \         </CVE_ID>\n          <CVE_ID>\n            <ID><![CDATA[CVE-2015-2808]]></ID>\n
+        \           <URL><![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808]]></URL>\n
+        \         </CVE_ID>\n        </CVE_ID_LIST>\n        <BUGTRAQ_ID_LIST>\n          <BUGTRAQ_ID>\n
+        \           <ID><![CDATA[91787]]></ID>\n            <URL><![CDATA[http://www.securityfocus.com/bid/91787]]></URL>\n
+        \         </BUGTRAQ_ID>\n          <BUGTRAQ_ID>\n            <ID><![CDATA[58796]]></ID>\n
+        \           <URL><![CDATA[http://www.securityfocus.com/bid/58796]]></URL>\n
+        \         </BUGTRAQ_ID>\n          <BUGTRAQ_ID>\n            <ID><![CDATA[73684]]></ID>\n
+        \           <URL><![CDATA[http://www.securityfocus.com/bid/73684]]></URL>\n
+        \         </BUGTRAQ_ID>\n        </BUGTRAQ_ID_LIST>\n      </VULN_DETAILS>\n
+        \     <VULN_DETAILS id=\"qid_38603\">\n        <QID id=\"qid_38603\">38603</QID>\n
+        \       <TITLE><![CDATA[SSLv3 Padding Oracle Attack Information Disclosure
+        Vulnerability (POODLE)]]></TITLE>\n        <SEVERITY>3</SEVERITY>\n        <CATEGORY>General
+        remote services</CATEGORY>\n        <THREAT><![CDATA[The SSL protocol 3.0
+        design error, uses nondeterministic CBC padding, which makes it easier for
+        man-in-the-middle attacks. \n<P>\nThe target supports SSLv3, which makes it
+        vulnerable to POODLE (Padding Oracle On Downgraded Legacy Encryption), even
+        if it also supports more recent versions of TLS. It's subject to a downgrade
+        attack, in which the attacker tricks the browser into connecting with SSLv3.]]></THREAT>\n
+        \       <IMPACT><![CDATA[An attacker who can take a man-in-the-middle (MitM)
+        position can exploit this vulnerability and gain access to encrypted communication
+        between a client and server.]]></IMPACT>\n        <SOLUTION><![CDATA[Disable
+        SSLv3 support to avoid this vulnerability.<P>\nExamples to disable SSLv3.<BR>\nnginx:
+        list specific allowed protocols in the &quot;ssl_protocols&quot; line. Make
+        sure SSLv2 and SSLv3 is not listed. For example: ssl_protocols TLSv2 TLSv1.1
+        TLSv1.2;<BR>\nApache: Add -SSLv3 to the &quot;SSLProtocol&quot; line. <BR>\n<A
+        HREF=\"https://support.microsoft.com/kb/187498/en-us\" TARGET=\"_blank\">How
+        to disable SSL 3.0 on Microsoft IIS</A>.\n<P>For PCI, please refer to the
+        Qualys <A HREF=\"https://community.qualys.com/thread/15280\" TARGET=\"_blank\">community
+        article</A>.]]></SOLUTION>\n        <CORRELATION>\n          <EXPLOITABILITY>\n
+        \           <EXPLT_SRC>\n              <SRC_NAME><![CDATA[Metasploit]]></SRC_NAME>\n
+        \             <EXPLT_LIST>\n                <EXPLT>\n                  <REF><![CDATA[CVE-2014-3566]]></REF>\n
+        \                 <DESC><![CDATA[HTTP SSL/TLS Version Detection (POODLE scanner)
+        - Metasploit Ref : /modules/auxiliary/scanner/http/ssl_version]]></DESC>\n
+        \                 <LINK><![CDATA[https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/ssl_version.rb]]></LINK>\n
+        \               </EXPLT>\n              </EXPLT_LIST>\n            </EXPLT_SRC>\n
+        \         </EXPLOITABILITY>\n        </CORRELATION>\n        <PCI_FLAG>1</PCI_FLAG>\n
+        \       <LAST_UPDATE>2016-01-06T21:57:28Z</LAST_UPDATE>\n        <VENDOR_REFERENCE_LIST>\n
