| Security Issues and Fixes: hermes4.pucp.edu.pe |
| Type |
Port |
Issue and Fix |
| Informational |
ssh (22/tcp) |
An ssh server is running on this port
Nessus ID : 10330 |
| Informational |
ssh (22/tcp) |
Synopsis :
An SSH server is running on the remote host.
Description :
This plugin determines the versions of the SSH protocol supported by
the remote SSH daemon.
Risk factor :
None
Plugin output :
The remote SSH daemon supports the following versions of the
SSH protocol :
. 1.99
. 2.0
SSHv2 host key fingerprint : f2:01:2a:fb:d0:df:09:ea:50:8b:df:11:27:78:73:c0
Nessus ID : 10881 |
| Informational |
ssh (22/tcp) |
Synopsis :
An SSH server is listening on this port.
Description :
It is possible to obtain information about the remote SSH
server by sending an empty authentication request.
Risk factor :
None
Plugin output :
SSH version : SSH-2.0-OpenSSH_4.3
SSH supported authentication : publickey,gssapi-with-mic,password
Nessus ID : 10267 |
| Informational |
ntp (123/udp) |
Synopsis :
An NTP server is listening on the remote host.
Description :
An NTP (Network Time Protocol) server is listening on this port.
It provides information about the current date and time of the
remote system and may provide system information.
Risk factor :
None
Nessus ID : 10884 |
| Informational |
ha-cluster (694/udp) |
Synopsis :
An ONC RPC service is running on the remote host.
Description :
By sending a DUMP request to the portmapper it was possible to
enumerate the ONC RPC services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port.
Risk factor :
None
Plugin output :
The following RPC services are available on UDP port 694 :
- program: 100024 (status), version: 1
Nessus ID : 11111 |
| Informational |
sunrpc (111/udp) |
Synopsis :
An ONC RPC service is running on the remote host.
Description :
By sending a DUMP request to the portmapper it was possible to
enumerate the ONC RPC services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port.
Risk factor :
None
Plugin output :
The following RPC services are available on UDP port 111 :
- program: 100000 (portmapper), version: 2
Nessus ID : 11111 |
| Informational |
general/udp |
For your information, here is the traceroute from 200.16.1.240 to 200.16.5.219 :
200.16.1.240
200.16.1.225
200.16.5.219
Nessus ID : 10287 |
| Informational |
general/tcp |
Synopsis :
The remote service implements TCP timestamps.
Description :
The remote host implements TCP timestamps, as defined by RFC1323.
A side effect of this feature is that the uptime of the remote
host can sometimes be computed.
See also :
http://www.ietf.org/rfc/rfc1323.txt
Risk factor :
None
Nessus ID : 25220 |
| Informational |
general/tcp |
Information about this scan :
Nessus version : 3.0.6 (Nessus 3.2.1 is available - consider upgrading)
Plugin feed version : 200807241934
Type of plugin feed : Registered (7 days delay)
This scanner is using the Registered Feed which is going to be
discontinued on July 31st.
Please read http://www.nessus.org/products/directfeed/change.php
Scanner IP : 200.16.1.240
Port scanner(s) : nessus_tcp_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
Max hosts : 20
Max checks : 4
Recv timeout : 5
Scan Start Date : 2008/7/25 12:48
Scan duration : 70 sec
Nessus ID : 19506 |
| Informational |
general/tcp |
Remote operating system : Linux Kernel 2.6
Confidence Level : 65
Method : SinFP
The remote host is running Linux Kernel 2.6
Nessus ID : 11936 |
| Informational |
general/tcp |
200.16.5.219 resolves as hermes4.pucp.edu.pe.
Nessus ID : 12053 |
| Informational |
general/icmp |
Synopsis :
It is possible to determine the exact time set on the remote host.
Description :
The remote host answers to an ICMP timestamp request. This allows an
attacker to know the date which is set on your machine.
This may help him to defeat all your time based authentication
protocols.
