Test Results

Executive Summary
Test Result: Fail	Date: 2010-06-02	Target IP: 169.254.30.245
Test ID: 1049910	Test Length: 22.17 Minutes	DNS Entry: www.sample-site.com
Total Risk: 36	Start Time: 01:00:55	Finish Time: 01:23:06
TCP/IP Fingerprint OS Estimate: Linux

SecurityMetrics has determined that Davis and Davis Productions is NOT COMPLIANT with the PCI scan validation requirement for this computer. The computer fails because a risk of 4 or more was found. You may not use the Security Tested logo until the computer passes. Look in the Security Vulnerabilities section below for instructions to reduce your security risk. Attackers typically use footprinting, port scanning and security vulnerability testing to find security weaknesses on computers. This report provides information on each of these categories. Footprinting Find public information regarding this IP, which an attacker could use to gain access: IP Information Port Scan Attackers use a port scan to find out what programs are running on your computer. Most programs have known security weaknesses. Disable any unnecessary programs listed below.

Port Scan
Protocol	Port	Program	Status	Summary	Turn Off
ICMP	Ping		Accepting	Your computer is answering ping requests. Hackers use Ping to scan the Internet to see if computers will answer. If your computer answers then a hacker will know your computer exists and your computer could become a hacker target. You should install a firewall or turn off Ping requests.	HowTo
TCP	21	ProFTPD	Open	Your computer allows other computers to connect to it for FTP (file transfer protocol) transfers. If you don't need others to connect to your computer then you should turn off FTP.	HowTo
TCP	25	netqmail smtpd 1.04	Open	Your computer is running SMTP (Simple Mail Transport Protocol). This can be a security risk since a hacker can verify user names when this service is running. If you do not need to run SMTP then turn it off. If you must run SMTP then be sure to run the latest version.	HowTo
TCP	80	Rapidsite/Apa httpd 1.3.33	Open	Your computer appears to be running http software that allows others to view its web pages. If you don't intend this computer to allow others to view its web pages then turn this service off. There are many potential security vulnerabilities in http software.	HowTo
TCP	110	Dovecot pop3d	Open	Some POP3 services are vulnerable to buffer overflows. Download latest version of your POP3 service from vendor.	HowTo
TCP	143	Dovecot imapd	Open	Your computer appears to be running Interactive Mail Access Protocol Version 2 (IMAP2). This service generally does not encrypt data or authenticate users. This means the data transmitted by this service may be viewed by others and is not secure.	HowTo
TCP	443	Rapidsite/Apa httpd 1.3.33	Open	Your computer appears to be running HTTP Secure Socket Layer (SSL) software. This software improves the security of HTTP communication with this server.
TCP	587	netqmail smtpd 1.04	Open	Your computer is responding to scans on this port. This helps a hacker to gather information about possible services running on this machine and what kind of machine you have. If you do not require this service turn it off.
TCP	995	Dovecot pop3d	Open	Your computer is responding to scans on this port. This helps a hacker to gather information about possible services running on this machine and what kind of machine you have. If you do not require this service turn it off.
TCP	3306	MySQL 4.0.27-log	Open	As a security best practice you should not expose database ports externally. Alter your configuration to only allow local access. If you do not need this service, you should turn it off completely.