+        \         <VENDOR_REFERENCE>\n            <ID><![CDATA[POODLE]]></ID>\n            <URL><![CDATA[https://www.openssl.org/~bodo/ssl-poodle.pdf]]></URL>\n
+        \         </VENDOR_REFERENCE>\n        </VENDOR_REFERENCE_LIST>\n        <CVE_ID_LIST>\n
+        \         <CVE_ID>\n            <ID><![CDATA[CVE-2014-3566]]></ID>\n            <URL><![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566]]></URL>\n
+        \         </CVE_ID>\n        </CVE_ID_LIST>\n        <BUGTRAQ_ID_LIST>\n          <BUGTRAQ_ID>\n
+        \           <ID><![CDATA[70574]]></ID>\n            <URL><![CDATA[http://www.securityfocus.com/bid/70574]]></URL>\n
+        \         </BUGTRAQ_ID>\n        </BUGTRAQ_ID_LIST>\n      </VULN_DETAILS>\n
+        \     <VULN_DETAILS id=\"qid_38606\">\n        <QID id=\"qid_38606\">38606</QID>\n
+        \       <TITLE><![CDATA[SSL Server Has SSLv3 Enabled Vulnerability]]></TITLE>\n
+        \       <SEVERITY>3</SEVERITY>\n        <CATEGORY>General remote services</CATEGORY>\n
+        \       <THREAT><![CDATA[SSL 3.0 is an obsolete and insecure protocol.<BR>\nEncryption
+        in SSL 3.0 uses either the RC4 stream cipher, or a block cipher in CBC mode.<BR>\nRC4
+        is known to have biases, and the block cipher in CBC mode is vulnerable to
+        the POODLE attack.<P>\n\nThe SSLv3 protocol is insecure due to the POODLE
+        attack and the weakness of RC4 cipher.<P>\nNote: In April 2016, PCI released
+        <A HREF=\"https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2.pdf\"
+        TARGET=\"_blank\">PCI DSS v3.2</A> announcing that NIST no longer considers
+        Secure Socket Layers (SSL) v3.0 protocol as acceptable for protecting data
+        and that all versions of SSL versions do not meet the PCI definition of &quot;strong
+        cryptography.&quot;<P>]]></THREAT>\n        <IMPACT><![CDATA[An attacker can
+        exploit this vulnerability to read secure communications or maliciously modify
+        messages.]]></IMPACT>\n        <SOLUTION><![CDATA[Disable the SSL 3.0 protocol
+        in the client and in the server, refer to \nHow to disable SSLv3 : <A HREF=\"http://disablessl3.com/\"
+        TARGET=\"_blank\">Disable SSLv3</A>]]></SOLUTION>\n        <PCI_FLAG>1</PCI_FLAG>\n
+        \       <LAST_UPDATE>2017-07-10T18:08:39Z</LAST_UPDATE>\n      </VULN_DETAILS>\n
+        \     <VULN_DETAILS id=\"qid_38628\">\n        <QID id=\"qid_38628\">38628</QID>\n
+        \       <TITLE><![CDATA[SSL/TLS Server supports TLSv1.0]]></TITLE>\n        <SEVERITY>3</SEVERITY>\n
+        \       <CATEGORY>General remote services</CATEGORY>\n        <THREAT><![CDATA[TLS
+        is capable of using a multitude of ciphers (algorithms) to create the public
+        and private key pairs.<BR>\nFor example if TLSv1.0 uses either the RC4 stream
+        cipher, or a block cipher in CBC mode.<BR>\nRC4 is known to have biases and
+        the block cipher in CBC mode is vulnerable to the POODLE attack.<P>\n\nTLSv1.0,
+        if configured to use the same cipher suites as SSLv3, includes a means by
+        which a TLS implementation can downgrade the connection to SSL v3.0, thus
+        weakening security.<P>\n\n<A HREF=\"https://blog.qualys.com/ssllabs/2014/12/08/poodle-bites-tls\"
+        TARGET=\"_blank\">A POODLE-type</A> attack could also be launched directly
+        at TLS without negotiating a downgrade.<P>\n\n<B> This QID will be marked
+        as a Fail for PCI as of May 1st, 2017 in accordance with the new standards.