Solution :
Filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor :
None
Plugin output :
The remote clock is synchronized with the local clock.
CVE : CVE-1999-0524
Nessus ID : 10114 |
| Vulnerability |
http (80/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple flaws.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2.6. Such versions may be affected by the
following issues :
- A stack buffer overflow in FastCGI SAPI.
- An integer overflow in printf().
- An security issue arising from improper calculation
of the length of PATH_TRANSLATED in cgi_main.c.
- A safe_mode bypass in cURL.
- Incomplete handling of multibyte chars inside
escapeshellcmd().
- Issues in the bundled PCRE fixed by version 7.6.
See also :
http://archives.neohapsis.com/archives/bugtraq/2008-03/0321.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0107.html
http://www.php.net/releases/5_2_6.php
Solution :
Upgrade to PHP version 5.2.6 or later.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Plugin output :
PHP version PHP/5.1.6 appears to be running on the remote host
based on the following Server response header :
Server: Apache
CVE : CVE-2007-4850, CVE-2008-0599, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051
BID : 27413, 28392, 29009
Other references : OSVDB:43219, Secunia:30048
Nessus ID : 32123 |
| Vulnerability |
http (80/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple buffer overflows.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2. Such versions may be affected by several
buffer overflows.
To exploit these issues, an attacker would need the ability to upload
an arbitrary PHP script on the remote server, or to be able to
manipulate several variables processed by some PHP functions such as
htmlentities().
See also :
http://www.php.net/releases/5_2_0.php
Solution :
Upgrade to PHP version 5.2.0 or later.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2006-5465
BID : 20879
Other references : OSVDB:30178, OSVDB:30179
Nessus ID : 31649 |
| Vulnerability |
http (80/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple flaws.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2.1. Such versions may be affected by several
issues, including buffer overflows, format string vulnerabilities,
arbitrary code execution, 'safe_mode' and 'open_basedir' bypasses, and
clobbering of super-globals.
See also :
http://www.php.net/releases/5_2_1.php
Solution :
Upgrade to PHP version 5.2.1 or later.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2006-6383, CVE-2007-0905, CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-1376, CVE-2007-1380, CVE-2007-1453, CVE-2007-1700, CVE-2007-1701, CVE-2007-1824, CVE-2007-1825, CVE-2007-1884, CVE-2007-1885, CVE-2007-1886, CVE-2007-1887, CVE-2007-1890
BID : 21508, 22496, 22805, 22806, 22862, 22922, 23119, 23120, 23219, 23233, 23234, 23235, 23236, 23237, 23238
Other references : OSVDB:32776, OSVDB:32781, OSVDB:33955, OSVDB:34767
Nessus ID : 24907 |
| Vulnerability |
http (80/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple flaws.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2.4. Such versions may be affected by various
issues, including but not limited to several overflows.
See also :
http://www.php.net/releases/5_2_4.php
Solution :
Upgrade to PHP version 5.2.4 or later.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2007-2872, CVE-2007-3378, CVE-2007-3806
BID : 24661, 24261, 24922, 25498
Nessus ID : 25971 |
| Vulnerability |
http (80/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple flaws.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2.5. Such versions may be affected by various
issues, including but not limited to several buffer overflows.
See also :
http://www.php.net/releases/5_2_5.php
Solution :
Upgrade to PHP version 5.2.5 or later.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2007-4887, CVE-2007-5898, CVE-2007-5900
BID : 26403
Other references : OSVDB:38680, OSVDB:38681, OSVDB:38682, OSVDB:38683, OSVDB:38684, OSVDB:38685
Nessus ID : 28181 |
| Warning |
http (80/tcp) |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple flaws.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2.3. Such versions may be affected by several
issues, including an integer overflow, 'safe_mode' and 'open_basedir'
bypass, and a denial of service vulnerability.
See also :
http://www.php.net/releases/5_2_3.php
Solution :
Upgrade to PHP version 5.2.3 or later.
