The blog from kevanpng

Scan on December 20 2017, 04:01 AM UTC

Resolved
ID: CVE-2004-2320, CVE-2003-1567
Family/Group: Web application abuses
Description: http TRACE XSS attack|Debugging functions are enabled on the remote HTTP server.

The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.

It has been shown that servers supporting this method are subject to
cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when
used in conjunction with various weaknesses in browsers.

An attacker may use this flaw to trick your legitimate web users to give
him their credentials.|Disable these methods.|Solution:
Add the following lines for each virtual host in your configuration file :

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Port / Type: 80 / tcp
Severity: medium

Resolved
ID: CVE-2004-2320, CVE-2003-1567
Family/Group: Web application abuses
Description: http TRACE XSS attack|Debugging functions are enabled on the remote HTTP server.

The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.

It has been shown that servers supporting this method are subject to
cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when
used in conjunction with various weaknesses in browsers.

An attacker may use this flaw to trick your legitimate web users to give
him their credentials.|Disable these methods.|Solution:
Add the following lines for each virtual host in your configuration file :

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Certificate Expired|The remote server's SSL/TLS certificate has already expired.|Replace the SSL/TLS certificate by a new one.|The certificate of the remote service expired on 2016-04-27 20:29:21.

Certificate details:
subject ...: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
subject alternative names (SAN):
None
issued by .: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
serial ....: 6673
valid from : 2015-04-28 20:29:21 UTC
valid until: 2016-04-27 20:29:21 UTC
fingerprint (SHA-1): B29708DA23C79BA6C8570AC1009BD3CD7BA1D547
fingerprint (SHA-256): 92B77107335E5755BE42AF9F0F0DACE0BCDD57112280E9121FFF66E4AFBDF24E

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: CVE-2016-2183, CVE-2016-6329
Family/Group: SSL and TLS
Description: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS|This routine reports all SSL/TLS cipher suites accepted by a service
where attack vectors exists only on HTTPS services.|The configuration of this services should be changed so
that it does not accept the listed cipher suites anymore.

Please see the references for more resources supporting you with this task.|'Vulnerable' cipher suites accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: CVE-2003-1418
Family/Group: Web application abuses
Description: Apache Web Server ETag Header Information Disclosure Weakness|A weakness has been discovered in Apache web servers that are
configured to use the FileETag directive.|OpenBSD has released a patch that addresses this issue. Inode numbers
returned from the server are now encoded using a private hash to avoid
the release of sensitive information.

Novell has released TID10090670 to advise users to apply the available
workaround of disabling the directive in the configuration file for
Apache releases on NetWare. Please see the attached Technical
Information Document for further details.|Information that was gathered:
Inode: 628
Size: 129

Port / Type: 80 / tcp
Severity: medium

Resolved
ID: CVE-2013-2566, CVE-2015-2808, CVE-2015-4000
Family/Group: SSL and TLS
Description: SSL/TLS: Report Weak Cipher Suites|This routine reports all Weak SSL/TLS cipher suites accepted by a service.

NOTE: No severity for SMTP services with 'Opportunistic TLS' and weak cipher suites on port 25/tcp is reported.
If too strong cipher suites are configured for this service the alternative would be to fall back to an even more insecure
cleartext communication.|The configuration of this services should be changed so
that it does not accept the listed weak cipher suites anymore.

Please see the references for more resources supporting you with this task.|'Weak' cipher suites accepted by this service via the SSLv3 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: CVE-2016-0800, CVE-2014-3566
Family/Group: SSL and TLS
Description: SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection|It was possible to detect the usage of the
deprecated SSLv2 and/or SSLv3 protocol on this system.|It is recommended to disable the deprecated
SSLv2 and/or SSLv3 protocols in favor of the TLSv1+ protocols. Please see the
references for more information.|In addition to TLSv1.0+ the service is also providing the deprecated SSLv3 protocol and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Weak and Supported Ciphers' (OID: 1.3.6.1.4.1.25623.1.0.802067) NVT.
Port / Type: 443 / tcp
Severity: medium

Resolved
ID: CVE-2014-3566
Family/Group: SSL and TLS
Description: SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE)|This host is prone to an information disclosure vulnerability.|Possible Mitigations are:
- Disable SSLv3
- Disable cipher suites supporting CBC cipher modes
- Enable TLS_FALLBACK_SCSV if the service is providing TLSv1.0+|None
Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Certificate Signed Using A Weak Signature Algorithm|The remote service is using a SSL/TLS certificate chain that has been signed using a cryptographically weak hashing algorithm.|Servers that use SSL/TLS certificates signed using an SHA-1 signature will need to obtain new SHA-2 signed SSL/TLS certificates to avoid these
web browser SSL/TLS certificate warnings.|The following certificates are part of the certificate chain but using insecure signature algorithms:

Subject: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
Signature Algorithm: sha1WithRSAEncryption

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability|The SSL/TLS service uses Diffie-Hellman groups with insufficient strength
(key size < 2048).|Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use
a 2048-bit or stronger Diffie-Hellman group. (see https://weakdh.org/sysadmin.html).

