qualys 0.1.4 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +3 -2
- data/.rubocop.yml +7 -0
- data/.rubocop_todo.yml +71 -0
- data/.travis.yml +13 -1
- data/Gemfile +3 -1
- data/Gemfile.lock +91 -0
- data/README.md +50 -10
- data/Rakefile +3 -4
- data/lib/qualys.rb +10 -11
- data/lib/qualys/api.rb +38 -47
- data/lib/qualys/auth.rb +11 -20
- data/lib/qualys/compliance.rb +3 -7
- data/lib/qualys/config.rb +3 -5
- data/lib/qualys/host.rb +17 -0
- data/lib/qualys/report.rb +90 -0
- data/lib/qualys/scans.rb +10 -22
- data/lib/qualys/version.rb +1 -1
- data/lib/qualys/vulnerability.rb +74 -0
- data/qualys.gemspec +18 -19
- data/spec/fixtures/vcr_cassettes/api_get.yml +52 -0
- data/spec/fixtures/vcr_cassettes/create_global_report.yml +68 -0
- data/spec/fixtures/vcr_cassettes/emptyscans.yml +35 -0
- data/spec/fixtures/vcr_cassettes/get.yml +107 -0
- data/spec/fixtures/vcr_cassettes/global_report.yml +17800 -0
- data/spec/fixtures/vcr_cassettes/load_global_report.yml +625 -0
- data/spec/fixtures/vcr_cassettes/login.yml +50 -0
- data/spec/fixtures/vcr_cassettes/logout.yml +50 -0
- data/spec/fixtures/vcr_cassettes/scan.yml +73 -0
- data/spec/fixtures/vcr_cassettes/scans.yml +89 -0
- data/spec/fixtures/vcr_cassettes/templates.yml +121 -0
- data/spec/fixtures/vcr_cassettes/try_load_not_existing_report.yml +63 -0
- data/spec/fixtures/vcr_cassettes/unlogged.yml +45 -0
- data/spec/fixtures/vcr_cassettes/wrong.yml +101 -0
- data/spec/qualys/api_spec.rb +27 -0
- data/spec/qualys/report_spec.rb +65 -0
- data/spec/qualys/scans_spec.rb +75 -0
- data/spec/qualys/version_spec.rb +11 -0
- data/spec/qualys/vulnerability_spec.rb +53 -0
- data/spec/qualys_spec.rb +20 -0
- data/spec/spec_helper.rb +37 -0
- metadata +61 -15
- data/.rock.yml +0 -17
- data/lib/qualys/reports.rb +0 -47
@@ -0,0 +1,625 @@
|
|
1
|
+
---
|
2
|
+
http_interactions:
|
3
|
+
- request:
|
4
|
+
method: get
|
5
|
+
uri: https://qualysapi.qualys.eu/api/2.0/fo/report/?action=fetch&id=4888430
|
6
|
+
body:
|
7
|
+
encoding: US-ASCII
|
8
|
+
string: ''
|
9
|
+
headers:
|
10
|
+
X-Requested-With:
|
11
|
+
- Qualys Ruby Client v0.1.3
|
12
|
+
response:
|
13
|
+
status:
|
14
|
+
code: 200
|
15
|
+
message: OK
|
16
|
+
headers:
|
17
|
+
Date:
|
18
|
+
- Tue, 12 Dec 2017 10:00:00 GMT
|
19
|
+
Server:
|
20
|
+
- Qualys
|
21
|
+
X-Xss-Protection:
|
22
|
+
- '1'
|
23
|
+
X-Content-Type-Options:
|
24
|
+
- nosniff
|
25
|
+
X-Frame-Options:
|
26
|
+
- SAMEORIGIN
|
27
|
+
Expires:
|
28
|
+
- Thu, 19 Nov 1981 08:52:00 GMT
|
29
|
+
Cache-Control:
|
30
|
+
- ''
|
31
|
+
Pragma:
|
32
|
+
- ''
|
33
|
+
X-Ratelimit-Limit:
|
34
|
+
- '300'
|
35
|
+
X-Ratelimit-Window-Sec:
|
36
|
+
- '3600'
|
37
|
+
X-Concurrency-Limit-Limit:
|
38
|
+
- '2'
|
39
|
+
X-Concurrency-Limit-Running:
|
40
|
+
- '0'
|
41
|
+
X-Ratelimit-Towait-Sec:
|
42
|
+
- '0'
|
43
|
+
X-Ratelimit-Remaining:
|
44
|
+
- '292'
|
45
|
+
Content-Length:
|
46
|
+
- '55643'
|
47
|
+
Content-Disposition:
|
48
|
+
- attachment; filename=Scan_Report_Generated_by_Ruby_Qualys_gem_Thomas_20171212.xml
|
49
|
+
Content-Type:
|
50
|
+
- application/xml
|
51
|
+
body:
|
52
|
+
encoding: UTF-8
|
53
|
+
string: "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n\n<!DOCTYPE ASSET_DATA_REPORT
|
54
|
+
SYSTEM \"https://qualysguard.qualys.eu/asset_data_report.dtd\">\n<ASSET_DATA_REPORT>\n
|
55
|
+
\ <HEADER>\n <COMPANY><![CDATA[ACME]]></COMPANY>\n <USERNAME>Thomas</USERNAME>\n
|
56
|
+
\ <GENERATION_DATETIME>2017-12-12T09:55:42Z</GENERATION_DATETIME>\n <TEMPLATE><![CDATA[Technical
|
57
|
+
Report]]></TEMPLATE>\n <TARGET>\n <USER_ASSET_GROUPS>\n <ASSET_GROUP_TITLE><![CDATA[All]]></ASSET_GROUP_TITLE>\n
|
58
|
+
\ </USER_ASSET_GROUPS>\n <COMBINED_IP_LIST>\n <RANGE>\n <START>47.69.112.62</START>\n
|
59
|
+
\ <END>47.69.112.62</END>\n </RANGE>\n <RANGE>\n <START>88.78.187.177</START>\n
|
60
|
+
\ <END>88.78.187.177</END>\n </RANGE>\n <RANGE>\n <START>192.168.1.100</START>\n
|
61
|
+
\ <END>192.168.1.100</END>\n </RANGE>\n </COMBINED_IP_LIST>\n
|
62
|
+
\ </TARGET>\n <RISK_SCORE_SUMMARY>\n <TOTAL_VULNERABILITIES>19</TOTAL_VULNERABILITIES>\n
|
63
|
+
\ <AVG_SECURITY_RISK>2.4</AVG_SECURITY_RISK>\n <BUSINESS_RISK>12/100</BUSINESS_RISK>\n
|
64
|
+
\ </RISK_SCORE_SUMMARY>\n </HEADER>\n <HOST_LIST>\n <HOST>\n <IP>47.69.112.62</IP>\n
|
65
|
+
\ <TRACKING_METHOD>IP</TRACKING_METHOD>\n <DNS><![CDATA[12.ip-34-56-789.ab]]></DNS>\n
|
66
|
+
\ <OPERATING_SYSTEM><![CDATA[Ubuntu / Tiny Core Linux / Linux 2.6.x]]></OPERATING_SYSTEM>\n
|
67
|
+
\ <VULN_INFO_LIST>\n <VULN_INFO>\n <QID id=\"qid_38173\">38173</QID>\n
|
68
|
+
\ <TYPE>Vuln</TYPE>\n <PORT>25</PORT>\n <SERVICE>smtp</SERVICE>\n
|
69
|
+
\ <PROTOCOL>tcp</PROTOCOL>\n <SSL>true</SSL>\n <RESULT><![CDATA[Certificate
|
70
|
+
#0 CN=localhost.localdomain self signed certificate]]></RESULT>\n <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
|
71
|
+
\ <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n <TIMES_FOUND>1</TIMES_FOUND>\n
|
72
|
+
\ <VULN_STATUS>New</VULN_STATUS>\n </VULN_INFO>\n <VULN_INFO>\n
|
73
|
+
\ <QID id=\"qid_38685\">38685</QID>\n <TYPE>Vuln</TYPE>\n
|
74
|
+
\ <PORT>25</PORT>\n <SERVICE>smtp</SERVICE>\n <PROTOCOL>tcp</PROTOCOL>\n
|
75
|
+
\ <SSL>true</SSL>\n <RESULT><![CDATA[Certificate #0 CN=localhost.localdomain
|
76
|
+
\ is valid for more than 39 months]]></RESULT>\n <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
|
77
|
+
\ <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n <TIMES_FOUND>1</TIMES_FOUND>\n
|
78
|
+
\ <VULN_STATUS>New</VULN_STATUS>\n </VULN_INFO>\n <VULN_INFO>\n
|
79
|
+
\ <QID id=\"qid_38169\">38169</QID>\n <TYPE>Vuln</TYPE>\n
|
80
|
+
\ <PORT>25</PORT>\n <SERVICE>smtp</SERVICE>\n <PROTOCOL>tcp</PROTOCOL>\n
|
81
|
+
\ <SSL>true</SSL>\n <RESULT><![CDATA[Certificate #0 CN=localhost.localdomain
|
82
|
+
\ is a self signed certificate.]]></RESULT>\n <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
|
83
|
+
\ <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n <TIMES_FOUND>1</TIMES_FOUND>\n
|
84
|
+
\ <VULN_STATUS>New</VULN_STATUS>\n </VULN_INFO>\n <VULN_INFO>\n
|
85
|
+
\ <QID id=\"qid_38170\">38170</QID>\n <TYPE>Vuln</TYPE>\n
|
86
|
+
\ <PORT>25</PORT>\n <SERVICE>smtp</SERVICE>\n <PROTOCOL>tcp</PROTOCOL>\n
|
87
|
+
\ <SSL>true</SSL>\n <RESULT><![CDATA[Certificate #0 CN=localhost.localdomain
|
88
|
+
(localhost.localdomain) doesn't resolve]]></RESULT>\n <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
|
89
|
+
\ <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n <TIMES_FOUND>1</TIMES_FOUND>\n
