RubyGems - qualys - Versions diffs - 0.1.4 → 0.1.5 - Mend

qualys 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

checksums.yaml +4 -4
data/.gitignore +3 -2
data/.rubocop.yml +7 -0
data/.rubocop_todo.yml +71 -0
data/.travis.yml +13 -1
data/Gemfile +3 -1
data/Gemfile.lock +91 -0
data/README.md +50 -10
data/Rakefile +3 -4
data/lib/qualys.rb +10 -11
data/lib/qualys/api.rb +38 -47
data/lib/qualys/auth.rb +11 -20
data/lib/qualys/compliance.rb +3 -7
data/lib/qualys/config.rb +3 -5
data/lib/qualys/host.rb +17 -0
data/lib/qualys/report.rb +90 -0
data/lib/qualys/scans.rb +10 -22
data/lib/qualys/version.rb +1 -1
data/lib/qualys/vulnerability.rb +74 -0
data/qualys.gemspec +18 -19
data/spec/fixtures/vcr_cassettes/api_get.yml +52 -0
data/spec/fixtures/vcr_cassettes/create_global_report.yml +68 -0
data/spec/fixtures/vcr_cassettes/emptyscans.yml +35 -0
data/spec/fixtures/vcr_cassettes/get.yml +107 -0
data/spec/fixtures/vcr_cassettes/global_report.yml +17800 -0
data/spec/fixtures/vcr_cassettes/load_global_report.yml +625 -0
data/spec/fixtures/vcr_cassettes/login.yml +50 -0
data/spec/fixtures/vcr_cassettes/logout.yml +50 -0
data/spec/fixtures/vcr_cassettes/scan.yml +73 -0
data/spec/fixtures/vcr_cassettes/scans.yml +89 -0
data/spec/fixtures/vcr_cassettes/templates.yml +121 -0
data/spec/fixtures/vcr_cassettes/try_load_not_existing_report.yml +63 -0
data/spec/fixtures/vcr_cassettes/unlogged.yml +45 -0
data/spec/fixtures/vcr_cassettes/wrong.yml +101 -0
data/spec/qualys/api_spec.rb +27 -0
data/spec/qualys/report_spec.rb +65 -0
data/spec/qualys/scans_spec.rb +75 -0
data/spec/qualys/version_spec.rb +11 -0
data/spec/qualys/vulnerability_spec.rb +53 -0
data/spec/qualys_spec.rb +20 -0
data/spec/spec_helper.rb +37 -0
metadata +61 -15
data/.rock.yml +0 -17
data/lib/qualys/reports.rb +0 -47

data/spec/fixtures/vcr_cassettes/load_global_report.yml ADDED

@@ -0,0 +1,625 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: https://qualysapi.qualys.eu/api/2.0/fo/report/?action=fetch&id=4888430
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      X-Requested-With:
+      - Qualys Ruby Client v0.1.3
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Date:
+      - Tue, 12 Dec 2017 10:00:00 GMT
+      Server:
+      - Qualys
+      X-Xss-Protection:
+      - '1'
+      X-Content-Type-Options:
+      - nosniff
+      X-Frame-Options:
+      - SAMEORIGIN
+      Expires:
+      - Thu, 19 Nov 1981 08:52:00 GMT
+      Cache-Control:
+      - ''
+      Pragma:
+      - ''
+      X-Ratelimit-Limit:
+      - '300'
+      X-Ratelimit-Window-Sec:
+      - '3600'
+      X-Concurrency-Limit-Limit:
+      - '2'
+      X-Concurrency-Limit-Running:
+      - '0'
+      X-Ratelimit-Towait-Sec:
+      - '0'
+      X-Ratelimit-Remaining:
+      - '292'
+      Content-Length:
+      - '55643'
+      Content-Disposition:
+      - attachment; filename=Scan_Report_Generated_by_Ruby_Qualys_gem_Thomas_20171212.xml
+      Content-Type:
+      - application/xml
+    body:
+      encoding: UTF-8
+      string: "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n\n<!DOCTYPE ASSET_DATA_REPORT
+        SYSTEM \"https://qualysguard.qualys.eu/asset_data_report.dtd\">\n<ASSET_DATA_REPORT>\n
+        \ <HEADER>\n    <COMPANY><![CDATA[ACME]]></COMPANY>\n    <USERNAME>Thomas</USERNAME>\n
+        \   <GENERATION_DATETIME>2017-12-12T09:55:42Z</GENERATION_DATETIME>\n    <TEMPLATE><![CDATA[Technical
+        Report]]></TEMPLATE>\n    <TARGET>\n      <USER_ASSET_GROUPS>\n        <ASSET_GROUP_TITLE><![CDATA[All]]></ASSET_GROUP_TITLE>\n
+        \     </USER_ASSET_GROUPS>\n      <COMBINED_IP_LIST>\n        <RANGE>\n          <START>47.69.112.62</START>\n
+        \         <END>47.69.112.62</END>\n        </RANGE>\n        <RANGE>\n          <START>88.78.187.177</START>\n
+        \         <END>88.78.187.177</END>\n        </RANGE>\n        <RANGE>\n          <START>192.168.1.100</START>\n
+        \         <END>192.168.1.100</END>\n        </RANGE>\n      </COMBINED_IP_LIST>\n
+        \   </TARGET>\n    <RISK_SCORE_SUMMARY>\n      <TOTAL_VULNERABILITIES>19</TOTAL_VULNERABILITIES>\n
+        \     <AVG_SECURITY_RISK>2.4</AVG_SECURITY_RISK>\n      <BUSINESS_RISK>12/100</BUSINESS_RISK>\n
+        \   </RISK_SCORE_SUMMARY>\n  </HEADER>\n  <HOST_LIST>\n    <HOST>\n      <IP>47.69.112.62</IP>\n
+        \     <TRACKING_METHOD>IP</TRACKING_METHOD>\n      <DNS><![CDATA[12.ip-34-56-789.ab]]></DNS>\n
+        \     <OPERATING_SYSTEM><![CDATA[Ubuntu / Tiny Core Linux / Linux 2.6.x]]></OPERATING_SYSTEM>\n
+        \     <VULN_INFO_LIST>\n        <VULN_INFO>\n          <QID id=\"qid_38173\">38173</QID>\n
+        \         <TYPE>Vuln</TYPE>\n          <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n
+        \         <PROTOCOL>tcp</PROTOCOL>\n          <SSL>true</SSL>\n          <RESULT><![CDATA[Certificate
+        #0 CN=localhost.localdomain self signed certificate]]></RESULT>\n          <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n        <VULN_INFO>\n
+        \         <QID id=\"qid_38685\">38685</QID>\n          <TYPE>Vuln</TYPE>\n
+        \         <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n
+        \         <SSL>true</SSL>\n          <RESULT><![CDATA[Certificate #0 CN=localhost.localdomain
+        \ is valid for more than 39 months]]></RESULT>\n          <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n        <VULN_INFO>\n
+        \         <QID id=\"qid_38169\">38169</QID>\n          <TYPE>Vuln</TYPE>\n
+        \         <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n
+        \         <SSL>true</SSL>\n          <RESULT><![CDATA[Certificate #0 CN=localhost.localdomain
+        \ is a self signed certificate.]]></RESULT>\n          <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n        <VULN_INFO>\n
+        \         <QID id=\"qid_38170\">38170</QID>\n          <TYPE>Vuln</TYPE>\n
+        \         <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n
+        \         <SSL>true</SSL>\n          <RESULT><![CDATA[Certificate #0 CN=localhost.localdomain
+        (localhost.localdomain) doesn&apos;t resolve]]></RESULT>\n          <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n        <VULN_INFO>\n
+        \         <QID id=\"qid_38628\">38628</QID>\n          <TYPE>Vuln</TYPE>\n
+        \         <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n
+        \         <SSL>true</SSL>\n          <RESULT><![CDATA[TLSv1.0 is supported]]></RESULT>\n
+        \         <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n          <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
+        \         <TIMES_FOUND>1</TIMES_FOUND>\n          <VULN_STATUS>New</VULN_STATUS>\n
+        \       </VULN_INFO>\n        <VULN_INFO>\n          <QID id=\"qid_38601\">38601</QID>\n
+        \         <TYPE>Vuln</TYPE>\n          <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n
+        \         <PROTOCOL>tcp</PROTOCOL>\n          <SSL>true</SSL>\n          <RESULT
+        format=\"table\"><![CDATA[CIPHER\tKEY-EXCHANGE\tAUTHENTICATION\tMAC\tENCRYPTION(KEY-STRENGTH)\tGRADE\nSSLv3
+        WITH RC4 CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nRC4-MD5\tRSA\tRSA\tMD5\tRC4(128)\tMEDIUM\nRC4-SHA\tRSA\tRSA\tSHA1\tRC4(128)\tMEDIUM\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nECDHE-RSA-RC4-SHA\tECDH\tRSA\tSHA1\tRC4(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nTLSv1