+        \ For existing implementations, Merchants will be able to submit a PCI False
+        Positive / Exception Request and provide proof of their Risk Mitigation and
+        Migration Plan, which will result in a pass for PCI up until June 30th, 2018.\n<P>\n
+        Further details can be found at: <A HREF=\"https://community.qualys.com/message/34120\"
+        TARGET=\"_blank\">NEW PCI DSS v3.2 and Migrating from SSL and Early TLS v1.1</A>\n</B>\n<P>]]></THREAT>\n
+        \       <IMPACT><![CDATA[An attacker can exploit cryptographic flaws to conduct
+        man-in-the-middle type attacks or to decryption communications.<P>\nFor example:
+        An attacker could force a downgrade from the TLS protocol to the older SSLv3.0
+        protocol and exploit the POODLE vulnerability, read secure communications
+        or maliciously modify messages.<P>\n<A HREF=\"https://blog.qualys.com/ssllabs/2014/12/08/poodle-bites-tls\"
+        TARGET=\"_blank\">A POODLE-type</A> attack could also be launched directly
+        at TLS without negotiating a downgrade.<P>]]></IMPACT>\n        <SOLUTION><![CDATA[Disable
+        the use of TLSv1.0 protocol in favor of a cryptographically stronger protocol
+        such as TLSv1.2.\nThe following openssl commands can be used to do a manual
+        test:\nopenssl s_client -connect ip:port -tls1\n\nIf the test is successful,
+        then the target support TLSv1]]></SOLUTION>\n        <PCI_FLAG>1</PCI_FLAG>\n
+        \       <LAST_UPDATE>2017-06-09T18:16:07Z</LAST_UPDATE>\n      </VULN_DETAILS>\n
+        \     <VULN_DETAILS id=\"qid_38657\">\n        <QID id=\"qid_38657\">38657</QID>\n
+        \       <TITLE><![CDATA[Birthday attacks against TLS ciphers with 64bit block
+        size vulnerability (Sweet32)]]></TITLE>\n        <SEVERITY>3</SEVERITY>\n
+        \       <CATEGORY>General remote services</CATEGORY>\n        <THREAT><![CDATA[Legacy
+        block ciphers having block size of 64 bits are vulnerable to a practical collision
+        attack when used in CBC mode. \nAll versions of SSL/TLS protocol support cipher
+        suites which use DES or 3DES as the symmetric encryption cipher are affected.]]></THREAT>\n
+        \       <IMPACT><![CDATA[Remote attackers can obtain cleartext data via a
+        birthday attack against a long-duration encrypted session.]]></IMPACT>\n        <SOLUTION><![CDATA[Disable
+        and stop using DES and 3DES ciphers.\nThe following openssl commands can be
+        used to do a manual test:\nopenssl s_client -connect ip:port -cipher &quot;DES:3DES&quot;
+        -ssl2\nopenssl s_client -connect ip:port -cipher &quot;DES:3DES&quot; -ssl3\nopenssl
+        s_client -connect ip:port -cipher &quot;DES:3DES&quot; -tls1\nopenssl s_client
+        -connect ip:port -cipher &quot;DES:3DES&quot; -tls1_1\nopenssl s_client -connect
+        ip:port -cipher &quot;DES:3DES&quot; -tls1_2\n\nIf any of these tests is successful,
+        then the target is vulnerable to Sweet32.]]></SOLUTION>\n        <PCI_FLAG>0</PCI_FLAG>\n
+        \       <LAST_UPDATE>2017-06-27T06:14:43Z</LAST_UPDATE>\n        <CVE_ID_LIST>\n
+        \         <CVE_ID>\n            <ID><![CDATA[CVE-2016-2183]]></ID>\n            <URL><![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183]]></URL>\n
+        \         </CVE_ID>\n        </CVE_ID_LIST>\n        <BUGTRAQ_ID_LIST>\n          <BUGTRAQ_ID>\n
+        \           <ID><![CDATA[92630]]></ID>\n            <URL><![CDATA[http://www.securityfocus.com/bid/92630]]></URL>\n
+        \         </BUGTRAQ_ID>\n          <BUGTRAQ_ID>\n            <ID><![CDATA[95568]]></ID>\n
+        \           <URL><![CDATA[http://www.securityfocus.com/bid/95568]]></URL>\n
+        \         </BUGTRAQ_ID>\n        </BUGTRAQ_ID_LIST>\n      </VULN_DETAILS>\n
+        \     <VULN_DETAILS id=\"qid_38685\">\n        <QID id=\"qid_38685\">38685</QID>\n
+        \       <TITLE><![CDATA[SSL Certificate - Invalid Maximum Validity Date Detected]]></TITLE>\n
+        \       <SEVERITY>2</SEVERITY>\n        <CATEGORY>General remote services</CATEGORY>\n
+        \       <THREAT><![CDATA[Starting 1 April 2015, Certification Authorities
+        (CAs) are not permitted to issue SSL certificates (issued from a public root)