|
90
|
+
\ <VULN_STATUS>New</VULN_STATUS>\n </VULN_INFO>\n <VULN_INFO>\n
|
91
|
+
\ <QID id=\"qid_38628\">38628</QID>\n <TYPE>Vuln</TYPE>\n
|
92
|
+
\ <PORT>25</PORT>\n <SERVICE>smtp</SERVICE>\n <PROTOCOL>tcp</PROTOCOL>\n
|
93
|
+
\ <SSL>true</SSL>\n <RESULT><![CDATA[TLSv1.0 is supported]]></RESULT>\n
|
94
|
+
\ <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
|
95
|
+
\ <TIMES_FOUND>1</TIMES_FOUND>\n <VULN_STATUS>New</VULN_STATUS>\n
|
96
|
+
\ </VULN_INFO>\n <VULN_INFO>\n <QID id=\"qid_38601\">38601</QID>\n
|
97
|
+
\ <TYPE>Vuln</TYPE>\n <PORT>25</PORT>\n <SERVICE>smtp</SERVICE>\n
|
98
|
+
\ <PROTOCOL>tcp</PROTOCOL>\n <SSL>true</SSL>\n <RESULT
|
99
|
+
format=\"table\"><![CDATA[CIPHER\tKEY-EXCHANGE\tAUTHENTICATION\tMAC\tENCRYPTION(KEY-STRENGTH)\tGRADE\nSSLv3
|
100
|
+
WITH RC4 CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nRC4-MD5\tRSA\tRSA\tMD5\tRC4(128)\tMEDIUM\nRC4-SHA\tRSA\tRSA\tSHA1\tRC4(128)\tMEDIUM\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nECDHE-RSA-RC4-SHA\tECDH\tRSA\tSHA1\tRC4(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nTLSv1
|
101
|
+
WITH RC4 CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nRC4-MD5\tRSA\tRSA\tMD5\tRC4(128)\tMEDIUM\nRC4-SHA\tRSA\tRSA\tSHA1\tRC4(128)\tMEDIUM\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nECDHE-RSA-RC4-SHA\tECDH\tRSA\tSHA1\tRC4(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nTLSv1.1
|
102
|
+
WITH RC4 CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nRC4-MD5\tRSA\tRSA\tMD5\tRC4(128)\tMEDIUM\nRC4-SHA\tRSA\tRSA\tSHA1\tRC4(128)\tMEDIUM\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nECDHE-RSA-RC4-SHA\tECDH\tRSA\tSHA1\tRC4(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nTLSv1.2
|
103
|
+
WITH RC4 CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nRC4-MD5\tRSA\tRSA\tMD5\tRC4(128)\tMEDIUM\nRC4-SHA\tRSA\tRSA\tSHA1\tRC4(128)\tMEDIUM\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nECDHE-RSA-RC4-SHA\tECDH\tRSA\tSHA1\tRC4(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM]]></RESULT>\n
|
104
|
+
\ <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
|
105
|
+
\ <TIMES_FOUND>1</TIMES_FOUND>\n <VULN_STATUS>New</VULN_STATUS>\n
|
106
|
+
\ </VULN_INFO>\n <VULN_INFO>\n <QID id=\"qid_38140\">38140</QID>\n
|
107
|
+
\ <TYPE>Vuln</TYPE>\n <PORT>25</PORT>\n <SERVICE>smtp</SERVICE>\n
|
108
|
+
\ <PROTOCOL>tcp</PROTOCOL>\n <SSL>true</SSL>\n <RESULT
|
109
|
+
format=\"table\"><![CDATA[CIPHER\tKEY-EXCHANGE\tAUTHENTICATION\tMAC\tENCRYPTION(KEY-STRENGTH)\tGRADE\nSSLv3
|
110
|
+
WEAK CIPHERS\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nEXP-RC2-CBC-MD5\tRSA(512)\tRSA\tMD5\tRC2(40)\tLOW\nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nTLSv1
|
111
|
+
WEAK CIPHERS\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nEXP-RC2-CBC-MD5\tRSA(512)\tRSA\tMD5\tRC2(40)\tLOW\nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nTLSv1.1
|
112
|
+
WEAK CIPHERS\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nEXP-RC2-CBC-MD5\tRSA(512)\tRSA\tMD5\tRC2(40)\tLOW\nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nTLSv1.2
|
113
|
+
WEAK CIPHERS\t \t \t \t \t \nEXP-RC4-MD5\tRSA(512)\tRSA\tMD5\tRC4(40)\tLOW\nEXP-RC2-CBC-MD5\tRSA(512)\tRSA\tMD5\tRC2(40)\tLOW\nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW]]></RESULT>\n
|
114
|
+
\ <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
|
115
|
+
\ <TIMES_FOUND>1</TIMES_FOUND>\n <VULN_STATUS>New</VULN_STATUS>\n
|
116
|
+
\ </VULN_INFO>\n <VULN_INFO>\n <QID id=\"qid_38142\">38142</QID>\n
|
117
|
+
\ <TYPE>Vuln</TYPE>\n <PORT>25</PORT>\n <SERVICE>smtp</SERVICE>\n
|
118
|
+
\ <PROTOCOL>tcp</PROTOCOL>\n <SSL>true</SSL>\n <RESULT
|
119
|
+
format=\"table\"><![CDATA[CIPHER\tKEY-EXCHANGE\tAUTHENTICATION\tMAC\tENCRYPTION(KEY-STRENGTH)\tGRADE\nSSLv3
|
120
|
+
SUPPORTS CIPHERS WITH NO AUTHENTICATION\t \t \t \t \t \nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nADH-AES128-SHA\tDH\tNone\tSHA1\tAES(128)\tMEDIUM\nADH-AES256-SHA\tDH\tNone\tSHA1\tAES(256)\tHIGH\nADH-CAMELLIA128-SHA\tDH\tNone\tSHA1\tCamellia(128)\tMEDIUM\nADH-CAMELLIA256-SHA\tDH\tNone\tSHA1\tCamellia(256)\tHIGH\nADH-SEED-SHA\tDH\tNone\tSHA1\tSEED(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nAECDH-AES128-SHA\tECDH\tNone\tSHA1\tAES(128)\tMEDIUM\nAECDH-AES256-SHA\tECDH\tNone\tSHA1\tAES(256)\tHIGH\nTLSv1
|
121
|
+
SUPPORTS CIPHERS WITH NO AUTHENTICATION\t \t \t \t \t \nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nADH-AES128-SHA\tDH\tNone\tSHA1\tAES(128)\tMEDIUM\nADH-AES256-SHA\tDH\tNone\tSHA1\tAES(256)\tHIGH\nADH-CAMELLIA128-SHA\tDH\tNone\tSHA1\tCamellia(128)\tMEDIUM\nADH-CAMELLIA256-SHA\tDH\tNone\tSHA1\tCamellia(256)\tHIGH\nADH-SEED-SHA\tDH\tNone\tSHA1\tSEED(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nAECDH-AES128-SHA\tECDH\tNone\tSHA1\tAES(128)\tMEDIUM\nAECDH-AES256-SHA\tECDH\tNone\tSHA1\tAES(256)\tHIGH\nTLSv1.1
|
122
|
+
SUPPORTS CIPHERS WITH NO AUTHENTICATION\t \t \t \t \t \nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nADH-AES128-SHA\tDH\tNone\tSHA1\tAES(128)\tMEDIUM\nADH-AES256-SHA\tDH\tNone\tSHA1\tAES(256)\tHIGH\nADH-CAMELLIA128-SHA\tDH\tNone\tSHA1\tCamellia(128)\tMEDIUM\nADH-CAMELLIA256-SHA\tDH\tNone\tSHA1\tCamellia(256)\tHIGH\nADH-SEED-SHA\tDH\tNone\tSHA1\tSEED(128)\tMEDIUM\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nAECDH-AES128-SHA\tECDH\tNone\tSHA1\tAES(128)\tMEDIUM\nAECDH-AES256-SHA\tECDH\tNone\tSHA1\tAES(256)\tHIGH\nTLSv1.2
|
123
|
+
SUPPORTS CIPHERS WITH NO AUTHENTICATION\t \t \t \t \t \nEXP-ADH-RC4-MD5\tDH(512)\tNone\tMD5\tRC4(40)\tLOW\nADH-RC4-MD5\tDH\tNone\tMD5\tRC4(128)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nADH-AES128-SHA\tDH\tNone\tSHA1\tAES(128)\tMEDIUM\nADH-AES256-SHA\tDH\tNone\tSHA1\tAES(256)\tHIGH\nADH-CAMELLIA128-SHA\tDH\tNone\tSHA1\tCamellia(128)\tMEDIUM\nADH-AES128-SHA256\tDH\tNone\tSHA256\tAES(128)\tMEDIUM\nADH-AES256-SHA256\tDH\tNone\tSHA256\tAES(256)\tHIGH\nADH-CAMELLIA256-SHA\tDH\tNone\tSHA1\tCamellia(256)\tHIGH\nADH-SEED-SHA\tDH\tNone\tSHA1\tSEED(128)\tMEDIUM\nADH-AES128-GCM-SHA256\tDH\tNone\tAEAD\tAESGCM(128)\tMEDIUM\nADH-AES256-GCM-SHA384\tDH\tNone\tAEAD\tAESGCM(256)\tHIGH\nAECDH-RC4-SHA\tECDH\tNone\tSHA1\tRC4(128)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nAECDH-AES128-SHA\tECDH\tNone\tSHA1\tAES(128)\tMEDIUM\nAECDH-AES256-SHA\tECDH\tNone\tSHA1\tAES(256)\tHIGH]]></RESULT>\n
|
124
|
+
\ <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
|
125
|
+
\ <TIMES_FOUND>1</TIMES_FOUND>\n <VULN_STATUS>New</VULN_STATUS>\n