For Apache Web Servers:
Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than 1024 bits.|Server Temporary Key Size: 1024 bits
Port / Type: 443 / tcp
Severity: medium

Scan on December 20 2017, 03:57 AM UTC

Resolved
ID: NOCVE
Family/Group: Product detection
Description: Apache Web Server Version Detection|Detection of installed version of Apache Web Server

The script detects the version of Apache HTTP Server on remote host and sets the KB.|None|Detected Apache

Version: 2.2.15
Location: 443/tcp
CPE: cpe:/a:apache:http_server:2.2.15

Concluded from version/product identification result:

Apache/2.2.15 (CentOS) Server at crackme.cenzic.com Port 443

Concluded from version/product identification location:
https://crackme.cenzic.com/non-existent.html

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: CVE-2004-2320, CVE-2003-1567
Family/Group: Web application abuses
Description: http TRACE XSS attack|Debugging functions are enabled on the remote HTTP server.

The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.

It has been shown that servers supporting this method are subject to
cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when
used in conjunction with various weaknesses in browsers.

An attacker may use this flaw to trick your legitimate web users to give
him their credentials.|Disable these methods.|Solution:
Add the following lines for each virtual host in your configuration file :

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Port / Type: 80 / tcp
Severity: medium

Resolved
ID: CVE-2004-2320, CVE-2003-1567
Family/Group: Web application abuses
Description: http TRACE XSS attack|Debugging functions are enabled on the remote HTTP server.

The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.

It has been shown that servers supporting this method are subject to
cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when
used in conjunction with various weaknesses in browsers.

An attacker may use this flaw to trick your legitimate web users to give
him their credentials.|Disable these methods.|Solution:
Add the following lines for each virtual host in your configuration file :

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Certificate Expired|The remote server's SSL/TLS certificate has already expired.|Replace the SSL/TLS certificate by a new one.|The certificate of the remote service expired on 2016-04-27 20:29:21.

Certificate details:
subject ...: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
subject alternative names (SAN):
None
issued by .: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
serial ....: 6673
valid from : 2015-04-28 20:29:21 UTC
valid until: 2016-04-27 20:29:21 UTC
fingerprint (SHA-1): B29708DA23C79BA6C8570AC1009BD3CD7BA1D547
fingerprint (SHA-256): 92B77107335E5755BE42AF9F0F0DACE0BCDD57112280E9121FFF66E4AFBDF24E

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Report Medium Cipher Suites|This routine reports all Medium SSL/TLS cipher suites accepted by a service.|None|'Medium' cipher suites accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Medium' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Medium' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Medium' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: CVE-2016-2183, CVE-2016-6329
Family/Group: SSL and TLS
Description: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS|This routine reports all SSL/TLS cipher suites accepted by a service
where attack vectors exists only on HTTPS services.|The configuration of this services should be changed so
that it does not accept the listed cipher suites anymore.

Please see the references for more resources supporting you with this task.|'Vulnerable' cipher suites accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: Service detection
Description: Services|This routine attempts to guess which service is running on the
remote ports. For instance, it searches for a web server which could listen on another port than
80 or 443 and makes this information available for other check routines.|None|A TLScustom server answered on this port
Port / Type: 443 / tcp
Severity: informational

Resolved
ID: CVE-2003-1418
Family/Group: Web application abuses
Description: Apache Web Server ETag Header Information Disclosure Weakness|A weakness has been discovered in Apache web servers that are
configured to use the FileETag directive.|OpenBSD has released a patch that addresses this issue. Inode numbers
returned from the server are now encoded using a private hash to avoid
the release of sensitive information.

Novell has released TID10090670 to advise users to apply the available
workaround of disabling the directive in the configuration file for
Apache releases on NetWare. Please see the attached Technical
Information Document for further details.|Information that was gathered:
Inode: 628
Size: 129

Port / Type: 80 / tcp
Severity: medium

Resolved
ID: CVE-2013-2566, CVE-2015-2808, CVE-2015-4000
Family/Group: SSL and TLS
Description: SSL/TLS: Report Weak Cipher Suites|This routine reports all Weak SSL/TLS cipher suites accepted by a service.