+        WITH RC4 CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nRC4-MD5\tRSA\tRSA\tMD5\tRC4(128)\tMEDIUM\nRC4-SHA\tRSA\tRSA\tSHA1\tRC4(128)\tMEDIUM\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nECDHE-RSA-RC4-SHA\tECDH\tRSA\tSHA1\tRC4(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nTLSv1.1
+        WITH RC4 CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nRC4-MD5\tRSA\tRSA\tMD5\tRC4(128)\tMEDIUM\nRC4-SHA\tRSA\tRSA\tSHA1\tRC4(128)\tMEDIUM\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nECDHE-RSA-RC4-SHA\tECDH\tRSA\tSHA1\tRC4(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nTLSv1.2
+        WITH RC4 CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nRC4-MD5\tRSA\tRSA\tMD5\tRC4(128)\tMEDIUM\nRC4-SHA\tRSA\tRSA\tSHA1\tRC4(128)\tMEDIUM\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nECDHE-RSA-RC4-SHA\tECDH\tRSA\tSHA1\tRC4(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM]]></RESULT>\n
+        \         <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n          <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
+        \         <TIMES_FOUND>1</TIMES_FOUND>\n          <VULN_STATUS>New</VULN_STATUS>\n
+        \       </VULN_INFO>\n        <VULN_INFO>\n          <QID id=\"qid_38140\">38140</QID>\n
+        \         <TYPE>Vuln</TYPE>\n          <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n
+        \         <PROTOCOL>tcp</PROTOCOL>\n          <SSL>true</SSL>\n          <RESULT
+        format=\"table\"><![CDATA[CIPHER\tKEY-EXCHANGE\tAUTHENTICATION\tMAC\tENCRYPTION(KEY-STRENGTH)\tGRADE\nSSLv3
+        WEAK CIPHERS\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nEXP-RC2-CBC-MD5\tRSA(512)\tRSA\tMD5\tRC2(40)\tLOW\nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nTLSv1
+        WEAK CIPHERS\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nEXP-RC2-CBC-MD5\tRSA(512)\tRSA\tMD5\tRC2(40)\tLOW\nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nTLSv1.1
+        WEAK CIPHERS\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nEXP-RC2-CBC-MD5\tRSA(512)\tRSA\tMD5\tRC2(40)\tLOW\nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nTLSv1.2
+        WEAK CIPHERS\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nEXP-RC2-CBC-MD5\tRSA(512)\tRSA\tMD5\tRC2(40)\tLOW\nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW]]></RESULT>\n
+        \         <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n          <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
+        \         <TIMES_FOUND>1</TIMES_FOUND>\n          <VULN_STATUS>New</VULN_STATUS>\n
+        \       </VULN_INFO>\n        <VULN_INFO>\n          <QID id=\"qid_38142\">38142</QID>\n
+        \         <TYPE>Vuln</TYPE>\n          <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n
+        \         <PROTOCOL>tcp</PROTOCOL>\n          <SSL>true</SSL>\n          <RESULT
+        format=\"table\"><![CDATA[CIPHER\tKEY-EXCHANGE\tAUTHENTICATION\tMAC\tENCRYPTION(KEY-STRENGTH)\tGRADE\nSSLv3
+        SUPPORTS CIPHERS WITH NO AUTHENTICATION\t \t \t \t \t \nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nADH-AES128-SHA\tDH\tNone\tSHA1\tAES(128)\tMEDIUM\nADH-AES256-SHA\tDH\tNone\tSHA1\tAES(256)\tHIGH\nADH-CAMELLIA128-SHA\tDH\tNone\tSHA1\tCamellia(128)\tMEDIUM\nADH-CAMELLIA256-SHA\tDH\tNone\tSHA1\tCamellia(256)\tHIGH\nADH-SEED-SHA\tDH\tNone\tSHA1\tSEED(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nAECDH-AES128-SHA\tECDH\tNone\tSHA1\tAES(128)\tMEDIUM\nAECDH-AES256-SHA\tECDH\tNone\tSHA1\tAES(256)\tHIGH\nTLSv1
+        SUPPORTS CIPHERS WITH NO AUTHENTICATION\t \t \t \t \t \nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nADH-AES128-SHA\tDH\tNone\tSHA1\tAES(128)\tMEDIUM\nADH-AES256-SHA\tDH\tNone\tSHA1\tAES(256)\tHIGH\nADH-CAMELLIA128-SHA\tDH\tNone\tSHA1\tCamellia(128)\tMEDIUM\nADH-CAMELLIA256-SHA\tDH\tNone\tSHA1\tCamellia(256)\tHIGH\nADH-SEED-SHA\tDH\tNone\tSHA1\tSEED(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nAECDH-AES128-SHA\tECDH\tNone\tSHA1\tAES(128)\tMEDIUM\nAECDH-AES256-SHA\tECDH\tNone\tSHA1\tAES(256)\tHIGH\nTLSv1.1
+        SUPPORTS CIPHERS WITH NO AUTHENTICATION\t \t \t \t \t \nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nADH-AES128-SHA\tDH\tNone\tSHA1\tAES(128)\tMEDIUM\nADH-AES256-SHA\tDH\tNone\tSHA1\tAES(256)\tHIGH\nADH-CAMELLIA128-SHA\tDH\tNone\tSHA1\tCamellia(128)\tMEDIUM\nADH-CAMELLIA256-SHA\tDH\tNone\tSHA1\tCamellia(256)\tHIGH\nADH-SEED-SHA\tDH\tNone\tSHA1\tSEED(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nAECDH-AES128-SHA\tECDH\tNone\tSHA1\tAES(128)\tMEDIUM\nAECDH-AES256-SHA\tECDH\tNone\tSHA1\tAES(256)\tHIGH\nTLSv1.2
+        SUPPORTS CIPHERS WITH NO AUTHENTICATION\t \t \t \t \t \nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nADH-AES128-SHA\tDH\tNone\tSHA1\tAES(128)\tMEDIUM\nADH-AES256-SHA\tDH\tNone\tSHA1\tAES(256)\tHIGH\nADH-CAMELLIA128-SHA\tDH\tNone\tSHA1\tCamellia(128)\tMEDIUM\nADH-AES128-SHA256\tDH\tNone\tSHA256\tAES(128)\tMEDIUM\nADH-AES256-SHA256\tDH\tNone\tSHA256\tAES(256)\tHIGH\nADH-CAMELLIA256-SHA\tDH\tNone\tSHA1\tCamellia(256)\tHIGH\nADH-SEED-SHA\tDH\tNone\tSHA1\tSEED(128)\tMEDIUM\nADH-AES128-GCM-SHA256\tDH\tNone\tAEAD\tAESGCM(128)\tMEDIUM\nADH-AES256-GCM-SHA384\tDH\tNone\tAEAD\tAESGCM(256)\tHIGH\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nAECDH-AES128-SHA\tECDH\tNone\tSHA1\tAES(128)\tMEDIUM\nAECDH-AES256-SHA\tECDH\tNone\tSHA1\tAES(256)\tHIGH]]></RESULT>\n
+        \         <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n          <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
+        \         <TIMES_FOUND>1</TIMES_FOUND>\n          <VULN_STATUS>New</VULN_STATUS>\n
+        \       </VULN_INFO>\n        <VULN_INFO>\n          <QID id=\"qid_38657\">38657</QID>\n
+        \         <TYPE>Vuln</TYPE>\n          <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n
+        \         <PROTOCOL>tcp</PROTOCOL>\n          <SSL>true</SSL>\n          <RESULT
+        format=\"table\"><![CDATA[CIPHER\tKEY-EXCHANGE\tAUTHENTICATION\tMAC\tENCRYPTION(KEY-STRENGTH)\tGRADE\nSSLv3
+        WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEDH-RSA-DES-CBC3-SHA\tDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nECDHE-RSA-DES-CBC3-SHA\tECDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nTLSv1
+        WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEDH-RSA-DES-CBC3-SHA\tDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nECDHE-RSA-DES-CBC3-SHA\tECDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nTLSv1.1
+        WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEDH-RSA-DES-CBC3-SHA\tDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nECDHE-RSA-DES-CBC3-SHA\tECDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nTLSv1.2
+        WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEDH-RSA-DES-CBC3-SHA\tDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nECDHE-RSA-DES-CBC3-SHA\tECDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM]]></RESULT>\n
+        \         <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n          <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
+        \         <TIMES_FOUND>1</TIMES_FOUND>\n          <VULN_STATUS>New</VULN_STATUS>\n
+        \       </VULN_INFO>\n        <VULN_INFO>\n          <QID id=\"qid_38606\">38606</QID>\n
+        \         <TYPE>Vuln</TYPE>\n          <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n
+        \         <PROTOCOL>tcp</PROTOCOL>\n          <SSL>true</SSL>\n          <RESULT><![CDATA[SSLv3
+        is supported]]></RESULT>\n          <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n        <VULN_INFO>\n