Security Vulnerabilities Solution Plan
The following section lists all security vulnerabilities detected on your system. All vulnerability risk scores 4 or greater are marked in red and must be resolved to become PCI compliant. Denial-of-Service vulnerabilities are also marked in red but they do not affect your PCI compliance status. Each vulnerability is ranked on a scale from 0 to 10, with 10 being critical. PCI Risk Table

Security Vulnerabilities
Protocol	Port	Program	Risk	Summary
TCP	3306	mysql	5	Synopsis : The remote database server is affected by an information disclosure flaw. Description : The MySQL database server on the remote host reads from uninitialized memory when processing a specially-crafted login packet. An unauthenticated attacker may be able to exploit this flaw to obtain sensitive information from the affected host as returned in an error packet. See also : http://www.securityfocus.com/archive/1/4 32733/30/0/threaded http://dev.mysql.com/doc/refman/4.1/en/n ews-4-0-27.html http://dev.mysql.com/doc/refman/4.1/en/n ews-4-1-19.html http://dev.mysql.com/doc/refman/5.0/en/n ews-5-0-21.html http://dev.mysql.com/doc/refman/5.1/en/n ews-5-1-10.html Solution: Upgrade to MySQL 4.0.27  / 4.1.19  / 5.0.21  / 5.1.10 or later. Risk Factor: Medium  / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE : CVE-2006-1516 BID : 17780 Other references : OSVDB:25226 [More] [Hide]
TCP	443	https	5	Synopsis : The remote service supports the use of weak SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all. See also : http://www.openssl.org/docs/apps/ciphers .html Solution: Reconfigure the affected application if possible to avoid use of weak ciphers. Risk Factor: Medium  / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) Plugin output : Here is the list of weak SSL ciphers supported by the remote server : Low Strength Ciphers (< 56-bit key) SSLv3 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export TLSv1 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag} [More] [Hide]
TCP	80	http	5	Synopsis : The remote web server might transmit credentials in cleartext. Description : The remote web server contains several HTML form fields containing an input of type 'password' which transmit their information to a remote web server in cleartext. An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of valid users. Solution: Make sure that every sensitive form transmits content over HTTPS. Risk Factor: Medium  / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) Plugin output : Page :  /webmail Destination page : Input name : login_password Page :  /phpMyAdmin/ Destination page : index.php Input name : pma_password Page :  /phpMyAdmin/index.php Destination page : index.php Input name : pma_password [More] [Hide]
TCP	995	pop3s	5	Synopsis : The remote service supports the use of weak SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all. See also : http://www.openssl.org/docs/apps/ciphers .html Solution: Reconfigure the affected application if possible to avoid use of weak ciphers. Risk Factor: Medium  / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) Plugin output : Here is the list of weak SSL ciphers supported by the remote server : Low Strength Ciphers (< 56-bit key) SSLv2 EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export SSLv3 EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export TLSv1 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag} [More] [Hide]
TCP	995	pop3s	5	Synopsis : The remote service supports the use of anonymous SSL ciphers. Description : The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack. See also : http://www.openssl.org/docs/apps/ciphers .html Solution: Reconfigure the affected application if possible to avoid use of weak ciphers. Risk Factor: Medium  / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) [More] [Hide]
TCP	995	pop3s	4	Synopsis : The remote service encrypts traffic using a protocol with known weaknesses. Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients. See also : http://www.schneier.com/paper-ssl.pdf Solution: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. See http://support.microsoft.com/kb/216482 for instructions on IIS. See http://httpd.apache.org/docs/2.0/mod/mod _ssl.html for Apache. Risk Factor: Medium  / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N) [More] [Hide]
TCP	21	ftp	3	Synopsis : The remote FTP server allows credentials to be transmitted in clear text. Description : The remote FTP does not encrypt its data and control connections. The user name and password are transmitted in clear text and may be intercepted by a network sniffer, or a man-in-the-middle attack. Solution: Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In the latter case, configure the server such as data and control connections must be encrypted. Risk Factor: Low  / CVSS Base Score : 2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N) [More] [Hide]
TCP	80	http	3	Synopsis : The remote web server seems to transmit credentials in clear text. Description : The remote web server contains web pages that are protected by 'Basic' authentication over plain text. An attacker eavesdropping the traffic might obtain logins and passwords of valid users. Solution: Make sure that HTTP authentication is transmitted over HTTPS. Risk Factor: Low  / CVSS Base Score : 2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N) [More] [Hide]
TCP		general/tcp	1	The remote host uses non-random IP IDs, that is, it is possible to predict the next value of the ip_id field of the ip packets sent by this host. An attacker may use this feature to determine traffic patterns within your network. A few examples (not at all exhaustive) are: 1. A remote attacker can determine if the remote host sent a packet in reply to another request. Specifically, an attacker can use your server as an unwilling participant in a blind portscan of another network. 2. A remote attacker can roughly determine server requests at certain times of the day. For instance, if the server is sending much more traffic after business hours, the server may be a reverse proxy or other remote access device. An attacker can use this information to concentrate his/her efforts on the more critical machines. 3. A remote attacker can roughly estimate the number of requests that a web server processes over a period of time. Solution: Contact your vendor for a patch Risk Factor: Low [More] [Hide]
UDP		general/udp	0
TCP		general/tcp	0
TCP	110	pop3	0	Synopsis : A POP server is listening on the remote port. Description : The remote host is running a server that understands the Post Office Protocol (POP), used by email clients to retrieve messages from a server, possibly across a network link. See also : http://en.wikipedia.org/wiki/Post_Office _Protocol Solution: Disable this service if you do not use it. Risk Factor: None
TCP	110	pop3	0	A pop3 server is running on this port
TCP	143	imap	0	An IMAP server is running on this port
TCP	143	imap	0	Synopsis : An IMAP server is running on the remote host. Description : An IMAP (Internet Message Access Protocol) server is installed and running on the remote host. Risk Factor: None Plugin output : The remote imap server banner is : * OK Dovecot ready.