|
126
|
+
\ </VULN_INFO>\n <VULN_INFO>\n <QID id=\"qid_38657\">38657</QID>\n
|
127
|
+
\ <TYPE>Vuln</TYPE>\n <PORT>25</PORT>\n <SERVICE>smtp</SERVICE>\n
|
128
|
+
\ <PROTOCOL>tcp</PROTOCOL>\n <SSL>true</SSL>\n <RESULT
|
129
|
+
format=\"table\"><![CDATA[CIPHER\tKEY-EXCHANGE\tAUTHENTICATION\tMAC\tENCRYPTION(KEY-STRENGTH)\tGRADE\nSSLv3
|
130
|
+
WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEDH-RSA-DES-CBC3-SHA\tDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nECDHE-RSA-DES-CBC3-SHA\tECDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nTLSv1
|
131
|
+
WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEDH-RSA-DES-CBC3-SHA\tDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nECDHE-RSA-DES-CBC3-SHA\tECDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nTLSv1.1
|
132
|
+
WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEDH-RSA-DES-CBC3-SHA\tDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nECDHE-RSA-DES-CBC3-SHA\tECDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nTLSv1.2
|
133
|
+
WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nEXP-DES-CBC-SHA\tRSA(512)\tRSA\tSHA1\tDES(40)\tLOW\nDES-CBC-SHA\tRSA\tRSA\tSHA1\tDES(56)\tLOW\nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-EDH-RSA-DES-CBC-SHA\tDH(512)\tRSA\tSHA1\tDES(40)\tLOW\nEDH-RSA-DES-CBC-SHA\tDH\tRSA\tSHA1\tDES(56)\tLOW\nEDH-RSA-DES-CBC3-SHA\tDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nEXP-ADH-DES-CBC-SHA\tDH(512)\tNone\tSHA1\tDES(40)\tLOW\nADH-DES-CBC-SHA\tDH\tNone\tSHA1\tDES(56)\tLOW\nADH-DES-CBC3-SHA\tDH\tNone\tSHA1\t3DES(168)\tMEDIUM\nECDHE-RSA-DES-CBC3-SHA\tECDH\tRSA\tSHA1\t3DES(168)\tMEDIUM\nAECDH-DES-CBC3-SHA\tECDH\tNone\tSHA1\t3DES(168)\tMEDIUM]]></RESULT>\n
|
134
|
+
\ <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
|
135
|
+
\ <TIMES_FOUND>1</TIMES_FOUND>\n <VULN_STATUS>New</VULN_STATUS>\n
|
136
|
+
\ </VULN_INFO>\n <VULN_INFO>\n <QID id=\"qid_38606\">38606</QID>\n
|
137
|
+
\ <TYPE>Vuln</TYPE>\n <PORT>25</PORT>\n <SERVICE>smtp</SERVICE>\n
|
138
|
+
\ <PROTOCOL>tcp</PROTOCOL>\n <SSL>true</SSL>\n <RESULT><![CDATA[SSLv3
|
139
|
+
is supported]]></RESULT>\n <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
|
140
|
+
\ <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n <TIMES_FOUND>1</TIMES_FOUND>\n
|
141
|
+
\ <VULN_STATUS>New</VULN_STATUS>\n </VULN_INFO>\n <VULN_INFO>\n
|
142
|
+
\ <QID id=\"qid_82003\">82003</QID>\n <TYPE>Vuln</TYPE>\n
|
143
|
+
\ <SSL>false</SSL>\n <RESULT><![CDATA[Timestamp of host (network
|
144
|
+
byte ordering): 08:05:40 GMT]]></RESULT>\n <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
|
145
|
+
\ <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n <TIMES_FOUND>1</TIMES_FOUND>\n
|
146
|
+
\ <VULN_STATUS>New</VULN_STATUS>\n </VULN_INFO>\n <VULN_INFO>\n
|
147
|
+
\ <QID id=\"qid_38603\">38603</QID>\n <TYPE>Vuln</TYPE>\n
|
148
|
+
\ <PORT>25</PORT>\n <SERVICE>smtp</SERVICE>\n <PROTOCOL>tcp</PROTOCOL>\n
|
149
|
+
\ <SSL>false</SSL>\n <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
|
150
|
+
\ <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n <TIMES_FOUND>1</TIMES_FOUND>\n
|
151
|
+
\ <VULN_STATUS>New</VULN_STATUS>\n </VULN_INFO>\n <VULN_INFO>\n
|
152
|
+
\ <QID id=\"qid_11827\">11827</QID>\n <TYPE>Vuln</TYPE>\n
|
153
|
+
\ <PORT>443</PORT>\n <SERVICE>http over ssl</SERVICE>\n <PROTOCOL>tcp</PROTOCOL>\n
|
154
|
+
\ <SSL>false</SSL>\n <RESULT><![CDATA[X-Frame-Options or
|
155
|
+
Content-Security-Policy: frame-ancestors HTTP Headers missing on port 443.\nGET
|
156
|
+
/ HTTP/1.1\nHost: 12.ip-34-56-789.ab\nConnection: Keep-Alive\n\n\n\nX-XSS-Protection
|
157
|
+
HTTP Header missing on port 443.\nX-Content-Type-Options HTTP Header missing
|
158
|
+
on port 443.\nContent-Security-Policy HTTP Header missing on port 443.\nStrict-Transport-Security
|
159
|
+
HTTP Header missing on port 443.]]></RESULT>\n <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
|
160
|
+
\ <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n <TIMES_FOUND>1</TIMES_FOUND>\n
|
161
|
+
\ <VULN_STATUS>New</VULN_STATUS>\n </VULN_INFO>\n <VULN_INFO>\n
|
162
|
+
\ <QID id=\"qid_11827\">11827</QID>\n <TYPE>Vuln</TYPE>\n
|
163
|
+
\ <PORT>80</PORT>\n <SERVICE>http</SERVICE>\n <PROTOCOL>tcp</PROTOCOL>\n
|
164
|
+
\ <SSL>false</SSL>\n <RESULT><![CDATA[X-Frame-Options or
|
165
|
+
Content-Security-Policy: frame-ancestors HTTP Headers missing on port 80.\nGET
|
166
|
+
/ HTTP/1.1\nHost: 12.ip-34-56-789.ab\nConnection: Keep-Alive\n\n\n\nX-XSS-Protection
|
167
|
+
HTTP Header missing on port 80.\nX-Content-Type-Options HTTP Header missing
|
168
|
+
on port 80.\nContent-Security-Policy HTTP Header missing on port 80.]]></RESULT>\n
|
169
|
+
\ <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
|
170
|
+
\ <TIMES_FOUND>1</TIMES_FOUND>\n <VULN_STATUS>New</VULN_STATUS>\n
|
171
|
+
\ </VULN_INFO>\n <VULN_INFO>\n <QID id=\"qid_38628\">38628</QID>\n
|
172
|
+
\ <TYPE>Vuln</TYPE>\n <PORT>443</PORT>\n <SERVICE>http
|
173
|
+
over ssl</SERVICE>\n <PROTOCOL>tcp</PROTOCOL>\n <SSL>true</SSL>\n
|
174
|
+
\ <RESULT><![CDATA[TLSv1.0 is supported]]></RESULT>\n <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n
|
175
|
+
\ <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n <TIMES_FOUND>1</TIMES_FOUND>\n
|
176
|
+
\ <VULN_STATUS>New</VULN_STATUS>\n </VULN_INFO>\n <VULN_INFO>\n
|
177
|
+
\ <QID id=\"qid_38657\">38657</QID>\n <TYPE>Vuln</TYPE>\n
|
178
|
+
\ <PORT>443</PORT>\n <SERVICE>http over ssl</SERVICE>\n <PROTOCOL>tcp</PROTOCOL>\n
|
179
|
+
\ <SSL>true</SSL>\n <RESULT format=\"table\"><![CDATA[CIPHER\tKEY-EXCHANGE\tAUTHENTICATION\tMAC\tENCRYPTION(KEY-STRENGTH)\tGRADE\nTLSv1
|
180
|
+
WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM\nTLSv1.1
|
181
|
+
WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM\nTLSv1.2
|
182
|
+
WITH DES/3DES CIPHERs IS SUPPORTED\t \t \t \t \t \nDES-CBC3-SHA\tRSA\tRSA\tSHA1\t3DES(168)\tMEDIUM]]></RESULT>\n
|
183
|
+
\ <FIRST_FOUND>2017-12-07T08:12:19Z</FIRST_FOUND>\n <LAST_FOUND>2017-12-07T08:12:19Z</LAST_FOUND>\n
|
184
|
+
\ <TIMES_FOUND>1</TIMES_FOUND>\n <VULN_STATUS>New</VULN_STATUS>\n
|
185
|
+
\ </VULN_INFO>\n </VULN_INFO_LIST>\n </HOST>\n <HOST>\n <IP>88.78.187.177</IP>\n
|
186
|
+
\ <TRACKING_METHOD>IP</TRACKING_METHOD>\n <DNS><![CDATA[ip123.ip-45-67-891.eu]]></DNS>\n
|
187
|
+
\ <OPERATING_SYSTEM><![CDATA[Ubuntu / Fedora / Tiny Core Linux / Linux
|
188
|
+
3.x]]></OPERATING_SYSTEM>\n <VULN_INFO_LIST>\n <VULN_INFO>\n <QID
|
189
|
+