+        \         <QID id=\"qid_82003\">82003</QID>\n          <TYPE>Vuln</TYPE>\n
+        \         <SSL>false</SSL>\n          <RESULT><![CDATA[Timestamp of host (network
+        byte ordering): 08:05:40 GMT]]></RESULT>\n          <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n        <VULN_INFO>\n
+        \         <QID id=\"qid_38603\">38603</QID>\n          <TYPE>Vuln</TYPE>\n
+        \         <PORT>25</PORT>\n          <SERVICE>smtp</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n
+        \         <SSL>false</SSL>\n          <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n        <VULN_INFO>\n
+        \         <QID id=\"qid_11827\">11827</QID>\n          <TYPE>Vuln</TYPE>\n
+        \         <PORT>443</PORT>\n          <SERVICE>http over ssl</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n
+        \         <SSL>false</SSL>\n          <RESULT><![CDATA[X-Frame-Options or
+        Content-Security-Policy: frame-ancestors HTTP Headers missing on port 443.\nGET
+        / HTTP/1.1\nHost: 12.ip-34-56-789.ab\nConnection: Keep-Alive\n\n\n\nX-XSS-Protection
+        HTTP Header missing on port 443.\nX-Content-Type-Options HTTP Header missing
+        on port 443.\nContent-Security-Policy HTTP Header missing on port 443.\nStrict-Transport-Security
+        HTTP Header missing on port 443.]]></RESULT>\n          <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n        <VULN_INFO>\n
+        \         <QID id=\"qid_11827\">11827</QID>\n          <TYPE>Vuln</TYPE>\n
+        \         <PORT>80</PORT>\n          <SERVICE>http</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n
+        \         <SSL>false</SSL>\n          <RESULT><![CDATA[X-Frame-Options or
+        Content-Security-Policy: frame-ancestors HTTP Headers missing on port 80.\nGET
+        / HTTP/1.1\nHost: 12.ip-34-56-789.ab\nConnection: Keep-Alive\n\n\n\nX-XSS-Protection
+        HTTP Header missing on port 80.\nX-Content-Type-Options HTTP Header missing
+        on port 80.\nContent-Security-Policy HTTP Header missing on port 80.]]></RESULT>\n
+        \         <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n          <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
+        \         <TIMES_FOUND>1</TIMES_FOUND>\n          <VULN_STATUS>New</VULN_STATUS>\n
+        \       </VULN_INFO>\n        <VULN_INFO>\n          <QID id=\"qid_38628\">38628</QID>\n
+        \         <TYPE>Vuln</TYPE>\n          <PORT>443</PORT>\n          <SERVICE>http
+        over ssl</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n          <SSL>true</SSL>\n
+        \         <RESULT><![CDATA[TLSv1.0 is supported]]></RESULT>\n          <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n        <VULN_INFO>\n
+        \         <QID id=\"qid_38657\">38657</QID>\n          <TYPE>Vuln</TYPE>\n
+        \         <PORT>443</PORT>\n          <SERVICE>http over ssl</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n
+        \         <SSL>true</SSL>\n          <RESULT format=\"table\"><![CDATA[CIPHER\tKEY-EXCHANGE\tAUTHENTICATION\tMAC\tENCRYPTION(KEY-STRENGTH)\tGRADE\nTLSv1
+        WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM\nTLSv1.1
+        WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM\nTLSv1.2
+        WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM]]></RESULT>\n
+        \         <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n          <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
+        \         <TIMES_FOUND>1</TIMES_FOUND>\n          <VULN_STATUS>New</VULN_STATUS>\n
+        \       </VULN_INFO>\n      </VULN_INFO_LIST>\n    </HOST>\n    <HOST>\n      <IP>88.78.187.177</IP>\n
+        \     <TRACKING_METHOD>IP</TRACKING_METHOD>\n      <DNS><![CDATA[ip123.ip-45-67-891.eu]]></DNS>\n
+        \     <OPERATING_SYSTEM><![CDATA[Ubuntu / Fedora / Tiny Core Linux / Linux
+        3.x]]></OPERATING_SYSTEM>\n      <VULN_INFO_LIST>\n        <VULN_INFO>\n          <QID
+        id=\"qid_11827\">11827</QID>\n          <TYPE>Vuln</TYPE>\n          <PORT>80</PORT>\n
+        \         <SERVICE>http</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n          <SSL>false</SSL>\n
+        \         <RESULT><![CDATA[Content-Security-Policy HTTP Header missing on
+        port 80.\nGET / HTTP/1.1\nHost: ip123.ip-45-67-891.eu\nConnection: Keep-Alive]]></RESULT>\n
+        \         <FIRST_FOUND>2017-12-05T09:48:50Z</FIRST_FOUND>\n          <LAST_FOUND>2017-12-05T09:48:50Z</LAST_FOUND>\n
+        \         <TIMES_FOUND>1</TIMES_FOUND>\n          <VULN_STATUS>New</VULN_STATUS>\n
+        \       </VULN_INFO>\n        <VULN_INFO>\n          <QID id=\"qid_11827\">11827</QID>\n
+        \         <TYPE>Vuln</TYPE>\n          <PORT>443</PORT>\n          <SERVICE>http
+        over ssl</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n          <SSL>false</SSL>\n
+        \         <RESULT><![CDATA[Content-Security-Policy HTTP Header missing on
+        port 443.\nGET / HTTP/1.1\nHost: ip123.ip-45-67-891.eu\nConnection: Keep-Alive]]></RESULT>\n
+        \         <FIRST_FOUND>2017-12-05T09:48:50Z</FIRST_FOUND>\n          <LAST_FOUND>2017-12-05T09:48:50Z</LAST_FOUND>\n
+        \         <TIMES_FOUND>1</TIMES_FOUND>\n          <VULN_STATUS>New</VULN_STATUS>\n
+        \       </VULN_INFO>\n        <VULN_INFO>\n          <QID id=\"qid_38628\">38628</QID>\n
+        \         <TYPE>Vuln</TYPE>\n          <PORT>443</PORT>\n          <SERVICE>http
+        over ssl</SERVICE>\n          <PROTOCOL>tcp</PROTOCOL>\n          <SSL>true</SSL>\n
+        \         <RESULT><![CDATA[TLSv1.0 is supported]]></RESULT>\n          <FIRST_FOUND>2017-12-05T09:48:50Z</FIRST_FOUND>\n
+        \         <LAST_FOUND>2017-12-05T09:48:50Z</LAST_FOUND>\n          <TIMES_FOUND>1</TIMES_FOUND>\n
+        \         <VULN_STATUS>New</VULN_STATUS>\n        </VULN_INFO>\n      </VULN_INFO_LIST>\n
+        \   </HOST>\n  </HOST_LIST>\n  <GLOSSARY>\n    <VULN_DETAILS_LIST>\n      <VULN_DETAILS
+        id=\"qid_11827\">\n        <QID id=\"qid_11827\">11827</QID>\n        <TITLE><![CDATA[HTTP
+        Security Header Not Detected]]></TITLE>\n        <SEVERITY>2</SEVERITY>\n
+        \       <CATEGORY>CGI</CATEGORY>\n        <THREAT><![CDATA[This QID reports
+        the absence of the following <A HREF=\"https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers\"
+        TARGET=\"_blank\">HTTP headers</A> according to <A HREF=\"https://cwe.mitre.org/data/definitions/693.html\"
+        TARGET=\"_blank\">CWE-693: Protection Mechanism Failure</A>:<BR>\nX-Frame-Options:
+        This HTTP response header improves the protection of web applications against
+        clickjacking attacks. Clickjacking, also known as a &quot;UI redress attack&quot;,
+        allows an attacker to use multiple transparent or opaque layers to trick a
+        targeted user into clicking on a button or link on another page when they
+        were intending to click on the the top level page. <BR>\nX-XSS-Protection:
+        This HTTP header enables the browser built-in Cross-Site Scripting (XSS) filter
+        to prevent cross-site scripting attacks. X-XSS-Protection: 0; disables this
+        functionality.<BR>\nX-Content-Type-Options: This HTTP header prevents attacks
+        based on MIME-type mismatch. The only possible value is nosniff. If your server
+        returns X-Content-Type-Options: nosniff in the response, the browser will
+        refuse to load the styles and scripts in case they have an incorrect MIME-type.