Risk factor :
Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE : CVE-2007-1900, CVE-2007-2756, CVE-2007-2872, CVE-2007-3007
BID : 23359, 24089, 24259, 24261
Other references : OSVDB:33962, OSVDB:35788, OSVDB:36083, OSVDB:36084, OSVDB:36643
Nessus ID : 25368 |
| Informational |
http (80/tcp) |
A web server is running on this port
Nessus ID : 10330 |
| Informational |
http (80/tcp) |
Synopsis :
Some information about the remote HTTP configuration can be extracted.
Description :
This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem
Solution :
None.
Risk factor :
None
Plugin output :
Protocol version : HTTP/1.1
SSL : no
Pipelining : no
Keep-Alive : no
Options allowed : GET,HEAD,POST,OPTIONS,TRACE
Headers :
Date: Fri, 25 Jul 2008 17:49:10 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Content-Length: 68
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Nessus ID : 24260 |
| Informational |
http (80/tcp) |
Synopsis :
A web server is running on the remote host.
Description :
This plugin attempts to determine the type and the version of
the remote web server.
Risk factor :
None
Plugin output :
The remote web server type is :
Apache
and the 'ServerTokens' directive is ProductOnly
Apache does not offer a way to hide the server type.
Nessus ID : 10107 |
| Informational |
http (80/tcp) |
The following CGI have been discovered :
Syntax : cginame (arguments [default value])
/manual/style/ (C=M;O [A] C=N;O [D] C=S;O [A] C=D;O [A] )
/manual/images/ (C=M;O [A] C=N;O [D] C=S;O [A] C=D;O [A] )
/idea/ (lin_proy_tambo.htm [] pub_electro.htm [] contacto.htm [] e...)
/manual/style/css/ (C=M;O [A] C=N;O [D] C=S;O [A] C=D;O [A] )
Directory index found at /manual/style/css/
Directory index found at /manual/style/
Directory index found at /manual/images/
Nessus ID : 10662 |
| Informational |
http (80/tcp) |
Synopsis :
It is possible to enumerate web directories.
Description :
This plugin attempts to determine the presence of various
common dirs on the remote web server.
Risk factor :
None
Plugin output :
The following directories were discovered:
/webstats, /error, /icons, /idea, /img, /manual
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
Other references : OWASP:OWASP-CM-006
Nessus ID : 11032 |
| Informational |
sunrpc (111/tcp) |
Synopsis :
An ONC RPC portmapper is running on the remote host.
Description :
The RPC portmapper is running on this port.
The portmapper allows to get the port number of each RPC service
running on the remote host either by sending multiple lookup
requests or by sending a DUMP request.
Risk factor :
None
Nessus ID : 10223 |
| Informational |
sunrpc (111/tcp) |
Synopsis :
An ONC RPC service is running on the remote host.
Description :
By sending a DUMP request to the portmapper it was possible to
enumerate the ONC RPC services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port.
Risk factor :
None
Plugin output :
The following RPC services are available on TCP port 111 :
- program: 100000 (portmapper), version: 2
Nessus ID : 11111 |
| Informational |
uuidgen (697/tcp) |
Synopsis :
An ONC RPC service is running on the remote host.
Description :
By sending a DUMP request to the portmapper it was possible to
enumerate the ONC RPC services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port.
Risk factor :
None
Plugin output :
The following RPC services are available on TCP port 697 :
- program: 100024 (status), version: 1
Nessus ID : 11111 |
| Informational |
mysql (3306/tcp) |
A MySQL server seems to be running on this port but it
rejects connection from the Nessus scanner.
Nessus ID : 17975 |
| Informational |
mysql (3306/tcp) |
Synopsis :
A database server is listening on the remote port.
Description :
The remote host is running MySQL, an open-source database server. The
remote database access is restricted and configured to reject access
from not allowed IPs. Therefore it was not possible to extract its
version number.
Risk factor :
None
Nessus ID : 10719 |