id=\"qid_11827\">11827</QID>\n <TYPE>Vuln</TYPE>\n <PORT>80</PORT>\n
|
190
|
+
\ <SERVICE>http</SERVICE>\n <PROTOCOL>tcp</PROTOCOL>\n <SSL>false</SSL>\n
|
191
|
+
\ <RESULT><![CDATA[Content-Security-Policy HTTP Header missing on
|
192
|
+
port 80.\nGET / HTTP/1.1\nHost: ip123.ip-45-67-891.eu\nConnection: Keep-Alive]]></RESULT>\n
|
193
|
+
\ <FIRST_FOUND>2017-12-05T09:48:50Z</FIRST_FOUND>\n <LAST_FOUND>2017-12-05T09:48:50Z</LAST_FOUND>\n
|
194
|
+
\ <TIMES_FOUND>1</TIMES_FOUND>\n <VULN_STATUS>New</VULN_STATUS>\n
|
195
|
+
\ </VULN_INFO>\n <VULN_INFO>\n <QID id=\"qid_11827\">11827</QID>\n
|
196
|
+
\ <TYPE>Vuln</TYPE>\n <PORT>443</PORT>\n <SERVICE>http
|
197
|
+
over ssl</SERVICE>\n <PROTOCOL>tcp</PROTOCOL>\n <SSL>false</SSL>\n
|
198
|
+
\ <RESULT><![CDATA[Content-Security-Policy HTTP Header missing on
|
199
|
+
port 443.\nGET / HTTP/1.1\nHost: ip123.ip-45-67-891.eu\nConnection: Keep-Alive]]></RESULT>\n
|
200
|
+
\ <FIRST_FOUND>2017-12-05T09:48:50Z</FIRST_FOUND>\n <LAST_FOUND>2017-12-05T09:48:50Z</LAST_FOUND>\n
|
201
|
+
\ <TIMES_FOUND>1</TIMES_FOUND>\n <VULN_STATUS>New</VULN_STATUS>\n
|
202
|
+
\ </VULN_INFO>\n <VULN_INFO>\n <QID id=\"qid_38628\">38628</QID>\n
|
203
|
+
\ <TYPE>Vuln</TYPE>\n <PORT>443</PORT>\n <SERVICE>http
|
204
|
+
over ssl</SERVICE>\n <PROTOCOL>tcp</PROTOCOL>\n <SSL>true</SSL>\n
|
205
|
+
\ <RESULT><![CDATA[TLSv1.0 is supported]]></RESULT>\n <FIRST_FOUND>2017-12-05T09:48:50Z</FIRST_FOUND>\n
|
206
|
+
\ <LAST_FOUND>2017-12-05T09:48:50Z</LAST_FOUND>\n <TIMES_FOUND>1</TIMES_FOUND>\n
|
207
|
+
\ <VULN_STATUS>New</VULN_STATUS>\n </VULN_INFO>\n </VULN_INFO_LIST>\n
|
208
|
+
\ </HOST>\n </HOST_LIST>\n <GLOSSARY>\n <VULN_DETAILS_LIST>\n <VULN_DETAILS
|
209
|
+
id=\"qid_11827\">\n <QID id=\"qid_11827\">11827</QID>\n <TITLE><![CDATA[HTTP
|
210
|
+
Security Header Not Detected]]></TITLE>\n <SEVERITY>2</SEVERITY>\n
|
211
|
+
\ <CATEGORY>CGI</CATEGORY>\n <THREAT><![CDATA[This QID reports
|
212
|
+
the absence of the following <A HREF=\"https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers\"
|
213
|
+
TARGET=\"_blank\">HTTP headers</A> according to <A HREF=\"https://cwe.mitre.org/data/definitions/693.html\"
|
214
|
+
TARGET=\"_blank\">CWE-693: Protection Mechanism Failure</A>:<BR>\nX-Frame-Options:
|
215
|
+
This HTTP response header improves the protection of web applications against
|
216
|
+
clickjacking attacks. Clickjacking, also known as a "UI redress attack",
|
217
|
+
allows an attacker to use multiple transparent or opaque layers to trick a
|
218
|
+
targeted user into clicking on a button or link on another page when they
|
219
|
+
were intending to click on the the top level page. <BR>\nX-XSS-Protection:
|
220
|
+
This HTTP header enables the browser built-in Cross-Site Scripting (XSS) filter
|
221
|
+
to prevent cross-site scripting attacks. X-XSS-Protection: 0; disables this
|
222
|
+
functionality.<BR>\nX-Content-Type-Options: This HTTP header prevents attacks
|
223
|
+
based on MIME-type mismatch. The only possible value is nosniff. If your server
|
224
|
+
returns X-Content-Type-Options: nosniff in the response, the browser will
|
225
|
+
refuse to load the styles and scripts in case they have an incorrect MIME-type.
|
226
|
+
<BR>\nContent-Security-Policy: This HTTP header helps to detect and mitigate
|
227
|
+
certain types of attacks, including Cross Site Scripting (XSS), packet sniffing
|
228
|
+
attacks and data injection attacks.<BR>\nStrict-Transport-Security: The HTTP
|
229
|
+
Strict-Transport-Security response header (HSTS) is a security feature that
|
230
|
+
lets a web site tell browsers that it should only be communicated with using
|
231
|
+
HTTPS, instead of using HTTP.<P>\nQID Detection Logic:<BR>\nThis unauthenticated
|
232
|
+
QID looks for the presence of the following HTTP responses:<BR>\nValid directives
|
233
|
+
for X-Frame-Options are:<BR>\nX-Frame-Options: DENY - The page cannot be displayed
|
234
|
+
in a frame, regardless of the site attempting to do so.<BR>\nX-Frame-Options:
|
235
|
+
SAMEORIGIN - The page can only be displayed in a frame on the same origin
|
236
|
+
as the page itself.<BR>\nX-Frame-Options: ALLOW-FROM RESOURCE-URL - The page
|
237
|
+
can only be displayed in a frame on the specified origin.<P>\nContent-Security-Policy:
|
238
|
+
frame-ancestors - This directive specifies valid parents that may embed a
|
239
|
+
page using frame, iframe, object, embed, or applet\nValid directives for X-XSS-Protections
|
240
|
+
are:<BR>\nX-XSS-Protection: 1 - Enables XSS filtering (usually default in
|
241
|
+
browsers). If a cross-site scripting attack is detected, the browser will
|
242
|
+
sanitize the page (remove the unsafe parts).<BR>\nX-XSS-Protection: 1; mode=block
|
243
|
+
- Enables XSS filtering. Rather than sanitizing the page, the browser will
|
244
|
+
prevent rendering of the page if an attack is detected.<BR>\nX-XSS-Protection:
|
245
|
+
1; report=URI - Enables XSS filtering. If a cross-site scripting attack is
|
246
|
+
detected, the browser will sanitize the page and report the violation. This
|
247
|
+
uses the functionality of the CSP report-uri directive to send a report.<BR>\nX-XSS-Protection:
|
248
|
+
0 disables this directive and hence is also treated as not detected.<P>\nA
|
249
|
+
valid directive for X-Content-Type-Options: nosniff<P>\nA valid directive
|
250
|
+
for Content-Security-Policy: <policy-directive>; <policy-directive><P>\nA
|
251
|
+
valid HSTS directive Strict-Transport-Security: max-age=<expire-time>;
|
252
|
+
[; includeSubDomains][; preload]<P>\n<B>NOTE:</B> All report-only directives
|
253
|
+
(where applicable) are considered invalid.]]></THREAT>\n <IMPACT><![CDATA[Depending
|
254
|
+
on the vulnerability being exploited, an unauthenticated remote attacker could
|
255
|
+
conduct cross-site scripting, clickjacking or MIME-type sniffing attacks.]]></IMPACT>\n
|
256
|
+
\ <SOLUTION><![CDATA[CWE-693: Protection Mechanism Failure mentions
|
257
|
+
the following - The product does not use or incorrectly uses a protection
|
258
|
+
mechanism that provides sufficient defense against directed attacks against
|
259
|
+
the product. A "missing" protection mechanism occurs when the application
|
260
|
+
does not define any mechanism against a certain class of attack. An "insufficient"
|
261
|
+
protection mechanism might provide some defenses - for example, against the
|
262
|
+
most common attacks - but it does not protect against everything that is intended.