+        <BR>\nContent-Security-Policy: This HTTP header helps to detect and mitigate
+        certain types of attacks, including Cross Site Scripting (XSS), packet sniffing
+        attacks and data injection attacks.<BR>\nStrict-Transport-Security: The HTTP
+        Strict-Transport-Security response header (HSTS) is a security feature that
+        lets a web site tell browsers that it should only be communicated with using
+        HTTPS, instead of using HTTP.<P>\nQID Detection Logic:<BR>\nThis unauthenticated
+        QID looks for the presence of the following HTTP responses:<BR>\nValid directives
+        for X-Frame-Options are:<BR>\nX-Frame-Options: DENY - The page cannot be displayed
+        in a frame, regardless of the site attempting to do so.<BR>\nX-Frame-Options:
+        SAMEORIGIN - The page can only be displayed in a frame on the same origin
+        as the page itself.<BR>\nX-Frame-Options: ALLOW-FROM RESOURCE-URL - The page
+        can only be displayed in a frame on the specified origin.<P>\nContent-Security-Policy:
+        frame-ancestors - This directive specifies valid parents that may embed a
+        page using frame, iframe, object, embed, or applet\nValid directives for X-XSS-Protections
+        are:<BR>\nX-XSS-Protection: 1 - Enables XSS filtering (usually default in
+        browsers). If a cross-site scripting attack is detected, the browser will
+        sanitize the page (remove the unsafe parts).<BR>\nX-XSS-Protection: 1; mode=block
+        - Enables XSS filtering. Rather than sanitizing the page, the browser will
+        prevent rendering of the page if an attack is detected.<BR>\nX-XSS-Protection:
+        1; report=URI  - Enables XSS filtering. If a cross-site scripting attack is
+        detected, the browser will sanitize the page and report the violation. This
+        uses the functionality of the CSP report-uri directive to send a report.<BR>\nX-XSS-Protection:
+        0 disables this directive and hence is also treated as not detected.<P>\nA
+        valid directive for X-Content-Type-Options: nosniff<P>\nA valid directive
+        for Content-Security-Policy: &lt;policy-directive&gt;; &lt;policy-directive&gt;<P>\nA
+        valid HSTS directive Strict-Transport-Security: max-age=&lt;expire-time&gt;;
+        [; includeSubDomains][; preload]<P>\n<B>NOTE:</B> All report-only directives
+        (where applicable) are considered invalid.]]></THREAT>\n        <IMPACT><![CDATA[Depending
+        on the vulnerability being exploited, an unauthenticated remote attacker could
+        conduct cross-site scripting, clickjacking or MIME-type sniffing attacks.]]></IMPACT>\n
+        \       <SOLUTION><![CDATA[CWE-693: Protection Mechanism Failure mentions
+        the following - The product does not use or incorrectly uses a protection
+        mechanism that provides sufficient defense against directed attacks against
+        the product. A &quot;missing&quot; protection mechanism occurs when the application
+        does not define any mechanism against a certain class of attack. An &quot;insufficient&quot;
+        protection mechanism might provide some defenses - for example, against the
+        most common attacks - but it does not protect against everything that is intended.
+        Finally, an &quot;ignored&quot; mechanism occurs when a mechanism is available
+        and in active use within the product, but the developer has not applied it
+        in some code path.<P>\nCustomers are advised to set proper <A HREF=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options\"
+        TARGET=\"_blank\">X-Frame-Options</A>, <A HREF=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection\"
+        TARGET=\"_blank\">X-XSS-Protection</A>, <A HREF=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP\"
+        TARGET=\"_blank\">Content Security Policy</A>, <A HREF=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options\"
+        TARGET=\"_blank\">X-Content-Type-Options</A> and <A HREF=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security\"
+        TARGET=\"_blank\">Strict-Transport-Security</A> HTTP response headers.<P>\nDepending
+        on their server software, customers can set directives in their site configuration
+        or Web.config files. Few examples are:<P>\nX-Frame-Options:<BR>\nApache: Header
+        always append X-Frame-Options SAMEORIGIN<BR>\nnginx: add_header X-Frame-Options
+        SAMEORIGIN;<BR>\nHAProxy: rspadd X-Frame-Options:\\ SAMEORIGIN<BR>\nIIS: &lt;HTTPPROTOCOL&gt;&lt;CUSTOMHEADERS&gt;&lt;ADD
+        NAME=&quot;X-Frame-Options&quot; VALUE=&quot;SAMEORIGIN&quot;&gt;&lt;/ADD&gt;&lt;/CUSTOMHEADERS&gt;&lt;/HTTPPROTOCOL&gt;<P>\nX-XSS-Protection:<BR>\nApache:
+        Header always set X-XSS-Protection &quot;1; mode=block&quot; <BR>\nPHP: header(&quot;X-XSS-Protection:
+        1; mode=block&quot;);<P>\nX-Content-Type-Options:<BR>\nApache: Header always
+        set X-Content-Type-Options: nosniff<P>\nContent-Security-Policy: (Please note
+        that these values may differ from website to website. The values below are
+        for informational purposes only. The scanner simply looks for the presence
+        of the security header.)<BR>\nApache: Header set Content-Security-Policy &quot;script-src
+        'self'; object-src 'self'&quot;<BR>\nIIS: &lt;SYSTEM.WEBSERVER&gt;&lt;HTTPPROTOCOL&gt;&lt;CUSTOMHEADERS&gt;&lt;ADD
+        NAME=&quot;Content-Security-Policy&quot; VALUE=&quot;default-src 'self';&quot;&gt;&lt;/ADD&gt;&lt;/CUSTOMHEADERS&gt;&lt;/HTTPPROTOCOL&gt;&lt;/SYSTEM.WEBSERVER&gt;<BR>\nnginx:
+        add_header Content-Security-Policy &quot;default-src 'self'; script-src 'self';<P>\nHTTP
+        Strict-Transport-Security:<BR>\nApache: Header always set Strict-Transport-Security
+        &quot;max-age=31536000; includeSubDomains&quot;<BR>\nNginx: add_header Strict-Transport-Security
+        max-age=31536000;]]></SOLUTION>\n        <PCI_FLAG>1</PCI_FLAG>\n        <LAST_UPDATE>2017-11-09T00:47:11Z</LAST_UPDATE>\n
+        \     </VULN_DETAILS>\n      <VULN_DETAILS id=\"qid_38140\">\n        <QID
+        id=\"qid_38140\">38140</QID>\n        <TITLE><![CDATA[SSL Server Supports
+        Weak Encryption Vulnerability]]></TITLE>\n        <SEVERITY>3</SEVERITY>\n
+        \       <CATEGORY>General remote services</CATEGORY>\n        <THREAT><![CDATA[The
+        Secure Socket Layer (SSL) protocol allows for secure communication between
+        a client and a server.\n<P>\nSSL encryption ciphers are classified based on
+        encryption key length as follows:<BR>\n<UL>\n<LI>HIGH - key length larger
+        than 128 bits\n<LI>MEDIUM - key length equal to 128 bits\n<LI>LOW - key length
+        smaller than 128 bits\n</UL>\n<P>\nMessages encrypted with LOW encryption
+        ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM
+        or HIGH strength ciphers to guarantee transaction security.\n<P>\nThe following
+        link provides more information about this vulnerability:\n<UL>\n<LI><A HREF=\"http://www.schneier.com/paper-ssl-revised.pdf\"
+        TARGET=\"_blank\">Analysis of the SSL 3.0 protocol</A>\n</UL>\n<P>\nPlease
+        note that this detection only checks for weak cipher support at the SSL layer.