TCP	21	ftp	0	An FTP server is running on this port. Here is its banner : 220 FTP Service
TCP	21	ftp	0	Synopsis : An FTP server is listening on this port. Description : It is possible to obtain the banner of the remote FTP server by connecting to the remote port. Solution: N/A Risk Factor: None
TCP	25	smtp	0	Synopsis : An SMTP server is listening on the remote port. Description : The remote host is running a mail (SMTP) server on this port. Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it. Solution: Disable this service if you do not use it, or filter incoming traffic to this port. Risk Factor: None
TCP	25	smtp	0	An SMTP server is running on this port Here is its banner : 220 mmm1129.169.254.30.245.com ESMTP
TCP	25	smtp	0	For some reason, we could not send the EICAR test string to this MTA.
TCP	3306	mysql	0	Synopsis : A database server is listening on the remote port. Description : The remote host is running MySQL, an open-source database server. It is possible to extract the version number of the remote installation from the server greeting. Solution: Restrict access to the database to allowed IPs only. Risk Factor: None Plugin output : The remote MySQL version is 4.0.27-log
TCP	3306	mysql	0	A MySQL server is running on this port
TCP	3306	mysql	0
TCP	443	https	0	Synopsis : HMAP fingerprints the remote HTTP server. Description : By sending several valid and invalid HTTP requests, it may be possible to identify the remote web server type. In some cases, its version can also be approximated, as well as some options. An attacker may use this tool to identify the kind of the remote web server and gain further knowledge about this host. Suggestions for defense against fingerprinting are presented in http://acsac.org/2002/abstracts/96.html See also : http://ujeni.murkyroc.com/hmap/ http://seclab.cs.ucdavis.edu/papers/hmap -thesis.pdf Solution: N/A Risk Factor: None [More] [Hide]
TCP	443	https	0	Synopsis : The remote web server contains a 'robots.txt' file. Description : The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting certain directories in a web site for maintenance or indexing purposes. A malicious user may also be able to use the contents of this file to learn of sensitive documents or directories on the affected site and either retrieve them directly or target them for other attacks. See also : http://www.robotstxt.org/wc/exclusion.ht ml Solution: Review the contents of the site's robots.txt file, use Robots META tags instead of entries in the robots.txt file, and/or adjust the web server's access controls to limit access to sensitive material. Risk Factor: None Contents of robots.txt : User-agent: * Disallow:  /cgi-bin/ Disallow:  /cgi-image/ Disallow:  /cgi-local/ Disallow:  /online-store/ Disallow:  /stats/ Disallow:  /webmail/ Other references : OSVDB:238 [More] [Hide]
TCP	443	https	0	A web server is running on this port through SSL
TCP	443	https	0	Synopsis : A web server is running on the remote host. Description : This plugin attempts to determine the type and the version of the remote web server. Risk Factor: None Plugin output : The remote web server type is : Rapidsite/Apa/1.3.33 (Unix) FrontPage/5.0.2.2510 mod_ssl/2.8.22 OpenSSL/0.9.8d
