|
|
漏洞 www (80/tcp) OpenSSL 拒绝服务
远程主机运行的OpenSSL版本早于0.9.6m 或 0.9.7d。
该版本存在多个漏洞,允许攻击者对远程主机发起拒绝服务攻击。
*** Nessus 只是根据远程主机的banner进行判断并发出警告。
解决方案: 升级到 0.9.6m (0.9.7d) 或 更新的版本
风险等级: 中
___________________________________________________________________
The remote host is using a version of OpenSSL which is
older than 0.9.6m or 0.9.7d
There are several bug in this version of OpenSSL which may allow
an attacker to cause a denial of service against the remote host.
*** Nessus solely relied on the banner of the remote host
*** to issue this warning
Solution : Upgrade to version 0.9.6m (0.9.7d) or newer
Risk factor : High
CVE_ID : CAN-2004-0079, CAN-2004-0081, CAN-2004-0112
BUGTRAQ_ID : 9899
NESSUS_ID : 12110
Other references : IAVA:2004-B-0006
漏洞 www (80/tcp) mod_frontpage installed
The remote host is using the Apache mod_frontpage module.
mod_frontpage older than 1.6.1 is vulnerable to a buffer
overflow which may allow an attacker to gain root access.
*** Since Nessus was not able to remotely determine the version
*** of mod_frontage you are running, you are advised to manually
*** check which version you are running as this might be a false
*** positive.
If you want the remote server to be remotely secure, we advise
you do not use this module at all.
Solution : Disable this module
Risk factor : High
CVE_ID : CAN-2002-0427
BUGTRAQ_ID : 4251
NESSUS_ID : 11303
警告 www (80/tcp) OpenSSL password interception
The remote host is using a version of OpenSSL which is
older than 0.9.6j or 0.9.7b
This version is vulnerable to a timing based attack which may
allow an attacker to guess the content of fixed data blocks and
may eventually be able to guess the value of the private RSA key
of the server.
An attacker may use this implementation flaw to sniff the
data going to this host and decrypt some parts of it, as well
as impersonate your server and perform man in the middle attacks.
*** Nessus solely relied on the banner of the remote host
*** to issue this warning
See also : http://www.openssl.org/news/secadv_20030219.txt
http://lasecwww.epfl.ch/memo_ssl.shtml
http://eprint.iacr.org/2003/052/
Solution : Upgrade to version 0.9.6j (0.9.7b) or newer
Risk factor : Medium
CVE_ID : CAN-2003-0078, CAN-2003-0147, CAN-2003-0131
BUGTRAQ_ID : 6884, 7148
NESSUS_ID : 11267
Other references : RHSA:RHSA-2003:101-01, SuSE:SUSE-SA:2003:024
提示 www (80/tcp) 开放服务
"WEB"服务运行于该端口
BANNER信息 :
HTTP/1.1 200 OK
Date: Tue, 13 Nov 2007 11:17:57 GMT
Server: Apache/1.3.39 (Unix) mod_fastcgi/2.4.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 mod_log_bytes/1.2 FrontPage/5.0.2.2635 mod_ssl/2.8.30 OpenSSL/0.9.7a
X-Powered-By: PHP/4.4.7
Set-Cookie: Shn_sid=PGzsga
expires=Tue, 20 Nov 2007 11:17:57 GMT
path=/
Set-Cookie: Shn_onlineusernum=4
expires=Tue, 13 Nov 2007 11:22:57 GMT
path=/
Connection: close
Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD
NESSUS_ID : 10330
提示 www (80/tcp) http TRACE 跨站攻击
你的webserver支持TRACE 和/或 TRACK 方式。 TRACE和TRACK是用来调试web服务器连接的HTTP方式。
支持该方式的服务器存在跨站脚本漏洞,通常在描述各种浏览器缺陷的时候,把"Cross-Site-Tracing"简称为XST。
攻击者可以利用此漏洞欺骗合法用户并得到他们的私人信息。
解决方案: 禁用这些方式。
如果你使用的是Apache, 在各虚拟主机的配置文件里添加如下语句:
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
如果你使用的是Microsoft IIS, 使用URLScan工具禁用HTTP TRACE请求,或者只开放满足站点需求和策略的方式。
如果你使用的是Sun ONE Web Server releases 6.0 SP2 或者更高的版本, 在obj.conf文件的默认object section里添加下面的语句:
<Client method="TRACE">
AuthTrans fn="set-variable"
remove-headers="transfer-encoding"
set-headers="content-length: -1"
error="501"
</Client>
如果你使用的是Sun ONE Web Server releases 6.0 SP2 或者更低的版本, 编译如下地址的NSAPI插件:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
参见http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
http://www.kb.cert.org/vuls/id/867593
风险等级: 中
___________________________________________________________________
The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
"Cross-Site-Tracing", when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your legitimate web users to
give him their credentials.