+        Some servers may implement additional protection at the data layer. For example,
+        some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation
+        to complete but send back an error message and abort further communication
+        on the secure channel. This vulnerability may not be exploitable for such
+        configurations.]]></THREAT>\n        <IMPACT><![CDATA[An attacker can exploit
+        this vulnerability to decrypt secure communications without authorization.]]></IMPACT>\n
+        \       <SOLUTION><![CDATA[Disable support for LOW encryption ciphers.<P>\n<B>Apache</B>\n<BR>
+        If TLSv1.1 or TLSv1.2 are available, then those protocols should be used.\n<BR>SSLProtocol
+        TLSv1.1 TLSv1.2<BR>\nIf TLSv1.1 and TLSv1.2 are not available then only TLS1.0
+        should be used:\n<BR>SSLProtocol TLSv1\n<BR>Typically, for Apache/mod_ssl,
+        httpd.conf or ssl.conf should have the following lines:<BR>\nSSLCipherSuite
+        ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM<BR><BR>\nFor Apache/apache_ssl
+        include the following line in the configuration file (httpsd.conf):<BR>\nSSLRequireCipher
+        ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM<BR><P>\n\n<B>Tomcat</B>\n<BR>\nsslProtocol=&quot;SSLv3&quot;
+        \               \n<BR>ciphers=&quot;SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W\n<BR>ITH_3DES_EDE_CBC_SHA&quot;\n<BR><P>\n<B>IIS</B>\n<BR>\n<A
+        HREF=\"http://support.microsoft.com/default.aspx?scid=kb;EN-US;245030\" TARGET=\"_blank\">How
+        to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll</A>
+        (Windows restart required)\n<BR><A HREF=\"http://support.microsoft.com/default.aspx?scid=kb;en-us;187498\"
+        TARGET=\"_blank\">How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in
+        Internet Information Services</A> (Windows restart required)\n<BR><A HREF=\"http://www.microsoft.com/technet/security/prodtech/IIS.mspx\"
+        TARGET=\"_blank\">Security Guidance for IIS</A>\n<P>For Novell Netware 6.5
+        please refer to the following document \n<A HREF=\"http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm\"
+        TARGET=\"_blank\">SSL Allows the use of Weak Ciphers. -TID10100633 </A>]]></SOLUTION>\n
+        \       <PCI_FLAG>1</PCI_FLAG>\n        <LAST_UPDATE>2015-01-20T19:50:33Z</LAST_UPDATE>\n
+        \     </VULN_DETAILS>\n      <VULN_DETAILS id=\"qid_38142\">\n        <QID
+        id=\"qid_38142\">38142</QID>\n        <TITLE><![CDATA[SSL Server Allows Anonymous
+        Authentication Vulnerability]]></TITLE>\n        <SEVERITY>4</SEVERITY>\n
+        \       <CATEGORY>General remote services</CATEGORY>\n        <THREAT><![CDATA[The
+        Secure Socket Layer (SSL) protocol allows for secure communication between
+        a client and a server. The client usually authenticates the server using an
+        algorithm like RSA or DSS. Some SSL ciphers allow SSL communication without
+        authentication. Most common Web browsers like Microsoft Internet Explorer,
+        Netscape and Mozilla do not use anonymous authentication ciphers by default.\n\n<P>A
+        vulnerability exists in SSL communications when clients are allowed to connect\nusing
+        no authentication algorithm. SSL client-server communication may use several
+        different types of\nauthentication: RSA, Diffie-Hellman, DSS or none. When
+        'none' is used, the\ncommunications are vulnerable to a man-in-the-middle
+        attack.&quot;]]></THREAT>\n        <IMPACT><![CDATA[An attacker can exploit
+        this vulnerability to impersonate your server to clients.]]></IMPACT>\n        <SOLUTION><![CDATA[Disable
+        support for anonymous authentication.<P>\n<B>1) How to disable for Apache:</B>\n<BR>Typically,
+        for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:<BR>\nSSLProtocol
+        -ALL +SSLv3 +TLSv1<BR>\nSSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM<BR><BR>\nFor
+        Apache/apache_ssl include the following line in the configuration file (httpsd.conf):<BR>\nSSLRequireCipher
+        ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM<BR>\n<P><B>2) IIS:</B>\n<BR>For
+        IIS please see: <A HREF=\"http://support.microsoft.com/kb/187498/en-us\" TARGET=\"_blank\">How
+        to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services</A>,
+        <A HREF=\"http://support.microsoft.com/kb/245030/en-us\" TARGET=\"_blank\">How
+        to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll</A>,
+        <A HREF=\"http://support.microsoft.com/kb/299520/en-us\" TARGET=\"_blank\">How
+        to Determine the Cipher Suite for the Server and Client</A>, , and <A HREF=\"http://support.microsoft.com/kb/241447\"
+        TARGET=\"_blank\">How to restrict the use of certain ciphers in Internet Information
+        Services 5.0</A>\n<P>\n<B>3) Wu-FTP:</B>\nFor Wu-FTP which supports TLS, the
+        ciphers parameter in TLS configuration file should be set to -ALL +SSLv3 +TLSv1<BR>
+        For more details please consult the docs/HOWTO/ssl_and_tls_ftpd.HOWTO  file
+        provided by wu-ftpd distribution.\n<P>\n<B>4) Lighttpd:</B>\nFor lighttpd:
+        Locate the lighttpd config file and modify the following  ssl.ciper-list line
+        to include !aNULL.  A restart of the lightttpd application is necessary.<BR>\nExample:
+        ssl.cipher-list = &quot;TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH&quot;\n\n<P>\n<B>It
+        is recommended that you follow SSL best security practices:</B>\n<BR><A HREF=\"https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices\"
+        TARGET=\"_blank\">SSL and TLS Deployment Best Practices</A>\n<BR><A HREF=\"http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-1/ssl.html\"
+        TARGET=\"_blank\">http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-1/ssl.html</A>\n<BR><A
+        HREF=\"http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite\"
+        TARGET=\"_blank\">http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite</A>\n<BR><A
+        HREF=\"http://www.megasecurity.org/Info/ssl_servers.html\" TARGET=\"_blank\">http://www.megasecurity.org/Info/ssl_servers.html</A><P>]]></SOLUTION>\n
+        \       <PCI_FLAG>1</PCI_FLAG>\n        <LAST_UPDATE>2017-03-17T00:12:11Z</LAST_UPDATE>\n
+        \     </VULN_DETAILS>\n      <VULN_DETAILS id=\"qid_38169\">\n        <QID
+        id=\"qid_38169\">38169</QID>\n        <TITLE><![CDATA[SSL Certificate - Self-Signed
+        Certificate]]></TITLE>\n        <SEVERITY>2</SEVERITY>\n        <CATEGORY>General
+        remote services</CATEGORY>\n        <THREAT><![CDATA[An SSL Certificate associates
+        an entity (person, organization, host, etc.) with a Public Key. In an SSL
+        connection, the client authenticates the remote server using the server's
+        Certificate and extracts the Public Key in the Certificate to establish the
+        secure connection.\n<P>\nThe client can trust that the Server Certificate
+        belongs the server only if it is signed by a mutually trusted third-party
+        Certificate Authority (CA). Self-signed certificates are created generally
+        for testing purposes or to avoid paying third-party CAs. These should not
+        be used on any production or critical servers.\n<P>\nBy exploiting this vulnerability,
+        an attacker can impersonate the server by presenting a fake self-signed certificate.