|
263
|
+
Finally, an "ignored" mechanism occurs when a mechanism is available
|
264
|
+
and in active use within the product, but the developer has not applied it
|
265
|
+
in some code path.<P>\nCustomers are advised to set proper <A HREF=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options\"
|
266
|
+
TARGET=\"_blank\">X-Frame-Options</A>, <A HREF=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection\"
|
267
|
+
TARGET=\"_blank\">X-XSS-Protection</A>, <A HREF=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP\"
|
268
|
+
TARGET=\"_blank\">Content Security Policy</A>, <A HREF=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options\"
|
269
|
+
TARGET=\"_blank\">X-Content-Type-Options</A> and <A HREF=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security\"
|
270
|
+
TARGET=\"_blank\">Strict-Transport-Security</A> HTTP response headers.<P>\nDepending
|
271
|
+
on their server software, customers can set directives in their site configuration
|
272
|
+
or Web.config files. Few examples are:<P>\nX-Frame-Options:<BR>\nApache: Header
|
273
|
+
always append X-Frame-Options SAMEORIGIN<BR>\nnginx: add_header X-Frame-Options
|
274
|
+
SAMEORIGIN;<BR>\nHAProxy: rspadd X-Frame-Options:\\ SAMEORIGIN<BR>\nIIS: <HTTPPROTOCOL><CUSTOMHEADERS><ADD
|
275
|
+
NAME="X-Frame-Options" VALUE="SAMEORIGIN"></ADD></CUSTOMHEADERS></HTTPPROTOCOL><P>\nX-XSS-Protection:<BR>\nApache:
|
276
|
+
Header always set X-XSS-Protection "1; mode=block" <BR>\nPHP: header("X-XSS-Protection:
|
277
|
+
1; mode=block");<P>\nX-Content-Type-Options:<BR>\nApache: Header always
|
278
|
+
set X-Content-Type-Options: nosniff<P>\nContent-Security-Policy: (Please note
|
279
|
+
that these values may differ from website to website. The values below are
|
280
|
+
for informational purposes only. The scanner simply looks for the presence
|
281
|
+
of the security header.)<BR>\nApache: Header set Content-Security-Policy "script-src
|
282
|
+
'self'; object-src 'self'"<BR>\nIIS: <SYSTEM.WEBSERVER><HTTPPROTOCOL><CUSTOMHEADERS><ADD
|
283
|
+
NAME="Content-Security-Policy" VALUE="default-src 'self';"></ADD></CUSTOMHEADERS></HTTPPROTOCOL></SYSTEM.WEBSERVER><BR>\nnginx:
|
284
|
+
add_header Content-Security-Policy "default-src 'self'; script-src 'self';<P>\nHTTP
|
285
|
+
Strict-Transport-Security:<BR>\nApache: Header always set Strict-Transport-Security
|
286
|
+
"max-age=31536000; includeSubDomains"<BR>\nNginx: add_header Strict-Transport-Security
|
287
|
+
max-age=31536000;]]></SOLUTION>\n <PCI_FLAG>1</PCI_FLAG>\n <LAST_UPDATE>2017-11-09T00:47:11Z</LAST_UPDATE>\n
|
288
|
+
\ </VULN_DETAILS>\n <VULN_DETAILS id=\"qid_38140\">\n <QID
|
289
|
+
id=\"qid_38140\">38140</QID>\n <TITLE><![CDATA[SSL Server Supports
|
290
|
+
Weak Encryption Vulnerability]]></TITLE>\n <SEVERITY>3</SEVERITY>\n
|
291
|
+
\ <CATEGORY>General remote services</CATEGORY>\n <THREAT><![CDATA[The
|
292
|
+
Secure Socket Layer (SSL) protocol allows for secure communication between
|
293
|
+
a client and a server.\n<P>\nSSL encryption ciphers are classified based on
|
294
|
+
encryption key length as follows:<BR>\n<UL>\n<LI>HIGH - key length larger
|
295
|
+
than 128 bits\n<LI>MEDIUM - key length equal to 128 bits\n<LI>LOW - key length
|
296
|
+
smaller than 128 bits\n</UL>\n<P>\nMessages encrypted with LOW encryption
|
297
|
+
ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM
|
298
|
+
or HIGH strength ciphers to guarantee transaction security.\n<P>\nThe following
|
299
|
+
link provides more information about this vulnerability:\n<UL>\n<LI><A HREF=\"http://www.schneier.com/paper-ssl-revised.pdf\"
|
300
|
+
TARGET=\"_blank\">Analysis of the SSL 3.0 protocol</A>\n</UL>\n<P>\nPlease
|
301
|
+
note that this detection only checks for weak cipher support at the SSL layer.
|
302
|
+
Some servers may implement additional protection at the data layer. For example,
|
303
|
+
some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation
|
304
|
+
to complete but send back an error message and abort further communication
|
305
|
+
on the secure channel. This vulnerability may not be exploitable for such
|
306
|
+
configurations.]]></THREAT>\n <IMPACT><![CDATA[An attacker can exploit
|
307
|
+
this vulnerability to decrypt secure communications without authorization.]]></IMPACT>\n
|
308
|
+
\ <SOLUTION><![CDATA[Disable support for LOW encryption ciphers.<P>\n<B>Apache</B>\n<BR>
|
309
|
+
If TLSv1.1 or TLSv1.2 are available, then those protocols should be used.\n<BR>SSLProtocol
|
310
|
+
TLSv1.1 TLSv1.2<BR>\nIf TLSv1.1 and TLSv1.2 are not available then only TLS1.0
|
311
|
+
should be used:\n<BR>SSLProtocol TLSv1\n<BR>Typically, for Apache/mod_ssl,
|
312
|
+
httpd.conf or ssl.conf should have the following lines:<BR>\nSSLCipherSuite
|
313
|
+
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM<BR><BR>\nFor Apache/apache_ssl
|
314
|
+
include the following line in the configuration file (httpsd.conf):<BR>\nSSLRequireCipher
|
315
|
+
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM<BR><P>\n\n<B>Tomcat</B>\n<BR>\nsslProtocol="SSLv3"
|
316
|
+
\ \n<BR>ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W\n<BR>ITH_3DES_EDE_CBC_SHA"\n<BR><P>\n<B>IIS</B>\n<BR>\n<A
|
317
|
+
HREF=\"http://support.microsoft.com/default.aspx?scid=kb;EN-US;245030\" TARGET=\"_blank\">How
|
318
|
+
to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll</A>
|
319
|
+
(Windows restart required)\n<BR><A HREF=\"http://support.microsoft.com/default.aspx?scid=kb;en-us;187498\"
|
320
|
+
TARGET=\"_blank\">How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in
|
321
|
+
Internet Information Services</A> (Windows restart required)\n<BR><A HREF=\"http://www.microsoft.com/technet/security/prodtech/IIS.mspx\"
|
322
|
+
TARGET=\"_blank\">Security Guidance for IIS</A>\n<P>For Novell Netware 6.5
|
323
|
+
please refer to the following document \n<A HREF=\"http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm\"
|
324
|
+
TARGET=\"_blank\">SSL Allows the use of Weak Ciphers. -TID10100633 </A>]]></SOLUTION>\n
|
325
|
+
\ <PCI_FLAG>1</PCI_FLAG>\n <LAST_UPDATE>2015-01-20T19:50:33Z</LAST_UPDATE>\n
|
326
|
+
\ </VULN_DETAILS>\n <VULN_DETAILS id=\"qid_38142\">\n <QID
|
327
|
+
id=\"qid_38142\">38142</QID>\n <TITLE><![CDATA[SSL Server Allows Anonymous
|
328
|
+
Authentication Vulnerability]]></TITLE>\n <SEVERITY>4</SEVERITY>\n
|
329
|
+
\ <CATEGORY>General remote services</CATEGORY>\n <THREAT><![CDATA[The
|
330
|
+
Secure Socket Layer (SSL) protocol allows for secure communication between
|
331
|
+
a client and a server. The client usually authenticates the server using an
|
332
|
+
algorithm like RSA or DSS. Some SSL ciphers allow SSL communication without
|
333
|
+
authentication. Most common Web browsers like Microsoft Internet Explorer,
|
334
|
+
Netscape and Mozilla do not use anonymous authentication ciphers by default.\n\n<P>A
|
335
|
+
vulnerability exists in SSL communications when clients are allowed to connect\nusing
|
336
|
+
no authentication algorithm. SSL client-server communication may use several
|
337
|
+
different types of\nauthentication: RSA, Diffie-Hellman, DSS or none. When
|
338
|
+
'none' is used, the\ncommunications are vulnerable to a man-in-the-middle
|
339
|
+
attack."]]></THREAT>\n <IMPACT><![CDATA[An attacker can exploit
|
340
|
+
this vulnerability to impersonate your server to clients.]]></IMPACT>\n <SOLUTION><![CDATA[Disable
|
341
|
+
support for anonymous authentication.<P>\n<B>1) How to disable for Apache:</B>\n<BR>Typically,
|
342
|
+
for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:<BR>\nSSLProtocol
|
343
|
+
-ALL +SSLv3 +TLSv1<BR>\nSSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM<BR><BR>\nFor
|
344
|
+
Apache/apache_ssl include the following line in the configuration file (httpsd.conf):<BR>\nSSLRequireCipher
|
345
|
+
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM<BR>\n<P><B>2) IIS:</B>\n<BR>For
|
346
|
+
IIS please see: <A HREF=\"http://support.microsoft.com/kb/187498/en-us\" TARGET=\"_blank\">How
|
347
|
+
to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services</A>,
|
348
|
+
<A HREF=\"http://support.microsoft.com/kb/245030/en-us\" TARGET=\"_blank\">How
|
349
|
+
to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll</A>,
|
350
|
+
<A HREF=\"http://support.microsoft.com/kb/299520/en-us\" TARGET=\"_blank\">How
|
351
|
+
to Determine the Cipher Suite for the Server and Client</A>, , and <A HREF=\"http://support.microsoft.com/kb/241447\"
|
352
|
+
TARGET=\"_blank\">How to restrict the use of certain ciphers in Internet Information
|
353
|
+
Services 5.0</A>\n<P>\n<B>3) Wu-FTP:</B>\nFor Wu-FTP which supports TLS, the
|
354
|
+
ciphers parameter in TLS configuration file should be set to -ALL +SSLv3 +TLSv1<BR>
|
355
|
+
For more details please consult the docs/HOWTO/ssl_and_tls_ftpd.HOWTO file
|
356
|
+
provided by wu-ftpd distribution.\n<P>\n<B>4) Lighttpd:</B>\nFor lighttpd:
|
357
|
+
Locate the lighttpd config file and modify the following ssl.ciper-list line
|
358
|
+
to include !aNULL. A restart of the lightttpd application is necessary.<BR>\nExample:
|
359
|
+
ssl.cipher-list = "TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH"\n\n<P>\n<B>It
|
360
|
+
is recommended that you follow SSL best security practices:</B>\n<BR><A HREF=\"https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices\"
|
361
|
+
TARGET=\"_blank\">SSL and TLS Deployment Best Practices</A>\n<BR><A HREF=\"http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-1/ssl.html\"
|
362
|
+
TARGET=\"_blank\">http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-1/ssl.html</A>\n<BR><A
|
363
|
+
HREF=\"http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite\"
|
364
|
+
TARGET=\"_blank\">http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite</A>\n<BR><A
|
365
|
+
HREF=\"http://www.megasecurity.org/Info/ssl_servers.html\" TARGET=\"_blank\">http://www.megasecurity.org/Info/ssl_servers.html</A><P>]]></SOLUTION>\n
|
366
|
+
\ <PCI_FLAG>1</PCI_FLAG>\n <LAST_UPDATE>2017-03-17T00:12:11Z</LAST_UPDATE>\n
|
367
|
+
\ </VULN_DETAILS>\n <VULN_DETAILS id=\"qid_38169\">\n <QID
|
368
|
+
id=\"qid_38169\">38169</QID>\n <TITLE><![CDATA[SSL Certificate - Self-Signed
|
369
|
+
Certificate]]></TITLE>\n <SEVERITY>2</SEVERITY>\n <CATEGORY>General
|
370
|
+
remote services</CATEGORY>\n <THREAT><![CDATA[An SSL Certificate associates
|
371
|
+
an entity (person, organization, host, etc.) with a Public Key. In an SSL
|
372
|
+
connection, the client authenticates the remote server using the server's
|
373
|
+
Certificate and extracts the Public Key in the Certificate to establish the
|
374
|
+
secure connection.\n<P>\nThe client can trust that the Server Certificate
|
375
|
+
belongs the server only if it is signed by a mutually trusted third-party
|
376
|
+
Certificate Authority (CA). Self-signed certificates are created generally
|
377
|
+
for testing purposes or to avoid paying third-party CAs. These should not
|
378
|
+
be used on any production or critical servers.\n<P>\nBy exploiting this vulnerability,
|
379
|
+
an attacker can impersonate the server by presenting a fake self-signed certificate.