NOTE: No severity for SMTP services with 'Opportunistic TLS' and weak cipher suites on port 25/tcp is reported.
If too strong cipher suites are configured for this service the alternative would be to fall back to an even more insecure
cleartext communication.|The configuration of this services should be changed so
that it does not accept the listed weak cipher suites anymore.

Please see the references for more resources supporting you with this task.|'Weak' cipher suites accepted by this service via the SSLv3 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: CVE-2016-0800, CVE-2014-3566
Family/Group: SSL and TLS
Description: SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection|It was possible to detect the usage of the
deprecated SSLv2 and/or SSLv3 protocol on this system.|It is recommended to disable the deprecated
SSLv2 and/or SSLv3 protocols in favor of the TLSv1+ protocols. Please see the
references for more information.|In addition to TLSv1.0+ the service is also providing the deprecated SSLv3 protocol and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Weak and Supported Ciphers' (OID: 1.3.6.1.4.1.25623.1.0.802067) NVT.
Port / Type: 443 / tcp
Severity: medium

Resolved
ID: CVE-2014-3566
Family/Group: SSL and TLS
Description: SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE)|This host is prone to an information disclosure vulnerability.|Possible Mitigations are:
- Disable SSLv3
- Disable cipher suites supporting CBC cipher modes
- Enable TLS_FALLBACK_SCSV if the service is providing TLSv1.0+|None
Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Certificate Signed Using A Weak Signature Algorithm|The remote service is using a SSL/TLS certificate chain that has been signed using a cryptographically weak hashing algorithm.|Servers that use SSL/TLS certificates signed using an SHA-1 signature will need to obtain new SHA-2 signed SSL/TLS certificates to avoid these
web browser SSL/TLS certificate warnings.|The following certificates are part of the certificate chain but using insecure signature algorithms:

Subject: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
Signature Algorithm: sha1WithRSAEncryption

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability|The SSL/TLS service uses Diffie-Hellman groups with insufficient strength
(key size < 2048).|Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use
a 2048-bit or stronger Diffie-Hellman group. (see https://weakdh.org/sysadmin.html).

For Apache Web Servers:
Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than 1024 bits.|Server Temporary Key Size: 1024 bits
Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: General
Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps |It was detected that the host implements RFC1323.

The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 530863946
Packet 2: 530865270

Port / Type: None / tcp
Severity: low

Resolved
ID: CVE-1999-0524
Family/Group: Service detection
Description: ICMP Timestamp Detection|The remote host responded to an ICMP timestamp request. The Timestamp Reply is
an ICMP message which replies to a Timestamp message. It consists of the
originating timestamp sent by the sender of the Timestamp as well as a receive
timestamp and a transmit timestamp. This information could theoretically be used
to exploit weak time-based random number generators in other services.|None|None
Port / Type: None / icmp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Service detection
Description: OS Detection Consolidation and Reporting|This script consolidates the OS information detected by several NVTs and tries to find the best matching OS.

Furthermore it reports all previously collected information leading to this best matching OS. It also reports possible additional informations
which might help to improve the OS detection.

If any of this information is wrong or could be improved please consider to report these to [email protected].|None|Best matching OS:

OS: CentOS 6
Version: 6
CPE: cpe:/o:centos:centos:6
Found by NVT: 1.3.6.1.4.1.25623.1.0.111067 (HTTP OS Identification)
Concluded from HTTP Server banner on port 80/tcp: Server: Apache/2.2.15 (CentOS)
Setting key "Host/runs_unixoide" based on this information

Other OS detections (in order of reliability):

OS: Linux 2.6.32 - 3.10
CPE: cpe:/o:linux:linux_kernel:3
Found by NVT: 1.3.6.1.4.1.25623.1.0.108021 (Nmap OS Identification (NASL wrapper))
Concluded from Nmap TCP/IP fingerprinting:
OS details: Linux 2.6.32 - 3.10
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3

OS: Linux Kernel
CPE: cpe:/o:linux:kernel
Found by NVT: 1.3.6.1.4.1.25623.1.0.102002 (ICMP based OS Fingerprinting)
Concluded from ICMP based OS fingerprint:
(100% confidence)

Linux Kernel

Port / Type: None / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Hostname discovery from server certificate|It was possible to discover an additional hostname
of this server from its certificate Common or Subject Alt Name.|None|The following additional and resolvable hostnames were detected:

crackme.trustwave.com

Port / Type: None / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Service detection
Description: Services|This routine attempts to guess which service is running on the
remote ports. For instance, it searches for a web server which could listen on another port than
80 or 443 and makes this information available for other check routines.|None|A web server is running on this port through SSL
Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: General
Description: Traceroute|A traceroute from the scanning server to the target system was
conducted. This traceroute is provided primarily for informational
value only. In the vast majority of cases, it does not represent a
vulnerability. However, if the displayed traceroute contains any
private addresses that should not have been publicly visible, then you
have an issue you need to correct.|Block unwanted packets from escaping your network.|Here is the route from 139.59.253.117 to 204.13.201.47:

139.59.253.117
138.197.250.210
138.197.245.2
116.51.17.165
129.250.2.75
129.250.3.83
129.250.4.33
129.250.3.48
129.250.5.16
129.250.2.204
129.250.4.158
129.250.202.146
209.10.192.137
209.10.196.29
204.13.201.47

Port / Type: None / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Service detection
Description: CPE Inventory|This routine uses information collected by other routines about
CPE identities (http://cpe.mitre.org/) of operating systems, services and
applications detected during the scan.|None|204.13.201.47|cpe:/a:apache:http_server:2.2.15
204.13.201.47|cpe:/a:oracle:mysql
204.13.201.47|cpe:/o:centos:centos:6
Port / Type: None / CPE-T
Severity: informational

Resolved
ID: NOCVE
Family/Group: Web Servers
Description: HTTP Server type and version|This detects the HTTP Server's type and version.|Configure your server to use an alternate name like
'Wintendo httpD w/Dotmatrix display'
Be sure to remove common logos like apache_pb.gif.
With Apache, you can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.|The remote web server type is :

Apache/2.2.15 (CentOS)

Solution : You can set the directive "ServerTokens Prod" to limit
the information emanating from the server in its response headers.

Port / Type: 80 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Service detection
Description: Services|This routine attempts to guess which service is running on the
remote ports. For instance, it searches for a web server which could listen on another port than
80 or 443 and makes this information available for other check routines.|None|A web server is running on this port
Port / Type: 80 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Web application abuses
Description: CGI Scanning Consolidation|The script consolidates various information for CGI scanning.

This information is based on the following scripts / settings:
- HTTP-Version Detection (OID: 1.3.6.1.4.1.25623.1.0.100034)
- No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)
- Web mirroring / webmirror.nasl (OID: 1.3.6.1.4.1.25623.1.0.10662)
- Directory Scanner / DDI_Directory_Scanner.nasl (OID: 1.3.6.1.4.1.25623.1.0.11032)
- The configured 'cgi_path' within the 'Scanner Preferences' of the scan config in use
- The configured 'Enable CGI scanning' within the 'Global variable settings' of the scan config in use
If you think any of these are wrong please report [email protected]|None|Requests to this service are done via HTTP/1.1.

This service seems to be able to host PHP scripts.

This service seems to be NOT able to host ASP scripts.

The following directories were used for CGI scanning:

http://crackme.cenzic.com/
http://crackme.cenzic.com/cgi-bin
http://crackme.cenzic.com/scripts

While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards

Port / Type: 80 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Product detection
Description: Apache Web Server Version Detection|Detection of installed version of Apache Web Server

The script detects the version of Apache HTTP Server on remote host and sets the KB.|None|Detected Apache

Version: 2.2.15
Location: 80/tcp
CPE: cpe:/a:apache:http_server:2.2.15

Concluded from version/product identification result:
Server: Apache/2.2.15

Port / Type: 80 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: RPC
Description: RPC portmapper (TCP)|This script performs detection of RPC portmapper on TCP.|None|RPC portmapper is running on this port
Port / Type: 111 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: RPC
Description: Obtain list of all port mapper registered programs via RPC|This script calls the DUMP RPC on the port mapper, to obtain the
list of all registered programs.|None|These are the registered RPC programs:

RPC program #100000 version 4 'portmapper' (portmap sunrpc rpcbind) on port 111/TCP

RPC program #100000 version 3 'portmapper' (portmap sunrpc rpcbind) on port 111/TCP

RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) on port 111/TCP

RPC program #100000 version 4 'portmapper' (portmap sunrpc rpcbind) on port 111/UDP

RPC program #100000 version 3 'portmapper' (portmap sunrpc rpcbind) on port 111/UDP

RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) on port 111/UDP

Port / Type: 111 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Web Servers
Description: HTTP Server type and version|This detects the HTTP Server's type and version.|Configure your server to use an alternate name like
'Wintendo httpD w/Dotmatrix display'
Be sure to remove common logos like apache_pb.gif.
With Apache, you can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.|The remote web server type is :

Apache/2.2.15 (CentOS)

Solution : You can set the directive "ServerTokens Prod" to limit
the information emanating from the server in its response headers.