+        If the client knows that the server does not have a trusted certificate, it
+        will accept this spoofed certificate and communicate with the remote server.]]></THREAT>\n
+        \       <IMPACT><![CDATA[By exploiting this vulnerability, an attacker can
+        launch a man-in-the-middle attack.]]></IMPACT>\n        <SOLUTION><![CDATA[Please
+        install a server certificate signed by a trusted third-party Certificate Authority.]]></SOLUTION>\n
+        \       <PCI_FLAG>1</PCI_FLAG>\n        <LAST_UPDATE>2009-05-25T03:59:26Z</LAST_UPDATE>\n
+        \     </VULN_DETAILS>\n      <VULN_DETAILS id=\"qid_38170\">\n        <QID
+        id=\"qid_38170\">38170</QID>\n        <TITLE><![CDATA[SSL Certificate - Subject
+        Common Name Does Not Match Server FQDN]]></TITLE>\n        <SEVERITY>2</SEVERITY>\n
+        \       <CATEGORY>General remote services</CATEGORY>\n        <THREAT><![CDATA[An
+        SSL Certificate associates an entity (person, organization, host, etc.) with
+        a Public Key. In an SSL connection, the client authenticates the remote server
+        using the server's Certificate and extracts the Public Key in the Certificate
+        to establish the secure connection.\n<P>\nA certificate whose Subject commonName
+        or subjectAltName does not match the server FQDN offers only encryption without
+        authentication.\n<P>\nPlease note that a false positive reporting of this
+        vulnerability is possible in the following case:\n<UL>If the common name of
+        the certificate uses a wildcard such as *.somedomainname.com and the reverse
+        DNS resolution of the target IP is not configured. In this case there is no
+        way for Qualys to associate the wildcard common name to the IP. Adding a reverse
+        DNS lookup entry to the target IP will solve this problem.\n</UL>]]></THREAT>\n
+        \       <IMPACT><![CDATA[A man-in-the-middle attacker can exploit this vulnerability
+        in tandem with a DNS cache poisoning attack to lure the client to another
+        server, and then steal all the encryption communication.]]></IMPACT>\n        <SOLUTION><![CDATA[Please
+        install a server certificate whose Subject commonName or subjectAltName matches
+        the server FQDN.]]></SOLUTION>\n        <PCI_FLAG>0</PCI_FLAG>\n        <LAST_UPDATE>2015-08-12T17:39:01Z</LAST_UPDATE>\n
+        \     </VULN_DETAILS>\n      <VULN_DETAILS id=\"qid_38173\">\n        <QID
+        id=\"qid_38173\">38173</QID>\n        <TITLE><![CDATA[SSL Certificate - Signature
+        Verification Failed Vulnerability]]></TITLE>\n        <SEVERITY>2</SEVERITY>\n
+        \       <CATEGORY>General remote services</CATEGORY>\n        <THREAT><![CDATA[An
+        SSL Certificate associates an entity (person, organization, host, etc.) with
+        a Public Key. In an SSL connection, the client authenticates the remote server
+        using the server's Certificate and extracts the Public Key in the Certificate
+        to establish the secure connection. The authentication is done by verifying
+        that the public key in the certificate is signed by a trusted third-party
+        Certificate Authority.\n<P>\nIf a client is unable to verify the certificate,
+        it can abort communication or prompt the user to continue the communication
+        without authentication.]]></THREAT>\n        <IMPACT><![CDATA[By exploiting
+        this vulnerability, man-in-the-middle attacks in tandem with DNS cache poisoning
+        can occur.\n<P>\nException:<BR>\nIf the server communicates only with a restricted
+        set of clients who have the server certificate or the trusted CA certificate,
+        then the server or CA certificate may not be available publicly, and the scan
+        will be unable to verify the signature.]]></IMPACT>\n        <SOLUTION><![CDATA[Please
+        install a server certificate signed by a trusted third-party Certificate Authority.]]></SOLUTION>\n
+        \       <PCI_FLAG>1</PCI_FLAG>\n        <LAST_UPDATE>2009-05-23T00:02:29Z</LAST_UPDATE>\n
+        \     </VULN_DETAILS>\n      <VULN_DETAILS id=\"qid_38601\">\n        <QID
+        id=\"qid_38601\">38601</QID>\n        <TITLE><![CDATA[SSL/TLS use of weak
+        RC4 cipher]]></TITLE>\n        <SEVERITY>3</SEVERITY>\n        <CATEGORY>General
+        remote services</CATEGORY>\n        <THREAT><![CDATA[Secure Sockets Layer
+        (SSL v2/v3) and Transport Layer Security (TLS ) protocols provide integrity,
+        confidentiality and authenticity services to other protocols that lack these
+        features.\n<P>\nSSL/TLS protocols use ciphers such as AES,DES, 3DES and RC4
+        to encrypt the content of the higher layer protocols and thus provide the
+        confidentiality service. Normally the output of an encryption process is a
+        sequence of random looking bytes. It was known that RC4 output has some bias
+        in the output. Recently a group of researchers has discovered that the there
+        is a stronger bias in RC4, which make statistical analysis of ciphertext more
+        practical.\n<P>\nThe described attack is to inject a malicious javascript
+        into the victim's browser that would ensure that there are multiple connections
+        being established with a target website and the same HTTP cookie is sent multiple
+        times to the website in encrypted form. This provides the attacker a large
+        set of ciphertext samples, that can be used for statistical analysis.\n\n<P>NOTE:
+        On 3/12/15 NVD changed the CVSS v2 access complicity from high to medium.
+        As a result Qualys revised the CVSS score to 4.3 immediately. On 5/4/15 Qualys
+        is also revising the severity to level 3.]]></THREAT>\n        <IMPACT><![CDATA[If
+        this attack is carried out and an HTTP cookie is recovered, then the attacker
+        can use the cookie to impersonate the user whose cookie was recovered.\n<P>\nThis
+        attack is not very practical as it requires the attacker to have access to
+        millions of samples of ciphertext, but there are certain assumptions that
+        an attacker can make to improve the chances of recovering the cleartext from
+        cihpertext. For examples HTTP cookies are either base64 encoded or hex digits.