|
380
|
+
If the client knows that the server does not have a trusted certificate, it
|
381
|
+
will accept this spoofed certificate and communicate with the remote server.]]></THREAT>\n
|
382
|
+
\ <IMPACT><![CDATA[By exploiting this vulnerability, an attacker can
|
383
|
+
launch a man-in-the-middle attack.]]></IMPACT>\n <SOLUTION><![CDATA[Please
|
384
|
+
install a server certificate signed by a trusted third-party Certificate Authority.]]></SOLUTION>\n
|
385
|
+
\ <PCI_FLAG>1</PCI_FLAG>\n <LAST_UPDATE>2009-05-25T03:59:26Z</LAST_UPDATE>\n
|
386
|
+
\ </VULN_DETAILS>\n <VULN_DETAILS id=\"qid_38170\">\n <QID
|
387
|
+
id=\"qid_38170\">38170</QID>\n <TITLE><![CDATA[SSL Certificate - Subject
|
388
|
+
Common Name Does Not Match Server FQDN]]></TITLE>\n <SEVERITY>2</SEVERITY>\n
|
389
|
+
\ <CATEGORY>General remote services</CATEGORY>\n <THREAT><![CDATA[An
|
390
|
+
SSL Certificate associates an entity (person, organization, host, etc.) with
|
391
|
+
a Public Key. In an SSL connection, the client authenticates the remote server
|
392
|
+
using the server's Certificate and extracts the Public Key in the Certificate
|
393
|
+
to establish the secure connection.\n<P>\nA certificate whose Subject commonName
|
394
|
+
or subjectAltName does not match the server FQDN offers only encryption without
|
395
|
+
authentication.\n<P>\nPlease note that a false positive reporting of this
|
396
|
+
vulnerability is possible in the following case:\n<UL>If the common name of
|
397
|
+
the certificate uses a wildcard such as *.somedomainname.com and the reverse
|
398
|
+
DNS resolution of the target IP is not configured. In this case there is no
|
399
|
+
way for Qualys to associate the wildcard common name to the IP. Adding a reverse
|
400
|
+
DNS lookup entry to the target IP will solve this problem.\n</UL>]]></THREAT>\n
|
401
|
+
\ <IMPACT><![CDATA[A man-in-the-middle attacker can exploit this vulnerability
|
402
|
+
in tandem with a DNS cache poisoning attack to lure the client to another
|
403
|
+
server, and then steal all the encryption communication.]]></IMPACT>\n <SOLUTION><![CDATA[Please
|
404
|
+
install a server certificate whose Subject commonName or subjectAltName matches
|
405
|
+
the server FQDN.]]></SOLUTION>\n <PCI_FLAG>0</PCI_FLAG>\n <LAST_UPDATE>2015-08-12T17:39:01Z</LAST_UPDATE>\n
|
406
|
+
\ </VULN_DETAILS>\n <VULN_DETAILS id=\"qid_38173\">\n <QID
|
407
|
+
id=\"qid_38173\">38173</QID>\n <TITLE><![CDATA[SSL Certificate - Signature
|
408
|
+
Verification Failed Vulnerability]]></TITLE>\n <SEVERITY>2</SEVERITY>\n
|
409
|
+
\ <CATEGORY>General remote services</CATEGORY>\n <THREAT><![CDATA[An
|
410
|
+
SSL Certificate associates an entity (person, organization, host, etc.) with
|
411
|
+
a Public Key. In an SSL connection, the client authenticates the remote server
|
412
|
+
using the server's Certificate and extracts the Public Key in the Certificate
|
413
|
+
to establish the secure connection. The authentication is done by verifying
|
414
|
+
that the public key in the certificate is signed by a trusted third-party
|
415
|
+
Certificate Authority.\n<P>\nIf a client is unable to verify the certificate,
|
416
|
+
it can abort communication or prompt the user to continue the communication
|
417
|
+
without authentication.]]></THREAT>\n <IMPACT><![CDATA[By exploiting
|
418
|
+
this vulnerability, man-in-the-middle attacks in tandem with DNS cache poisoning
|
419
|
+
can occur.\n<P>\nException:<BR>\nIf the server communicates only with a restricted
|
420
|
+
set of clients who have the server certificate or the trusted CA certificate,
|
421
|
+
then the server or CA certificate may not be available publicly, and the scan
|
422
|
+
will be unable to verify the signature.]]></IMPACT>\n <SOLUTION><![CDATA[Please
|
423
|
+
install a server certificate signed by a trusted third-party Certificate Authority.]]></SOLUTION>\n
|
424
|
+
\ <PCI_FLAG>1</PCI_FLAG>\n <LAST_UPDATE>2009-05-23T00:02:29Z</LAST_UPDATE>\n
|
425
|
+
\ </VULN_DETAILS>\n <VULN_DETAILS id=\"qid_38601\">\n <QID
|
426
|
+
id=\"qid_38601\">38601</QID>\n <TITLE><![CDATA[SSL/TLS use of weak
|
427
|
+
RC4 cipher]]></TITLE>\n <SEVERITY>3</SEVERITY>\n <CATEGORY>General
|
428
|
+
remote services</CATEGORY>\n <THREAT><![CDATA[Secure Sockets Layer
|
429
|
+
(SSL v2/v3) and Transport Layer Security (TLS ) protocols provide integrity,
|
430
|
+
confidentiality and authenticity services to other protocols that lack these
|
431
|
+
features.\n<P>\nSSL/TLS protocols use ciphers such as AES,DES, 3DES and RC4
|
432
|
+
to encrypt the content of the higher layer protocols and thus provide the
|
433
|
+
confidentiality service. Normally the output of an encryption process is a
|
434
|
+
sequence of random looking bytes. It was known that RC4 output has some bias
|
435
|
+
in the output. Recently a group of researchers has discovered that the there
|
436
|
+
is a stronger bias in RC4, which make statistical analysis of ciphertext more
|
437
|
+
practical.\n<P>\nThe described attack is to inject a malicious javascript
|
438
|
+
into the victim's browser that would ensure that there are multiple connections
|
439
|
+
being established with a target website and the same HTTP cookie is sent multiple
|
440
|
+
times to the website in encrypted form. This provides the attacker a large
|
441
|
+
set of ciphertext samples, that can be used for statistical analysis.\n\n<P>NOTE:
|
442
|
+
On 3/12/15 NVD changed the CVSS v2 access complicity from high to medium.
|
443
|
+
As a result Qualys revised the CVSS score to 4.3 immediately. On 5/4/15 Qualys
|
444
|
+
is also revising the severity to level 3.]]></THREAT>\n <IMPACT><![CDATA[If
|
445
|
+
this attack is carried out and an HTTP cookie is recovered, then the attacker
|
446
|
+
can use the cookie to impersonate the user whose cookie was recovered.\n<P>\nThis
|
447
|
+
attack is not very practical as it requires the attacker to have access to
|
448
|
+
millions of samples of ciphertext, but there are certain assumptions that
|
449
|
+
an attacker can make to improve the chances of recovering the cleartext from
|
450
|
+
cihpertext. For examples HTTP cookies are either base64 encoded or hex digits.