+        with a validity period greater than 39 months.  \n<BR>\nSSL/TLS certificate
+        maximum validity is three years (39 months) for Domain Validated (DV) and
+        Organization Validated (OV) Certificates.<BR>\nSSL certificates have limited
+        validity periods so that the certificate's holder identity information is
+        re-authenticated more frequently. \n<P>\nIt is detected that maximum validity
+        of certificate on the system is more than what is recommended.]]></THREAT>\n
+        \       <IMPACT><![CDATA[By exploiting this vulnerability, an attacker can
+        launch a man-in-the-middle attack.]]></IMPACT>\n        <SOLUTION><![CDATA[Please
+        install a server certificate with recommended maximum validity.]]></SOLUTION>\n
+        \       <PCI_FLAG>1</PCI_FLAG>\n        <LAST_UPDATE>2017-10-02T22:32:24Z</LAST_UPDATE>\n
+        \     </VULN_DETAILS>\n      <VULN_DETAILS id=\"qid_82003\">\n        <QID
+        id=\"qid_82003\">82003</QID>\n        <TITLE><![CDATA[ICMP Timestamp Request]]></TITLE>\n
+        \       <SEVERITY>1</SEVERITY>\n        <CATEGORY>TCP/IP</CATEGORY>\n        <THREAT><![CDATA[ICMP
+        (Internet Control and Error Message Protocol) is a protocol encapsulated in
+        IP packets. It's principal purpose is to provide a protocol layer able to
+        inform gateways of the inter-connectivity and accessibility of other gateways
+        or hosts. &quot;ping&quot; is a well-known program for determining if a host
+        is up or down. It uses ICMP echo packets. ICMP timestamp packets are used
+        to synchronize clocks between hosts.]]></THREAT>\n        <IMPACT><![CDATA[Unauthorized
+        users can obtain information about your network by sending ICMP timestamp
+        packets. For example, the internal systems clock should not be disclosed since
+        some internal daemons use this value to calculate ID or sequence numbers (i.e.,
+        on SunOS servers).]]></IMPACT>\n        <SOLUTION><![CDATA[You can filter
+        ICMP messages of type &quot;Timestamp&quot; and &quot;Timestamp Reply&quot;
+        at the firewall level. Some system administrators choose to filter most types
+        of ICMP messages for various reasons. For example, they may want to protect
+        their internal hosts from ICMP-based Denial Of Service attacks, such as the
+        <I>Ping of Death</I> or <I>Smurf</I> attacks. \n<P>\nHowever, you should never
+        filter <B>ALL</B> ICMP messages, as some of them (&quot;Don't Fragment&quot;,
+        &quot;Destination Unreachable&quot;, &quot;Source Quench&quot;, etc) are necessary
+        for proper behavior of Operating System TCP/IP stacks.\n<P>\nIt may be wiser
+        to contact your network consultants for advice, since this issue impacts your
+        overall network reliability and security.]]></SOLUTION>\n        <PCI_FLAG>0</PCI_FLAG>\n
+        \       <LAST_UPDATE>2009-04-29T03:59:17Z</LAST_UPDATE>\n        <CVE_ID_LIST>\n
+        \         <CVE_ID>\n            <ID><![CDATA[CVE-1999-0524]]></ID>\n            <URL><![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0524]]></URL>\n
+        \         </CVE_ID>\n        </CVE_ID_LIST>\n      </VULN_DETAILS>\n    </VULN_DETAILS_LIST>\n
+        \ </GLOSSARY>\n  <APPENDICES>\n    <NO_VULNS>\n      <IP_LIST>\n        <RANGE>\n
+        \         <START>192.168.1.100</START>\n          <END>192.168.1.100</END>\n
+        \       </RANGE>\n      </IP_LIST>\n    </NO_VULNS>\n    <TEMPLATE_DETAILS>\n
+        \     <FILTER_SUMMARY>\n        Status:New, Active, Re-Opened, Fixed\n        Vulnerabilities:\n
+        \       State:Active\n        Included Operating Systems:\n        All Operating
+        Systems\n      </FILTER_SUMMARY>\n    </TEMPLATE_DETAILS>\n  </APPENDICES>\n</ASSET_DATA_REPORT>\n<!--
+        CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides the QualysGuard
+        Service \"As Is,\" without any warranty of any kind. Qualys makes no warranty
+        that the information contained in this report is complete or error-free. Copyright
+        2017, Qualys, Inc. //--> \n"
+    http_version:
+  recorded_at: Tue, 12 Dec 2017 10:00:00 GMT
+recorded_with: VCR 4.0.0