+        This information can help the attacker in their efforts to recover the cookie.]]></IMPACT>\n
+        \       <SOLUTION><![CDATA[RC4 should not be used where possible. One reason
+        that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode
+        ciphers in SSL and TLS. However, TLSv 1.2 or later address these issues.]]></SOLUTION>\n
+        \       <PCI_FLAG>0</PCI_FLAG>\n        <LAST_UPDATE>2016-01-29T19:32:26Z</LAST_UPDATE>\n
+        \       <CVE_ID_LIST>\n          <CVE_ID>\n            <ID><![CDATA[CVE-2013-2566]]></ID>\n
+        \           <URL><![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2566]]></URL>\n
+        \         </CVE_ID>\n          <CVE_ID>\n            <ID><![CDATA[CVE-2015-2808]]></ID>\n
+        \           <URL><![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808]]></URL>\n
+        \         </CVE_ID>\n        </CVE_ID_LIST>\n        <BUGTRAQ_ID_LIST>\n          <BUGTRAQ_ID>\n
+        \           <ID><![CDATA[91787]]></ID>\n            <URL><![CDATA[http://www.securityfocus.com/bid/91787]]></URL>\n
+        \         </BUGTRAQ_ID>\n          <BUGTRAQ_ID>\n            <ID><![CDATA[58796]]></ID>\n
+        \           <URL><![CDATA[http://www.securityfocus.com/bid/58796]]></URL>\n
+        \         </BUGTRAQ_ID>\n          <BUGTRAQ_ID>\n            <ID><![CDATA[73684]]></ID>\n
+        \           <URL><![CDATA[http://www.securityfocus.com/bid/73684]]></URL>\n
+        \         </BUGTRAQ_ID>\n        </BUGTRAQ_ID_LIST>\n      </VULN_DETAILS>\n
+        \     <VULN_DETAILS id=\"qid_38603\">\n        <QID id=\"qid_38603\">38603</QID>\n
+        \       <TITLE><![CDATA[SSLv3 Padding Oracle Attack Information Disclosure
+        Vulnerability (POODLE)]]></TITLE>\n        <SEVERITY>3</SEVERITY>\n        <CATEGORY>General
+        remote services</CATEGORY>\n        <THREAT><![CDATA[The SSL protocol 3.0
+        design error, uses nondeterministic CBC padding, which makes it easier for
+        man-in-the-middle attacks. \n<P>\nThe target supports SSLv3, which makes it
+        vulnerable to POODLE (Padding Oracle On Downgraded Legacy Encryption), even
+        if it also supports more recent versions of TLS. It's subject to a downgrade
+        attack, in which the attacker tricks the browser into connecting with SSLv3.]]></THREAT>\n
+        \       <IMPACT><![CDATA[An attacker who can take a man-in-the-middle (MitM)
+        position can exploit this vulnerability and gain access to encrypted communication
+        between a client and server.]]></IMPACT>\n        <SOLUTION><![CDATA[Disable
+        SSLv3 support to avoid this vulnerability.<P>\nExamples to disable SSLv3.<BR>\nnginx:
+        list specific allowed protocols in the &quot;ssl_protocols&quot; line. Make
+        sure SSLv2 and SSLv3 is not listed. For example: ssl_protocols TLSv2 TLSv1.1
+        TLSv1.2;<BR>\nApache: Add -SSLv3 to the &quot;SSLProtocol&quot; line. <BR>\n<A
+        HREF=\"https://support.microsoft.com/kb/187498/en-us\" TARGET=\"_blank\">How
+        to disable SSL 3.0 on Microsoft IIS</A>.\n<P>For PCI, please refer to the
+        Qualys <A HREF=\"https://community.qualys.com/thread/15280\" TARGET=\"_blank\">community
+        article</A>.]]></SOLUTION>\n        <CORRELATION>\n          <EXPLOITABILITY>\n
+        \           <EXPLT_SRC>\n              <SRC_NAME><![CDATA[Metasploit]]></SRC_NAME>\n
+        \             <EXPLT_LIST>\n                <EXPLT>\n                  <REF><![CDATA[CVE-2014-3566]]></REF>\n
+        \                 <DESC><![CDATA[HTTP SSL/TLS Version Detection (POODLE scanner)
+        - Metasploit Ref : /modules/auxiliary/scanner/http/ssl_version]]></DESC>\n
+        \                 <LINK><![CDATA[https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/ssl_version.rb]]></LINK>\n
+        \               </EXPLT>\n              </EXPLT_LIST>\n            </EXPLT_SRC>\n
+        \         </EXPLOITABILITY>\n        </CORRELATION>\n        <PCI_FLAG>1</PCI_FLAG>\n
+        \       <LAST_UPDATE>2016-01-06T21:57:28Z</LAST_UPDATE>\n        <VENDOR_REFERENCE_LIST>\n
+        \         <VENDOR_REFERENCE>\n            <ID><![CDATA[POODLE]]></ID>\n            <URL><![CDATA[https://www.openssl.org/~bodo/ssl-poodle.pdf]]></URL>\n
+        \         </VENDOR_REFERENCE>\n        </VENDOR_REFERENCE_LIST>\n        <CVE_ID_LIST>\n
+        \         <CVE_ID>\n            <ID><![CDATA[CVE-2014-3566]]></ID>\n            <URL><![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566]]></URL>\n
+        \         </CVE_ID>\n        </CVE_ID_LIST>\n        <BUGTRAQ_ID_LIST>\n          <BUGTRAQ_ID>\n
+        \           <ID><![CDATA[70574]]></ID>\n            <URL><![CDATA[http://www.securityfocus.com/bid/70574]]></URL>\n
+        \         </BUGTRAQ_ID>\n        </BUGTRAQ_ID_LIST>\n      </VULN_DETAILS>\n
+        \     <VULN_DETAILS id=\"qid_38606\">\n        <QID id=\"qid_38606\">38606</QID>\n
+        \       <TITLE><![CDATA[SSL Server Has SSLv3 Enabled Vulnerability]]></TITLE>\n
+        \       <SEVERITY>3</SEVERITY>\n        <CATEGORY>General remote services</CATEGORY>\n
+        \       <THREAT><![CDATA[SSL 3.0 is an obsolete and insecure protocol.<BR>\nEncryption
+        in SSL 3.0 uses either the RC4 stream cipher, or a block cipher in CBC mode.<BR>\nRC4
+        is known to have biases, and the block cipher in CBC mode is vulnerable to
+        the POODLE attack.<P>\n\nThe SSLv3 protocol is insecure due to the POODLE
+        attack and the weakness of RC4 cipher.<P>\nNote: In April 2016, PCI released
+        <A HREF=\"https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2.pdf\"
+        TARGET=\"_blank\">PCI DSS v3.2</A> announcing that NIST no longer considers
+        Secure Socket Layers (SSL) v3.0 protocol as acceptable for protecting data
+        and that all versions of SSL versions do not meet the PCI definition of &quot;strong
+        cryptography.&quot;<P>]]></THREAT>\n        <IMPACT><![CDATA[An attacker can
+        exploit this vulnerability to read secure communications or maliciously modify
+        messages.]]></IMPACT>\n        <SOLUTION><![CDATA[Disable the SSL 3.0 protocol
+        in the client and in the server, refer to \nHow to disable SSLv3 : <A HREF=\"http://disablessl3.com/\"
+        TARGET=\"_blank\">Disable SSLv3</A>]]></SOLUTION>\n        <PCI_FLAG>1</PCI_FLAG>\n
+        \       <LAST_UPDATE>2017-07-10T18:08:39Z</LAST_UPDATE>\n      </VULN_DETAILS>\n
+        \     <VULN_DETAILS id=\"qid_38628\">\n        <QID id=\"qid_38628\">38628</QID>\n
+        \       <TITLE><![CDATA[SSL/TLS Server supports TLSv1.0]]></TITLE>\n        <SEVERITY>3</SEVERITY>\n
+        \       <CATEGORY>General remote services</CATEGORY>\n        <THREAT><![CDATA[TLS
+        is capable of using a multitude of ciphers (algorithms) to create the public
+        and private key pairs.<BR>\nFor example if TLSv1.0 uses either the RC4 stream
+        cipher, or a block cipher in CBC mode.<BR>\nRC4 is known to have biases and
+        the block cipher in CBC mode is vulnerable to the POODLE attack.<P>\n\nTLSv1.0,
+        if configured to use the same cipher suites as SSLv3, includes a means by
+        which a TLS implementation can downgrade the connection to SSL v3.0, thus
+        weakening security.<P>\n\n<A HREF=\"https://blog.qualys.com/ssllabs/2014/12/08/poodle-bites-tls\"
+        TARGET=\"_blank\">A POODLE-type</A> attack could also be launched directly
+        at TLS without negotiating a downgrade.<P>\n\n<B> This QID will be marked
+        as a Fail for PCI as of May 1st, 2017 in accordance with the new standards.