TCP	443	https	0	Synopsis : The remote service encrypts communications using SSL. Description : This script detects which SSL ciphers are supported by the remote service for encrypting communications. See also : http://www.openssl.org/docs/apps/ciphers .html Risk Factor: None Plugin output : Here is the list of SSL ciphers supported by the remote server : Low Strength Ciphers (< 56-bit key) SSLv3 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export TLSv1 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export Medium Strength Ciphers (>= 56-bit and < 112-bit key) SSLv3 EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 TLSv1 EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 High Strength Ciphers (>= 112-bit key) SSLv3 EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 IDEA-CBC-SHA Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 TLSv1 EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 AES256-SHA Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 IDEA-CBC-SHA Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag} [More] [Hide]
TCP	443	https	0	Synopsis : It is possible to enumerate directories on the web server. Description : This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or not. Risk Factor: None Plugin output : The following directories were discovered:  /cgi-bin,  /icons,  /phpMyAdmin,  /template,  /webmail,  /cgi-image While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards The following directories require authentication:  /statistics,  /stats,  /support Other references : OWASP:OWASP-CM-006 [More] [Hide]
TCP	443	https	0	A TLSv1 server answered on this port
TCP	443	https	0	Synopsis : Some information about the remote HTTP configuration can be extracted. Description : This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem Risk Factor: None
TCP	443	https	0	Here is the SSLv3 server certificate: Certificate: Data: Version: 3 (0x2) Serial Number: 647519 (0x9e15f) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority Validity Not Before: Sep 23 23:08:37 2008 GMT Not After : Oct 24 23:08:37 2009 GMT Subject: O=Sample Inc., CN=mmm1129.169.254.30.245.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (768 bit) Modulus (768 bit): 00:ab:60:74:af:b4:b1:e7:89:35:39:dd:0b:ff :ff: e9:9b:54:95:c1:07:8c:78:12:3a:d8:27:3e:2e :cb: 7c:24:1d:83:20:4f:aa:51:bf:eb:69:d8:fa:22 :13: 0a:2d:7c:21:11:43:32:4c:68:5c:8f:5a:c5:2a :cd: 8a:e6:32:96:4c:a1:6d:4f:19:cf:44:bc:07:4b :56: 5a:ed:12:fc:c2:de:92:0e:c1:00:7f:5a:67:3e :f9: 74:00:cb:dd:39:3b:8b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment X509v3 Subject Key Identifier: 5B:76:28:89:22:EB:F1:3F:2C:BD:1B:38:03:81 :71:AB:C3:93:B1:6F X509v3 CRL Distribution Points: URI:http://crl.geotrust.com/crls/securec a.crl X509v3 Authority Key Identifier: keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23 :20:10:4F:33:98:90:9F:D4 X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha1WithRSAEncryption 15:fb:d2:8f:9f:88:d0:d8:4b:18:4f:21:cb:38 :48:e2:d6:c6: c5:51:4d:c6:27:e4:0f:30:c2:7c:e1:5e:a7:91 :23:5c:af:b7: 4f:e0:21:f0:a9:ce:84:00:be:e8:f4:f1:93:5d :c8:c7:cd:24: 7d:a5:1c:0b:75:35:bf:e5:58:05:9f:b1:5a:1d :8c:68:fe:c3: 6c:8d:fe:f2:73:9b:55:f4:23:75:94:74:e8:f6 :74:90:c1:11: f9:1a:c7:b5:bf:33:ad:02:a3:65:71:38:58:96 :3b:98:52:48: ad:df:48:dd:82:fc:50:1f:1f:e3:b7:d1:b4:09 :47:35:3a:b1: e1:35 This TLSv1 server does not accept SSLv2 connections. This TLSv1 server also accepts SSLv3 connections. [More] [Hide]
TCP	587	submission	0	An SMTP server is running on this port Here is its banner : 220 mmm1129.169.254.30.245.com ESMTP
TCP	587	submission	0	For some reason, we could not send the EICAR test string to this MTA.