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Certificate - Self-Signed Certificate Detection|The SSL/TLS certificate on this port is self-signed.|None|The certificate of the remote service is self signed.

Certificate details:
subject ...: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
subject alternative names (SAN):
None
issued by .: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
serial ....: 6673
valid from : 2015-04-28 20:29:21 UTC
valid until: 2016-04-27 20:29:21 UTC
fingerprint (SHA-1): B29708DA23C79BA6C8570AC1009BD3CD7BA1D547
fingerprint (SHA-256): 92B77107335E5755BE42AF9F0F0DACE0BCDD57112280E9121FFF66E4AFBDF24E

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Certificate - Subject Common Name Does Not Match Server FQDN|The SSL/TLS certificate contains a common name (CN) that does not match the hostname.|None|The certificate of the remote service contains a common name (CN) that does not match the hostname "crackme.cenzic.com".

Certificate details:
subject ...: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
subject alternative names (SAN):
None
issued by .: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
serial ....: 6673
valid from : 2015-04-28 20:29:21 UTC
valid until: 2016-04-27 20:29:21 UTC
fingerprint (SHA-1): B29708DA23C79BA6C8570AC1009BD3CD7BA1D547
fingerprint (SHA-256): 92B77107335E5755BE42AF9F0F0DACE0BCDD57112280E9121FFF66E4AFBDF24E

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Report Non Weak Cipher Suites|This routine reports all Non Weak SSL/TLS cipher suites accepted by a service.|None|'Non Weak' cipher suites accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Non Weak' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Non Weak' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Non Weak' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Collect and Report Certificate Details|This script collects and reports the details of all SSL/TLS certificates.

This data will be used by other tests to verify server certificates.|None|The following certificate details of the remote service were collected.

Certificate details:
subject ...: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
subject alternative names (SAN):
None
issued by .: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
serial ....: 6673
valid from : 2015-04-28 20:29:21 UTC
valid until: 2016-04-27 20:29:21 UTC
fingerprint (SHA-1): B29708DA23C79BA6C8570AC1009BD3CD7BA1D547
fingerprint (SHA-256): 92B77107335E5755BE42AF9F0F0DACE0BCDD57112280E9121FFF66E4AFBDF24E

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Report Perfect Forward Secrecy (PFS) Cipher Suites|This routine reports all SSL/TLS cipher suites accepted by a service which are supporting Perfect Forward Secrecy (PFS).|None|Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA

Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA

Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA

Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Web application abuses
Description: CGI Scanning Consolidation|The script consolidates various information for CGI scanning.

This information is based on the following scripts / settings:
- HTTP-Version Detection (OID: 1.3.6.1.4.1.25623.1.0.100034)
- No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)
- Web mirroring / webmirror.nasl (OID: 1.3.6.1.4.1.25623.1.0.10662)
- Directory Scanner / DDI_Directory_Scanner.nasl (OID: 1.3.6.1.4.1.25623.1.0.11032)
- The configured 'cgi_path' within the 'Scanner Preferences' of the scan config in use
- The configured 'Enable CGI scanning' within the 'Global variable settings' of the scan config in use
If you think any of these are wrong please report [email protected]|None|Requests to this service are done via HTTP/1.1.

This service seems to be able to host PHP scripts.

This service seems to be NOT able to host ASP scripts.

The following directories were used for CGI scanning:

https://crackme.cenzic.com/
https://crackme.cenzic.com/cgi-bin
https://crackme.cenzic.com/scripts

While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Report Supported Cipher Suites|This routine reports all SSL/TLS cipher suites accepted by a service.

As the NVT 'SSL/TLS: Check Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.900234) might run into a
timeout the actual reporting of all accepted cipher suites takes place in this NVT instead. The script preference 'Report timeout'
allows you to configure if such an timeout is reported.|None|'Strong' cipher suites accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

'Medium' cipher suites accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Weak' cipher suites accepted by this service via the SSLv3 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

No 'Null' cipher suites accepted by this service via the SSLv3 protocol.

No 'Anonymous' cipher suites accepted by this service via the SSLv3 protocol.

'Strong' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

'Medium' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

No 'Null' cipher suites accepted by this service via the TLSv1.0 protocol.

No 'Anonymous' cipher suites accepted by this service via the TLSv1.0 protocol.

'Strong' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

'Medium' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

No 'Null' cipher suites accepted by this service via the TLSv1.1 protocol.

No 'Anonymous' cipher suites accepted by this service via the TLSv1.1 protocol.

'Strong' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

'Medium' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

No 'Null' cipher suites accepted by this service via the TLSv1.2 protocol.

No 'Anonymous' cipher suites accepted by this service via the TLSv1.2 protocol.