|
451
|
+
This information can help the attacker in their efforts to recover the cookie.]]></IMPACT>\n
|
452
|
+
\ <SOLUTION><![CDATA[RC4 should not be used where possible. One reason
|
453
|
+
that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode
|
454
|
+
ciphers in SSL and TLS. However, TLSv 1.2 or later address these issues.]]></SOLUTION>\n
|
455
|
+
\ <PCI_FLAG>0</PCI_FLAG>\n <LAST_UPDATE>2016-01-29T19:32:26Z</LAST_UPDATE>\n
|
456
|
+
\ <CVE_ID_LIST>\n <CVE_ID>\n <ID><![CDATA[CVE-2013-2566]]></ID>\n
|
457
|
+
\ <URL><![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2566]]></URL>\n
|
458
|
+
\ </CVE_ID>\n <CVE_ID>\n <ID><![CDATA[CVE-2015-2808]]></ID>\n
|
459
|
+
\ <URL><![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808]]></URL>\n
|
460
|
+
\ </CVE_ID>\n </CVE_ID_LIST>\n <BUGTRAQ_ID_LIST>\n <BUGTRAQ_ID>\n
|
461
|
+
\ <ID><![CDATA[91787]]></ID>\n <URL><![CDATA[http://www.securityfocus.com/bid/91787]]></URL>\n
|
462
|
+
\ </BUGTRAQ_ID>\n <BUGTRAQ_ID>\n <ID><![CDATA[58796]]></ID>\n
|
463
|
+
\ <URL><![CDATA[http://www.securityfocus.com/bid/58796]]></URL>\n
|
464
|
+
\ </BUGTRAQ_ID>\n <BUGTRAQ_ID>\n <ID><![CDATA[73684]]></ID>\n
|
465
|
+
\ <URL><![CDATA[http://www.securityfocus.com/bid/73684]]></URL>\n
|
466
|
+
\ </BUGTRAQ_ID>\n </BUGTRAQ_ID_LIST>\n </VULN_DETAILS>\n
|
467
|
+
\ <VULN_DETAILS id=\"qid_38603\">\n <QID id=\"qid_38603\">38603</QID>\n
|
468
|
+
\ <TITLE><![CDATA[SSLv3 Padding Oracle Attack Information Disclosure
|
469
|
+
Vulnerability (POODLE)]]></TITLE>\n <SEVERITY>3</SEVERITY>\n <CATEGORY>General
|
470
|
+
remote services</CATEGORY>\n <THREAT><![CDATA[The SSL protocol 3.0
|
471
|
+
design error, uses nondeterministic CBC padding, which makes it easier for
|
472
|
+
man-in-the-middle attacks. \n<P>\nThe target supports SSLv3, which makes it
|
473
|
+
vulnerable to POODLE (Padding Oracle On Downgraded Legacy Encryption), even
|
474
|
+
if it also supports more recent versions of TLS. It's subject to a downgrade
|
475
|
+
attack, in which the attacker tricks the browser into connecting with SSLv3.]]></THREAT>\n
|
476
|
+
\ <IMPACT><![CDATA[An attacker who can take a man-in-the-middle (MitM)
|
477
|
+
position can exploit this vulnerability and gain access to encrypted communication
|
478
|
+
between a client and server.]]></IMPACT>\n <SOLUTION><![CDATA[Disable
|
479
|
+
SSLv3 support to avoid this vulnerability.<P>\nExamples to disable SSLv3.<BR>\nnginx:
|
480
|
+
list specific allowed protocols in the "ssl_protocols" line. Make
|
481
|
+
sure SSLv2 and SSLv3 is not listed. For example: ssl_protocols TLSv2 TLSv1.1
|
482
|
+
TLSv1.2;<BR>\nApache: Add -SSLv3 to the "SSLProtocol" line. <BR>\n<A
|
483
|
+
HREF=\"https://support.microsoft.com/kb/187498/en-us\" TARGET=\"_blank\">How
|
484
|
+
to disable SSL 3.0 on Microsoft IIS</A>.\n<P>For PCI, please refer to the
|
485
|
+
Qualys <A HREF=\"https://community.qualys.com/thread/15280\" TARGET=\"_blank\">community
|
486
|
+
article</A>.]]></SOLUTION>\n <CORRELATION>\n <EXPLOITABILITY>\n
|
487
|
+
\ <EXPLT_SRC>\n <SRC_NAME><![CDATA[Metasploit]]></SRC_NAME>\n
|
488
|
+
\ <EXPLT_LIST>\n <EXPLT>\n <REF><![CDATA[CVE-2014-3566]]></REF>\n
|
489
|
+
\ <DESC><![CDATA[HTTP SSL/TLS Version Detection (POODLE scanner)
|
490
|
+
- Metasploit Ref : /modules/auxiliary/scanner/http/ssl_version]]></DESC>\n
|
491
|
+
\ <LINK><![CDATA[https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/ssl_version.rb]]></LINK>\n
|
492
|
+
\ </EXPLT>\n </EXPLT_LIST>\n </EXPLT_SRC>\n
|
493
|
+
\ </EXPLOITABILITY>\n </CORRELATION>\n <PCI_FLAG>1</PCI_FLAG>\n
|
494
|
+
\ <LAST_UPDATE>2016-01-06T21:57:28Z</LAST_UPDATE>\n <VENDOR_REFERENCE_LIST>\n
|
495
|
+
\ <VENDOR_REFERENCE>\n <ID><![CDATA[POODLE]]></ID>\n <URL><![CDATA[https://www.openssl.org/~bodo/ssl-poodle.pdf]]></URL>\n
|
496
|
+
\ </VENDOR_REFERENCE>\n </VENDOR_REFERENCE_LIST>\n <CVE_ID_LIST>\n
|
497
|
+
\ <CVE_ID>\n <ID><![CDATA[CVE-2014-3566]]></ID>\n <URL><![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566]]></URL>\n
|
498
|
+
\ </CVE_ID>\n </CVE_ID_LIST>\n <BUGTRAQ_ID_LIST>\n <BUGTRAQ_ID>\n
|
499
|
+
\ <ID><![CDATA[70574]]></ID>\n <URL><![CDATA[http://www.securityfocus.com/bid/70574]]></URL>\n
|
500
|
+
\ </BUGTRAQ_ID>\n </BUGTRAQ_ID_LIST>\n </VULN_DETAILS>\n
|
501
|
+
\ <VULN_DETAILS id=\"qid_38606\">\n <QID id=\"qid_38606\">38606</QID>\n
|
502
|
+
\ <TITLE><![CDATA[SSL Server Has SSLv3 Enabled Vulnerability]]></TITLE>\n
|
503
|
+
\ <SEVERITY>3</SEVERITY>\n <CATEGORY>General remote services</CATEGORY>\n
|
504
|
+
\ <THREAT><![CDATA[SSL 3.0 is an obsolete and insecure protocol.<BR>\nEncryption
|
505
|
+
in SSL 3.0 uses either the RC4 stream cipher, or a block cipher in CBC mode.<BR>\nRC4
|
506
|
+
is known to have biases, and the block cipher in CBC mode is vulnerable to
|
507
|
+
the POODLE attack.<P>\n\nThe SSLv3 protocol is insecure due to the POODLE
|
508
|
+
attack and the weakness of RC4 cipher.<P>\nNote: In April 2016, PCI released
|
509
|
+
<A HREF=\"https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2.pdf\"
|
510
|
+
TARGET=\"_blank\">PCI DSS v3.2</A> announcing that NIST no longer considers
|
511
|
+
Secure Socket Layers (SSL) v3.0 protocol as acceptable for protecting data
|
512
|
+
and that all versions of SSL versions do not meet the PCI definition of "strong
|
513
|
+
cryptography."<P>]]></THREAT>\n <IMPACT><![CDATA[An attacker can
|
514
|
+
exploit this vulnerability to read secure communications or maliciously modify
|
515
|
+
messages.]]></IMPACT>\n <SOLUTION><![CDATA[Disable the SSL 3.0 protocol
|
516
|
+
in the client and in the server, refer to \nHow to disable SSLv3 : <A HREF=\"http://disablessl3.com/\"
|
517
|
+
TARGET=\"_blank\">Disable SSLv3</A>]]></SOLUTION>\n <PCI_FLAG>1</PCI_FLAG>\n
|
518
|
+
\ <LAST_UPDATE>2017-07-10T18:08:39Z</LAST_UPDATE>\n </VULN_DETAILS>\n
|
519
|
+
\ <VULN_DETAILS id=\"qid_38628\">\n <QID id=\"qid_38628\">38628</QID>\n
|
520
|
+
\ <TITLE><![CDATA[SSL/TLS Server supports TLSv1.0]]></TITLE>\n <SEVERITY>3</SEVERITY>\n
|
521
|
+
\ <CATEGORY>General remote services</CATEGORY>\n <THREAT><![CDATA[TLS
|
522
|
+
is capable of using a multitude of ciphers (algorithms) to create the public
|
523
|
+
and private key pairs.<BR>\nFor example if TLSv1.0 uses either the RC4 stream
|
524
|
+
cipher, or a block cipher in CBC mode.<BR>\nRC4 is known to have biases and
|
525
|
+
the block cipher in CBC mode is vulnerable to the POODLE attack.<P>\n\nTLSv1.0,
|
526
|
+
if configured to use the same cipher suites as SSLv3, includes a means by
|
527
|
+
which a TLS implementation can downgrade the connection to SSL v3.0, thus
|
528
|
+
weakening security.<P>\n\n<A HREF=\"https://blog.qualys.com/ssllabs/2014/12/08/poodle-bites-tls\"
|
529
|
+
TARGET=\"_blank\">A POODLE-type</A> attack could also be launched directly
|
530
|
+
at TLS without negotiating a downgrade.<P>\n\n<B> This QID will be marked
|
531
|
+
as a Fail for PCI as of May 1st, 2017 in accordance with the new standards.