+        \ For existing implementations, Merchants will be able to submit a PCI False
+        Positive / Exception Request and provide proof of their Risk Mitigation and
+        Migration Plan, which will result in a pass for PCI up until June 30th, 2018.\n<P>\n
+        Further details can be found at: <A HREF=\"https://community.qualys.com/message/34120\"
+        TARGET=\"_blank\">NEW PCI DSS v3.2 and Migrating from SSL and Early TLS v1.1</A>\n</B>\n<P>]]></THREAT>\n
+        \       <IMPACT><![CDATA[An attacker can exploit cryptographic flaws to conduct
+        man-in-the-middle type attacks or to decryption communications.<P>\nFor example:
+        An attacker could force a downgrade from the TLS protocol to the older SSLv3.0
+        protocol and exploit the POODLE vulnerability, read secure communications
+        or maliciously modify messages.<P>\n<A HREF=\"https://blog.qualys.com/ssllabs/2014/12/08/poodle-bites-tls\"
+        TARGET=\"_blank\">A POODLE-type</A> attack could also be launched directly
+        at TLS without negotiating a downgrade.<P>]]></IMPACT>\n        <SOLUTION><![CDATA[Disable
+        the use of TLSv1.0 protocol in favor of a cryptographically stronger protocol
+        such as TLSv1.2.\nThe following openssl commands can be used to do a manual
+        test:\nopenssl s_client -connect ip:port -tls1\n\nIf the test is successful,
+        then the target support TLSv1]]></SOLUTION>\n        <PCI_FLAG>1</PCI_FLAG>\n
+        \       <LAST_UPDATE>2017-06-09T18:16:07Z</LAST_UPDATE>\n      </VULN_DETAILS>\n
+        \     <VULN_DETAILS id=\"qid_38657\">\n        <QID id=\"qid_38657\">38657</QID>\n
+        \       <TITLE><![CDATA[Birthday attacks against TLS ciphers with 64bit block
+        size vulnerability (Sweet32)]]></TITLE>\n        <SEVERITY>3</SEVERITY>\n
+        \       <CATEGORY>General remote services</CATEGORY>\n        <THREAT><![CDATA[Legacy
+        block ciphers having block size of 64 bits are vulnerable to a practical collision
+        attack when used in CBC mode. \nAll versions of SSL/TLS protocol support cipher
+        suites which use DES or 3DES as the symmetric encryption cipher are affected.]]></THREAT>\n
+        \       <IMPACT><![CDATA[Remote attackers can obtain cleartext data via a
+        birthday attack against a long-duration encrypted session.]]></IMPACT>\n        <SOLUTION><![CDATA[Disable
+        and stop using DES and 3DES ciphers.\nThe following openssl commands can be
+        used to do a manual test:\nopenssl s_client -connect ip:port -cipher &quot;DES:3DES&quot;
+        -ssl2\nopenssl s_client -connect ip:port -cipher &quot;DES:3DES&quot; -ssl3\nopenssl
+        s_client -connect ip:port -cipher &quot;DES:3DES&quot; -tls1\nopenssl s_client
+        -connect ip:port -cipher &quot;DES:3DES&quot; -tls1_1\nopenssl s_client -connect
+        ip:port -cipher &quot;DES:3DES&quot; -tls1_2\n\nIf any of these tests is successful,
+        then the target is vulnerable to Sweet32.]]></SOLUTION>\n        <PCI_FLAG>0</PCI_FLAG>\n
+        \       <LAST_UPDATE>2017-06-27T06:14:43Z</LAST_UPDATE>\n        <CVE_ID_LIST>\n
+        \         <CVE_ID>\n            <ID><![CDATA[CVE-2016-2183]]></ID>\n            <URL><![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183]]></URL>\n
+        \         </CVE_ID>\n        </CVE_ID_LIST>\n        <BUGTRAQ_ID_LIST>\n          <BUGTRAQ_ID>\n
+        \           <ID><![CDATA[92630]]></ID>\n            <URL><![CDATA[http://www.securityfocus.com/bid/92630]]></URL>\n
+        \         </BUGTRAQ_ID>\n          <BUGTRAQ_ID>\n            <ID><![CDATA[95568]]></ID>\n
+        \           <URL><![CDATA[http://www.securityfocus.com/bid/95568]]></URL>\n
+        \         </BUGTRAQ_ID>\n        </BUGTRAQ_ID_LIST>\n      </VULN_DETAILS>\n
+        \     <VULN_DETAILS id=\"qid_38685\">\n        <QID id=\"qid_38685\">38685</QID>\n
+        \       <TITLE><![CDATA[SSL Certificate - Invalid Maximum Validity Date Detected]]></TITLE>\n
+        \       <SEVERITY>2</SEVERITY>\n        <CATEGORY>General remote services</CATEGORY>\n
+        \       <THREAT><![CDATA[Starting 1 April 2015, Certification Authorities
+        (CAs) are not permitted to issue SSL certificates (issued from a public root)
+        with a validity period greater than 39 months.  \n<BR>\nSSL/TLS certificate
+        maximum validity is three years (39 months) for Domain Validated (DV) and
+        Organization Validated (OV) Certificates.<BR>\nSSL certificates have limited
+        validity periods so that the certificate's holder identity information is
+        re-authenticated more frequently. \n<P>\nIt is detected that maximum validity
+        of certificate on the system is more than what is recommended.]]></THREAT>\n
+        \       <IMPACT><![CDATA[By exploiting this vulnerability, an attacker can
+        launch a man-in-the-middle attack.]]></IMPACT>\n        <SOLUTION><![CDATA[Please
+        install a server certificate with recommended maximum validity.]]></SOLUTION>\n
+        \       <PCI_FLAG>1</PCI_FLAG>\n        <LAST_UPDATE>2017-10-02T22:32:24Z</LAST_UPDATE>\n
+        \     </VULN_DETAILS>\n      <VULN_DETAILS id=\"qid_82003\">\n        <QID
+        id=\"qid_82003\">82003</QID>\n        <TITLE><![CDATA[ICMP Timestamp Request]]></TITLE>\n
+        \       <SEVERITY>1</SEVERITY>\n        <CATEGORY>TCP/IP</CATEGORY>\n        <THREAT><![CDATA[ICMP
+        (Internet Control and Error Message Protocol) is a protocol encapsulated in
+        IP packets. It's principal purpose is to provide a protocol layer able to
+        inform gateways of the inter-connectivity and accessibility of other gateways
+        or hosts. &quot;ping&quot; is a well-known program for determining if a host
+        is up or down. It uses ICMP echo packets. ICMP timestamp packets are used
+        to synchronize clocks between hosts.]]></THREAT>\n        <IMPACT><![CDATA[Unauthorized
+        users can obtain information about your network by sending ICMP timestamp
+        packets. For example, the internal systems clock should not be disclosed since
+        some internal daemons use this value to calculate ID or sequence numbers (i.e.,
+        on SunOS servers).]]></IMPACT>\n        <SOLUTION><![CDATA[You can filter
+        ICMP messages of type &quot;Timestamp&quot; and &quot;Timestamp Reply&quot;
+        at the firewall level. Some system administrators choose to filter most types
+        of ICMP messages for various reasons. For example, they may want to protect
+        their internal hosts from ICMP-based Denial Of Service attacks, such as the
+        <I>Ping of Death</I> or <I>Smurf</I> attacks. \n<P>\nHowever, you should never
+        filter <B>ALL</B> ICMP messages, as some of them (&quot;Don't Fragment&quot;,
+        &quot;Destination Unreachable&quot;, &quot;Source Quench&quot;, etc) are necessary
+        for proper behavior of Operating System TCP/IP stacks.\n<P>\nIt may be wiser
+        to contact your network consultants for advice, since this issue impacts your
+        overall network reliability and security.]]></SOLUTION>\n        <PCI_FLAG>0</PCI_FLAG>\n
+        \       <LAST_UPDATE>2009-04-29T03:59:17Z</LAST_UPDATE>\n        <CVE_ID_LIST>\n
+        \         <CVE_ID>\n            <ID><![CDATA[CVE-1999-0524]]></ID>\n            <URL><![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0524]]></URL>\n
+        \         </CVE_ID>\n        </CVE_ID_LIST>\n      </VULN_DETAILS>\n    </VULN_DETAILS_LIST>\n
+        \ </GLOSSARY>\n  <APPENDICES>\n    <NO_VULNS>\n      <IP_LIST>\n        <RANGE>\n
+        \         <START>192.168.1.100</START>\n          <END>192.168.1.100</END>\n
+        \       </RANGE>\n      </IP_LIST>\n    </NO_VULNS>\n    <TEMPLATE_DETAILS>\n
+        \     <FILTER_SUMMARY>\n        Status:New, Active, Re-Opened, Fixed\n        Vulnerabilities:\n
+        \       State:Active\n        Included Operating Systems:\n        All Operating
+        Systems\n      </FILTER_SUMMARY>\n    </TEMPLATE_DETAILS>\n  </APPENDICES>\n</ASSET_DATA_REPORT>\n<!--
+        CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides the QualysGuard
+        Service \"As Is,\" without any warranty of any kind. Qualys makes no warranty
+        that the information contained in this report is complete or error-free. Copyright
+        2017, Qualys, Inc. //--> \n"
+    http_version:
+  recorded_at: Tue, 12 Dec 2017 10:00:00 GMT
+recorded_with: VCR 4.0.0