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Product detection
Description: MySQL/MariaDB Detection|Detection of installed version of
MySQL/MariaDB.

Detect a running MySQL/MariaDB by getting the banner, Extract the version
from the banner and store the information in KB|None|Detected MySQL

Version: unknown
Location: 3306/tcp
CPE: cpe:/a:oracle:mysql

Concluded from version/product identification result:
unknown

Extra information:
Scanner received a ER_HOST_NOT_PRIVILEGED error from the remote MySQL server.
Some tests may fail. Allow the scanner to access the remote MySQL server for better results.

Port / Type: 3306 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Service detection
Description: Services|This routine attempts to guess which service is running on the
remote ports. For instance, it searches for a web server which could listen on another port than
80 or 443 and makes this information available for other check routines.|None|An unknown service is running on this port.
It is usually reserved for MySQL
Port / Type: 3306 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Service detection
Description: Identify unknown services with 'GET'|This plugin performs service detection.

This plugin is a complement of find_service.nasl. It sends a GET request
to the remaining unknown services and tries to identify them.|None|A MySQL server seems to be running on this port but it
rejects connection from the openvas scanner.
Port / Type: 3306 / tcp
Severity: informational

Scan on December 20 2017, 03:57 AM UTC

Resolved
ID: NOCVE
Family/Group: Product detection
Description: Apache Web Server Version Detection|Detection of installed version of Apache Web Server

The script detects the version of Apache HTTP Server on remote host and sets the KB.|None|Detected Apache

Version: 2.2.15
Location: 443/tcp
CPE: cpe:/a:apache:http_server:2.2.15

Concluded from version/product identification result:

Apache/2.2.15 (CentOS) Server at crackme.cenzic.com Port 443

Concluded from version/product identification location:
https://crackme.cenzic.com/non-existent.html

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: CVE-2004-2320, CVE-2003-1567
Family/Group: Web application abuses
Description: http TRACE XSS attack|Debugging functions are enabled on the remote HTTP server.

The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.

It has been shown that servers supporting this method are subject to
cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when
used in conjunction with various weaknesses in browsers.

An attacker may use this flaw to trick your legitimate web users to give
him their credentials.|Disable these methods.|Solution:
Add the following lines for each virtual host in your configuration file :

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Port / Type: 80 / tcp
Severity: medium

Resolved
ID: CVE-2004-2320, CVE-2003-1567
Family/Group: Web application abuses
Description: http TRACE XSS attack|Debugging functions are enabled on the remote HTTP server.

The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.

It has been shown that servers supporting this method are subject to
cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when
used in conjunction with various weaknesses in browsers.

An attacker may use this flaw to trick your legitimate web users to give
him their credentials.|Disable these methods.|Solution:
Add the following lines for each virtual host in your configuration file :

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Certificate Expired|The remote server's SSL/TLS certificate has already expired.|Replace the SSL/TLS certificate by a new one.|The certificate of the remote service expired on 2016-04-27 20:29:21.

Certificate details:
subject ...: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
subject alternative names (SAN):
None
issued by .: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
serial ....: 6673
valid from : 2015-04-28 20:29:21 UTC
valid until: 2016-04-27 20:29:21 UTC
fingerprint (SHA-1): B29708DA23C79BA6C8570AC1009BD3CD7BA1D547
fingerprint (SHA-256): 92B77107335E5755BE42AF9F0F0DACE0BCDD57112280E9121FFF66E4AFBDF24E

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Report Medium Cipher Suites|This routine reports all Medium SSL/TLS cipher suites accepted by a service.|None|'Medium' cipher suites accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Medium' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Medium' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Medium' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: CVE-2016-2183, CVE-2016-6329
Family/Group: SSL and TLS
Description: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS|This routine reports all SSL/TLS cipher suites accepted by a service
where attack vectors exists only on HTTPS services.|The configuration of this services should be changed so
that it does not accept the listed cipher suites anymore.

Please see the references for more resources supporting you with this task.|'Vulnerable' cipher suites accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: Service detection
Description: Services|This routine attempts to guess which service is running on the
remote ports. For instance, it searches for a web server which could listen on another port than
80 or 443 and makes this information available for other check routines.|None|A TLScustom server answered on this port
Port / Type: 443 / tcp
Severity: informational

Resolved
ID: CVE-2003-1418
Family/Group: Web application abuses
Description: Apache Web Server ETag Header Information Disclosure Weakness|A weakness has been discovered in Apache web servers that are
configured to use the FileETag directive.|OpenBSD has released a patch that addresses this issue. Inode numbers
returned from the server are now encoded using a private hash to avoid
the release of sensitive information.