Solution :
Add the following lines for each virtual host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
See also http://www.kb.cert.org/vuls/id/867593
Risk factor : Medium
BUGTRAQ_ID : 9506, 9561, 11604
NESSUS_ID : 11213
提示 www (80/tcp) Web 映射
此脚本将映射远程web站点并提取一份远程主机所用的CGI列表.
建议你给此插件设置一个较高的超时值.
所要映射的页面需在客户端的'选项'中修改.
风险等级:无
___________________________________________________________________
The following CGI have been discovered :
Syntax : cginame (arguments [default value])
/rss.php (auth [0] )
/forumdisplay.php (fid [2] )
/stats.php (type [forumsrank] )
/redirect.php (tid [5] goto [lastpost] )
/register.php (regsubmit [yes] )
/logging.php (password [] action [login] loginfield [username] username [用户名] referer [] answer [] questionid [] formhash [862cdaf2] loginsubmit [true] cookietime [2592000] )
/space.php (username [%C1%B5%B7%F8%C9%E4] uid [1] )
/archiver/archiver/ (fid-2.html [] )
/tag.php (name [] )
/faq.php (action [message] id [2] searchsubmit [yes] )
/index.php (gid [1] showoldetails [no] )
/member.php (action formhash [862cdaf2] view [promotion_register] )
NESSUS_ID : 10662
提示 www (80/tcp) HTTP 服务器类型及版本
发现 HTTP 服务器的类型及版本号.
解决方案: 配置服务器经常更改名称,如:'Wintendo httpD w/Dotmatrix display'
确保移除类似 apache_pb.gif 带有 Apache 的通用标志, 可以设定 'ServerTokens Prod' 为受限
该信息来源于服务器本身的响应首部.
风险等级 : 低
___________________________________________________________________
The remote web server type is :
Apache/1.3.39 (Unix) mod_fastcgi/2.4.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 mod_log_bytes/1.2 FrontPage/5.0.2.2635 mod_ssl/2.8.30 OpenSSL/0.9.7a
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
NESSUS_ID : 10107
警告 ftp (21/tcp) Anonymous FTP enabled
This FTP service allows anonymous logins. If you do not want to share data
with anyone you do not know, then you should deactivate the anonymous account,
since it may only cause troubles.
Risk factor : Low
CVE_ID : CAN-1999-0497
NESSUS_ID : 10079
提示 ftp (21/tcp) 开放服务
"FTP"服务运行于该端口.
BANNER信息 :
220---------- Welcome to Pure-FTPd [TLS] ----------
NESSUS_ID : 10330
提示 ftp (21/tcp) FTP服务的版本和类型
通过登陆目标服务器并经过缓冲器接收可查出FTP服务的类型和版本。这些注册过的标识信息将给予潜在的攻击者们关于他们要攻击的系统的额外信息。版本和类型会在可能的地方被泄露。
解决方案:将这些注册过的标识信息转变为普通类别的信息。。
风险等级:低
___________________________________________________________________
Remote FTP server banner :
220---------- Welcome to Pure-FTPd [TLS] ----------
NESSUS_ID : 10092
提示 imap (143/tcp) 开放服务
"IMAP"服务运行于该端口
NESSUS_ID : 10330
提示 imap (143/tcp) IMAP Banner
The remote imap server banner is :
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc. See COPYING for distribution information.
Versions and types should be omitted where possible.
Change the imap banner to something generic.
NESSUS_ID : 11414 |
|
国外虚拟主机
1721 人阅读
|
9 人回复
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