TCP	587	submission	0	Synopsis : An SMTP server is listening on the remote port. Description : The remote host is running a mail (SMTP) server on this port. Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it. Solution: Disable this service if you do not use it, or filter incoming traffic to this port. Risk Factor: None
TCP	80	http	0	Synopsis : HMAP fingerprints the remote HTTP server. Description : By sending several valid and invalid HTTP requests, it may be possible to identify the remote web server type. In some cases, its version can also be approximated, as well as some options. An attacker may use this tool to identify the kind of the remote web server and gain further knowledge about this host. Suggestions for defense against fingerprinting are presented in http://acsac.org/2002/abstracts/96.html See also : http://ujeni.murkyroc.com/hmap/ http://seclab.cs.ucdavis.edu/papers/hmap -thesis.pdf Solution: N/A Risk Factor: None [More] [Hide]
TCP	80	http	0	Synopsis : The remote web server contains a database management application written in PHP. Description : The remote host is running phpMyAdmin, a web-based MySQL administration tool written in PHP. See also : http://www.phpmyadmin.net/home_page/inde x.php Solution: Make sure the use of this program is in accordance with your corporate security policy. Risk Factor: None
TCP	80	http	0	Synopsis : Some information about the remote HTTP configuration can be extracted. Description : This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem Risk Factor: None
TCP	80	http	0	Synopsis : Frontpage extensions are enabled. Description : The remote web server appears to be running with the Frontpage extensions. Frontpage allows remote web developers and administrators to modify web content from a remote location. While this is a fairly typical scenario on an internal Local Area Network, the Frontpage extensions should not be available to anonymous users via the Internet (or any other untrusted 3rd party network). Risk Factor: None Plugin output : The remote frontpage server leaks information regarding the name anonymous user By knowing the name of the anonymous user, more sophisticated attacks may be launched We could gather that the name of the anonymous user is : nath23 CVE : CVE-2000-0114 Other references : OSVDB:67 [More] [Hide]
TCP	80	http	0	Synopsis : Frontpage extensions are enabled. Description : The remote web server appears to be running with the Frontpage extensions. Frontpage allows remote web developers and administrators to modify web content from a remote location. While this is a fairly typical scenario on an internal Local Area Network, the Frontpage extensions should not be available to anonymous users via the Internet (or any other untrusted 3rd party network). Risk Factor: None CVE : CVE-2000-0114 Other references : OSVDB:67 [More] [Hide]
TCP	80	http	0	Synopsis : The remote web server contains a 'robots.txt' file. Description : The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting certain directories in a web site for maintenance or indexing purposes. A malicious user may also be able to use the contents of this file to learn of sensitive documents or directories on the affected site and either retrieve them directly or target them for other attacks. See also : http://www.robotstxt.org/wc/exclusion.ht ml Solution: Review the contents of the site's robots.txt file, use Robots META tags instead of entries in the robots.txt file, and/or adjust the web server's access controls to limit access to sensitive material. Risk Factor: None Contents of robots.txt : User-agent: * Disallow:  /cgi-bin/ Disallow:  /cgi-image/ Disallow:  /cgi-local/ Disallow:  /online-store/ Disallow:  /stats/ Disallow:  /webmail/ Other references : OSVDB:238 [More] [Hide]
TCP	80	http	0	This script makes a mirror of the remote web site(s) and extracts the list of CGIs that are used by the remote host. It is suggested you give a high timeout value to this plugin and that you change the number of pages to mirror in the 'Options' section of the client. Risk Factor: None
TCP	80	http	0	Synopsis : A web server is running on the remote host. Description : This plugin attempts to determine the type and the version of the remote web server. Risk Factor: None Plugin output : The remote web server type is : Rapidsite/Apa/1.3.33 (Unix) FrontPage/5.0.2.2510 mod_ssl/2.8.22 OpenSSL/0.9.8d
TCP	80	http	0	Synopsis : It is possible to enumerate directories on the web server. Description : This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or not. Risk Factor: None Plugin output : The following directories were discovered:  /_vti_bin,  /cgi-bin,  /cgi-local,  /test,  /etc,  /icons,  /images,  /phpMyAdmin,  /webmail,  /cgi-image While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards The following directories require authentication:  /_private,  /stats Other references : OWASP:OWASP-CM-006 [More] [Hide]