Novell has released TID10090670 to advise users to apply the available
workaround of disabling the directive in the configuration file for
Apache releases on NetWare. Please see the attached Technical
Information Document for further details.|Information that was gathered:
Inode: 628
Size: 129

Port / Type: 80 / tcp
Severity: medium

Resolved
ID: CVE-2013-2566, CVE-2015-2808, CVE-2015-4000
Family/Group: SSL and TLS
Description: SSL/TLS: Report Weak Cipher Suites|This routine reports all Weak SSL/TLS cipher suites accepted by a service.

NOTE: No severity for SMTP services with 'Opportunistic TLS' and weak cipher suites on port 25/tcp is reported.
If too strong cipher suites are configured for this service the alternative would be to fall back to an even more insecure
cleartext communication.|The configuration of this services should be changed so
that it does not accept the listed weak cipher suites anymore.

Please see the references for more resources supporting you with this task.|'Weak' cipher suites accepted by this service via the SSLv3 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: CVE-2016-0800, CVE-2014-3566
Family/Group: SSL and TLS
Description: SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection|It was possible to detect the usage of the
deprecated SSLv2 and/or SSLv3 protocol on this system.|It is recommended to disable the deprecated
SSLv2 and/or SSLv3 protocols in favor of the TLSv1+ protocols. Please see the
references for more information.|In addition to TLSv1.0+ the service is also providing the deprecated SSLv3 protocol and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Weak and Supported Ciphers' (OID: 1.3.6.1.4.1.25623.1.0.802067) NVT.
Port / Type: 443 / tcp
Severity: medium

Resolved
ID: CVE-2014-3566
Family/Group: SSL and TLS
Description: SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE)|This host is prone to an information disclosure vulnerability.|Possible Mitigations are:
- Disable SSLv3
- Disable cipher suites supporting CBC cipher modes
- Enable TLS_FALLBACK_SCSV if the service is providing TLSv1.0+|None
Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Certificate Signed Using A Weak Signature Algorithm|The remote service is using a SSL/TLS certificate chain that has been signed using a cryptographically weak hashing algorithm.|Servers that use SSL/TLS certificates signed using an SHA-1 signature will need to obtain new SHA-2 signed SSL/TLS certificates to avoid these
web browser SSL/TLS certificate warnings.|The following certificates are part of the certificate chain but using insecure signature algorithms:

Subject: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
Signature Algorithm: sha1WithRSAEncryption

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability|The SSL/TLS service uses Diffie-Hellman groups with insufficient strength
(key size < 2048).|Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use
a 2048-bit or stronger Diffie-Hellman group. (see https://weakdh.org/sysadmin.html).

For Apache Web Servers:
Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than 1024 bits.|Server Temporary Key Size: 1024 bits
Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: General
Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps |It was detected that the host implements RFC1323.

The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 530863946
Packet 2: 530865270

Port / Type: None / tcp
Severity: low

Resolved
ID: CVE-1999-0524
Family/Group: Service detection
Description: ICMP Timestamp Detection|The remote host responded to an ICMP timestamp request. The Timestamp Reply is
an ICMP message which replies to a Timestamp message. It consists of the
originating timestamp sent by the sender of the Timestamp as well as a receive
timestamp and a transmit timestamp. This information could theoretically be used
to exploit weak time-based random number generators in other services.|None|None
Port / Type: None / icmp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Service detection
Description: OS Detection Consolidation and Reporting|This script consolidates the OS information detected by several NVTs and tries to find the best matching OS.

Furthermore it reports all previously collected information leading to this best matching OS. It also reports possible additional informations
which might help to improve the OS detection.

If any of this information is wrong or could be improved please consider to report these to [email protected].|None|Best matching OS:

OS: CentOS 6
Version: 6
CPE: cpe:/o:centos:centos:6
Found by NVT: 1.3.6.1.4.1.25623.1.0.111067 (HTTP OS Identification)
Concluded from HTTP Server banner on port 80/tcp: Server: Apache/2.2.15 (CentOS)
Setting key "Host/runs_unixoide" based on this information

Other OS detections (in order of reliability):

OS: Linux 2.6.32 - 3.10
CPE: cpe:/o:linux:linux_kernel:3
Found by NVT: 1.3.6.1.4.1.25623.1.0.108021 (Nmap OS Identification (NASL wrapper))
Concluded from Nmap TCP/IP fingerprinting:
OS details: Linux 2.6.32 - 3.10
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3

OS: Linux Kernel
CPE: cpe:/o:linux:kernel
Found by NVT: 1.3.6.1.4.1.25623.1.0.102002 (ICMP based OS Fingerprinting)
Concluded from ICMP based OS fingerprint:
(100% confidence)