|
532
|
+
\ For existing implementations, Merchants will be able to submit a PCI False
|
533
|
+
Positive / Exception Request and provide proof of their Risk Mitigation and
|
534
|
+
Migration Plan, which will result in a pass for PCI up until June 30th, 2018.\n<P>\n
|
535
|
+
Further details can be found at: <A HREF=\"https://community.qualys.com/message/34120\"
|
536
|
+
TARGET=\"_blank\">NEW PCI DSS v3.2 and Migrating from SSL and Early TLS v1.1</A>\n</B>\n<P>]]></THREAT>\n
|
537
|
+
\ <IMPACT><![CDATA[An attacker can exploit cryptographic flaws to conduct
|
538
|
+
man-in-the-middle type attacks or to decryption communications.<P>\nFor example:
|
539
|
+
An attacker could force a downgrade from the TLS protocol to the older SSLv3.0
|
540
|
+
protocol and exploit the POODLE vulnerability, read secure communications
|
541
|
+
or maliciously modify messages.<P>\n<A HREF=\"https://blog.qualys.com/ssllabs/2014/12/08/poodle-bites-tls\"
|
542
|
+
TARGET=\"_blank\">A POODLE-type</A> attack could also be launched directly
|
543
|
+
at TLS without negotiating a downgrade.<P>]]></IMPACT>\n <SOLUTION><![CDATA[Disable
|
544
|
+
the use of TLSv1.0 protocol in favor of a cryptographically stronger protocol
|
545
|
+
such as TLSv1.2.\nThe following openssl commands can be used to do a manual
|
546
|
+
test:\nopenssl s_client -connect ip:port -tls1\n\nIf the test is successful,
|
547
|
+
then the target support TLSv1]]></SOLUTION>\n <PCI_FLAG>1</PCI_FLAG>\n
|
548
|
+
\ <LAST_UPDATE>2017-06-09T18:16:07Z</LAST_UPDATE>\n </VULN_DETAILS>\n
|
549
|
+
\ <VULN_DETAILS id=\"qid_38657\">\n <QID id=\"qid_38657\">38657</QID>\n
|
550
|
+
\ <TITLE><![CDATA[Birthday attacks against TLS ciphers with 64bit block
|
551
|
+
size vulnerability (Sweet32)]]></TITLE>\n <SEVERITY>3</SEVERITY>\n
|
552
|
+
\ <CATEGORY>General remote services</CATEGORY>\n <THREAT><![CDATA[Legacy
|
553
|
+
block ciphers having block size of 64 bits are vulnerable to a practical collision
|
554
|
+
attack when used in CBC mode. \nAll versions of SSL/TLS protocol support cipher
|
555
|
+
suites which use DES or 3DES as the symmetric encryption cipher are affected.]]></THREAT>\n
|
556
|
+
\ <IMPACT><![CDATA[Remote attackers can obtain cleartext data via a
|
557
|
+
birthday attack against a long-duration encrypted session.]]></IMPACT>\n <SOLUTION><![CDATA[Disable
|
558
|
+
and stop using DES and 3DES ciphers.\nThe following openssl commands can be
|
559
|
+
used to do a manual test:\nopenssl s_client -connect ip:port -cipher "DES:3DES"
|
560
|
+
-ssl2\nopenssl s_client -connect ip:port -cipher "DES:3DES" -ssl3\nopenssl
|
561
|
+
s_client -connect ip:port -cipher "DES:3DES" -tls1\nopenssl s_client
|
562
|
+
-connect ip:port -cipher "DES:3DES" -tls1_1\nopenssl s_client -connect
|
563
|
+
ip:port -cipher "DES:3DES" -tls1_2\n\nIf any of these tests is successful,
|
564
|
+
then the target is vulnerable to Sweet32.]]></SOLUTION>\n <PCI_FLAG>0</PCI_FLAG>\n
|
565
|
+
\ <LAST_UPDATE>2017-06-27T06:14:43Z</LAST_UPDATE>\n <CVE_ID_LIST>\n
|
566
|
+
\ <CVE_ID>\n <ID><![CDATA[CVE-2016-2183]]></ID>\n <URL><![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183]]></URL>\n
|
567
|
+
\ </CVE_ID>\n </CVE_ID_LIST>\n <BUGTRAQ_ID_LIST>\n <BUGTRAQ_ID>\n
|
568
|
+
\ <ID><![CDATA[92630]]></ID>\n <URL><![CDATA[http://www.securityfocus.com/bid/92630]]></URL>\n
|
569
|
+
\ </BUGTRAQ_ID>\n <BUGTRAQ_ID>\n <ID><![CDATA[95568]]></ID>\n
|
570
|
+
\ <URL><![CDATA[http://www.securityfocus.com/bid/95568]]></URL>\n
|
571
|
+
\ </BUGTRAQ_ID>\n </BUGTRAQ_ID_LIST>\n </VULN_DETAILS>\n
|
572
|
+
\ <VULN_DETAILS id=\"qid_38685\">\n <QID id=\"qid_38685\">38685</QID>\n
|
573
|
+
\ <TITLE><![CDATA[SSL Certificate - Invalid Maximum Validity Date Detected]]></TITLE>\n
|
574
|
+
\ <SEVERITY>2</SEVERITY>\n <CATEGORY>General remote services</CATEGORY>\n
|
575
|
+
\ <THREAT><![CDATA[Starting 1 April 2015, Certification Authorities
|
576
|
+
(CAs) are not permitted to issue SSL certificates (issued from a public root)
|
577
|
+
with a validity period greater than 39 months. \n<BR>\nSSL/TLS certificate
|
578
|
+
maximum validity is three years (39 months) for Domain Validated (DV) and
|
579
|
+
Organization Validated (OV) Certificates.<BR>\nSSL certificates have limited
|
580
|
+
validity periods so that the certificate's holder identity information is
|
581
|
+
re-authenticated more frequently. \n<P>\nIt is detected that maximum validity
|
582
|
+
of certificate on the system is more than what is recommended.]]></THREAT>\n
|
583
|
+
\ <IMPACT><![CDATA[By exploiting this vulnerability, an attacker can
|
584
|
+
launch a man-in-the-middle attack.]]></IMPACT>\n <SOLUTION><![CDATA[Please
|
585
|
+
install a server certificate with recommended maximum validity.]]></SOLUTION>\n
|
586
|
+
\ <PCI_FLAG>1</PCI_FLAG>\n <LAST_UPDATE>2017-10-02T22:32:24Z</LAST_UPDATE>\n
|
587
|
+
\ </VULN_DETAILS>\n <VULN_DETAILS id=\"qid_82003\">\n <QID
|
588
|
+
id=\"qid_82003\">82003</QID>\n <TITLE><![CDATA[ICMP Timestamp Request]]></TITLE>\n
|
589
|
+
\ <SEVERITY>1</SEVERITY>\n <CATEGORY>TCP/IP</CATEGORY>\n <THREAT><![CDATA[ICMP
|
590
|
+
(Internet Control and Error Message Protocol) is a protocol encapsulated in
|
591
|
+
IP packets. It's principal purpose is to provide a protocol layer able to
|
592
|
+
inform gateways of the inter-connectivity and accessibility of other gateways
|
593
|
+
or hosts. "ping" is a well-known program for determining if a host
|
594
|
+
is up or down. It uses ICMP echo packets. ICMP timestamp packets are used
|
595
|
+
to synchronize clocks between hosts.]]></THREAT>\n <IMPACT><![CDATA[Unauthorized
|
596
|
+
users can obtain information about your network by sending ICMP timestamp
|
597
|
+
packets. For example, the internal systems clock should not be disclosed since
|
598
|
+
some internal daemons use this value to calculate ID or sequence numbers (i.e.,
|
599
|
+
on SunOS servers).]]></IMPACT>\n <SOLUTION><![CDATA[You can filter
|
600
|
+
ICMP messages of type "Timestamp" and "Timestamp Reply"
|
601
|
+
at the firewall level. Some system administrators choose to filter most types
|
602
|
+
of ICMP messages for various reasons. For example, they may want to protect
|
603
|
+
their internal hosts from ICMP-based Denial Of Service attacks, such as the
|
604
|
+
<I>Ping of Death</I> or <I>Smurf</I> attacks. \n<P>\nHowever, you should never
|
605
|
+
filter <B>ALL</B> ICMP messages, as some of them ("Don't Fragment",
|
606
|
+
"Destination Unreachable", "Source Quench", etc) are necessary
|
607
|
+
for proper behavior of Operating System TCP/IP stacks.\n<P>\nIt may be wiser
|
608
|
+
to contact your network consultants for advice, since this issue impacts your
|
609
|
+
overall network reliability and security.]]></SOLUTION>\n <PCI_FLAG>0</PCI_FLAG>\n
|
610
|
+
\ <LAST_UPDATE>2009-04-29T03:59:17Z</LAST_UPDATE>\n <CVE_ID_LIST>\n
|
611
|
+
\ <CVE_ID>\n <ID><![CDATA[CVE-1999-0524]]></ID>\n <URL><![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0524]]></URL>\n
|
612
|
+
\ </CVE_ID>\n </CVE_ID_LIST>\n </VULN_DETAILS>\n </VULN_DETAILS_LIST>\n
|
613
|
+
\ </GLOSSARY>\n <APPENDICES>\n <NO_VULNS>\n <IP_LIST>\n <RANGE>\n
|
614
|
+
\ <START>192.168.1.100</START>\n <END>192.168.1.100</END>\n
|
615
|
+
\ </RANGE>\n </IP_LIST>\n </NO_VULNS>\n <TEMPLATE_DETAILS>\n
|
616
|
+
\ <FILTER_SUMMARY>\n Status:New, Active, Re-Opened, Fixed\n Vulnerabilities:\n
|
617
|
+
\ State:Active\n Included Operating Systems:\n All Operating
|
618
|
+
Systems\n </FILTER_SUMMARY>\n </TEMPLATE_DETAILS>\n </APPENDICES>\n</ASSET_DATA_REPORT>\n<!--
|
619
|
+
CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides the QualysGuard
|
620
|
+
Service \"As Is,\" without any warranty of any kind. Qualys makes no warranty
|
621
|
+
that the information contained in this report is complete or error-free. Copyright
|
622
|
+
2017, Qualys, Inc. //--> \n"
|
623
|
+
http_version:
|
624
|
+
recorded_at: Tue, 12 Dec 2017 10:00:00 GMT
|
625
|
+
recorded_with: VCR 4.0.0
|