TCP	995	pop3s	0	A pop3 server is running on this port
TCP	995	pop3s	0	Here is the SSLv2 server certificate: Certificate: Data: Version: 3 (0x2) Serial Number: 647519 (0x9e15f) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority Validity Not Before: Sep 23 23:08:37 2008 GMT Not After : Oct 24 23:08:37 2009 GMT Subject: O=Sample Inc., CN=mmm1129.169.254.30.245.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (768 bit) Modulus (768 bit): 00:ab:60:74:af:b4:b1:e7:89:35:39:dd:0b:ff :ff: e9:9b:54:95:c1:07:8c:78:12:3a:d8:27:3e:2e :cb: 7c:24:1d:83:20:4f:aa:51:bf:eb:69:d8:fa:22 :13: 0a:2d:7c:21:11:43:32:4c:68:5c:8f:5a:c5:2a :cd: 8a:e6:32:96:4c:a1:6d:4f:19:cf:44:bc:07:4b :56: 5a:ed:12:fc:c2:de:92:0e:c1:00:7f:5a:67:3e :f9: 74:00:cb:dd:39:3b:8b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment X509v3 Subject Key Identifier: 5B:76:28:89:22:EB:F1:3F:2C:BD:1B:38:03:81 :71:AB:C3:93:B1:6F X509v3 CRL Distribution Points: URI:http://crl.geotrust.com/crls/securec a.crl X509v3 Authority Key Identifier: keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23 :20:10:4F:33:98:90:9F:D4 X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha1WithRSAEncryption 15:fb:d2:8f:9f:88:d0:d8:4b:18:4f:21:cb:38 :48:e2:d6:c6: c5:51:4d:c6:27:e4:0f:30:c2:7c:e1:5e:a7:91 :23:5c:af:b7: 4f:e0:21:f0:a9:ce:84:00:be:e8:f4:f1:93:5d :c8:c7:cd:24: 7d:a5:1c:0b:75:35:bf:e5:58:05:9f:b1:5a:1d :8c:68:fe:c3: 6c:8d:fe:f2:73:9b:55:f4:23:75:94:74:e8:f6 :74:90:c1:11: f9:1a:c7:b5:bf:33:ad:02:a3:65:71:38:58:96 :3b:98:52:48: ad:df:48:dd:82:fc:50:1f:1f:e3:b7:d1:b4:09 :47:35:3a:b1: e1:35 This SSLv2 server also accepts SSLv3 connections. This SSLv2 server also accepts TLSv1 connections. [More] [Hide]
TCP	995	pop3s	0	A SSLv2 server answered on this port
TCP	995	pop3s	0	Synopsis : A POP server is listening on the remote port. Description : The remote host is running a server that understands the Post Office Protocol (POP), used by email clients to retrieve messages from a server, possibly across a network link. See also : http://en.wikipedia.org/wiki/Post_Office _Protocol Solution: Disable this service if you do not use it. Risk Factor: None
TCP	995	pop3s	0	Synopsis : The remote service encrypts communications using SSL. Description : This script detects which SSL ciphers are supported by the remote service for encrypting communications. See also : http://www.openssl.org/docs/apps/ciphers .html Risk Factor: None Plugin output : Here is the list of SSL ciphers supported by the remote server : Low Strength Ciphers (< 56-bit key) SSLv2 EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export SSLv3 EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export TLSv1 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export Medium Strength Ciphers (>= 56-bit and < 112-bit key) TLSv1 EXP1024-DES-CBC-SHA Kx=RSA(1024) Au=RSA Enc=DES(56) Mac=SHA1 export EXP1024-RC2-CBC-MD5 Kx=RSA(1024) Au=RSA Enc=RC2(56) Mac=MD5 export EXP1024-RC4-MD5 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=MD5 export EXP1024-RC4-SHA Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export High Strength Ciphers (>= 112-bit key) SSLv2 DES-CBC3-MD5 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 RC2-CBC-MD5 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 SSLv3 ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES(168) Mac=SHA1 ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5 EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 TLSv1 EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES(168) Mac=SHA1 ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag} [More] [Hide]

For a list of all vulnerabilities in our knowledge base on this test date click here.

CONFIDENTIAL AND PROPRIETARY INFORMATION
SECURITYMETRICS PROVIDES THIS INFORMATION "AS IS" WITHOUT ANY WARRANTY OF ANY KIND. SECURITYMETRICS MAKES NO WARRANTY THAT THESE SERVICES WILL DETECT EVERY VULNERABILITY ON YOUR COMPUTER, OR THAT THE SUGGESTED SOLUTIONS AND ADVICE PROVIDED IN THIS REPORT, TOGETHER WITH THE RESULTS OF THE VULNERABILITY ASSESSMENT, WILL BE ERROR-FREE OR COMPLETE. SECURITYMETRICS SHALL NOT BE RESPONSIBLE OR LIABLE FOR THE ACCURACY, USEFULNESS, OR AVAILABILITY OF ANY INFORMATION TRANSMITTED VIA THE SECURITYMETRICS SERVICE, AND SHALL NOT BE RESPONSIBLE OR LIABLE FOR ANY USE OR APPLICATION OF THE INFORMATION CONTAINED IN THIS REPORT. DISSEMINATION, DISTRIBUTION, COPYING OR USE OF THIS DOCUMENT IN WHOLE OR IN PART BY A SECURITYMETRICS COMPETITOR OR THEIR AGENTS IS STRICTLY PROHIBITED.