Linux Kernel

Port / Type: None / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Hostname discovery from server certificate|It was possible to discover an additional hostname
of this server from its certificate Common or Subject Alt Name.|None|The following additional and resolvable hostnames were detected:

crackme.trustwave.com

Port / Type: None / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Service detection
Description: Services|This routine attempts to guess which service is running on the
remote ports. For instance, it searches for a web server which could listen on another port than
80 or 443 and makes this information available for other check routines.|None|A web server is running on this port through SSL
Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: General
Description: Traceroute|A traceroute from the scanning server to the target system was
conducted. This traceroute is provided primarily for informational
value only. In the vast majority of cases, it does not represent a
vulnerability. However, if the displayed traceroute contains any
private addresses that should not have been publicly visible, then you
have an issue you need to correct.|Block unwanted packets from escaping your network.|Here is the route from 139.59.253.117 to 204.13.201.47:

139.59.253.117
138.197.250.210
138.197.245.2
116.51.17.165
129.250.2.75
129.250.3.83
129.250.4.33
129.250.3.48
129.250.5.16
129.250.2.204
129.250.4.158
129.250.202.146
209.10.192.137
209.10.196.29
204.13.201.47

Port / Type: None / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Service detection
Description: CPE Inventory|This routine uses information collected by other routines about
CPE identities (http://cpe.mitre.org/) of operating systems, services and
applications detected during the scan.|None|204.13.201.47|cpe:/a:apache:http_server:2.2.15
204.13.201.47|cpe:/a:oracle:mysql
204.13.201.47|cpe:/o:centos:centos:6
Port / Type: None / CPE-T
Severity: informational

Resolved
ID: NOCVE
Family/Group: Web Servers
Description: HTTP Server type and version|This detects the HTTP Server's type and version.|Configure your server to use an alternate name like
'Wintendo httpD w/Dotmatrix display'
Be sure to remove common logos like apache_pb.gif.
With Apache, you can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.|The remote web server type is :

Apache/2.2.15 (CentOS)

Solution : You can set the directive "ServerTokens Prod" to limit
the information emanating from the server in its response headers.

Port / Type: 80 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Service detection
Description: Services|This routine attempts to guess which service is running on the
remote ports. For instance, it searches for a web server which could listen on another port than
80 or 443 and makes this information available for other check routines.|None|A web server is running on this port
Port / Type: 80 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Web application abuses
Description: CGI Scanning Consolidation|The script consolidates various information for CGI scanning.

This information is based on the following scripts / settings:
- HTTP-Version Detection (OID: 1.3.6.1.4.1.25623.1.0.100034)
- No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)
- Web mirroring / webmirror.nasl (OID: 1.3.6.1.4.1.25623.1.0.10662)
- Directory Scanner / DDI_Directory_Scanner.nasl (OID: 1.3.6.1.4.1.25623.1.0.11032)
- The configured 'cgi_path' within the 'Scanner Preferences' of the scan config in use
- The configured 'Enable CGI scanning' within the 'Global variable settings' of the scan config in use
If you think any of these are wrong please report [email protected]|None|Requests to this service are done via HTTP/1.1.

This service seems to be able to host PHP scripts.

This service seems to be NOT able to host ASP scripts.

The following directories were used for CGI scanning:

http://crackme.cenzic.com/
http://crackme.cenzic.com/cgi-bin
http://crackme.cenzic.com/scripts

While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards

Port / Type: 80 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Product detection
Description: Apache Web Server Version Detection|Detection of installed version of Apache Web Server

The script detects the version of Apache HTTP Server on remote host and sets the KB.|None|Detected Apache

Version: 2.2.15
Location: 80/tcp
CPE: cpe:/a:apache:http_server:2.2.15

Concluded from version/product identification result:
Server: Apache/2.2.15

Port / Type: 80 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: RPC
Description: RPC portmapper (TCP)|This script performs detection of RPC portmapper on TCP.|None|RPC portmapper is running on this port
Port / Type: 111 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: RPC
Description: Obtain list of all port mapper registered programs via RPC|This script calls the DUMP RPC on the port mapper, to obtain the
list of all registered programs.|None|These are the registered RPC programs:

RPC program #100000 version 4 'portmapper' (portmap sunrpc rpcbind) on port 111/TCP

RPC program #100000 version 3 'portmapper' (portmap sunrpc rpcbind) on port 111/TCP

RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) on port 111/TCP

RPC program #100000 version 4 'portmapper' (portmap sunrpc rpcbind) on port 111/UDP

RPC program #100000 version 3 'portmapper' (portmap sunrpc rpcbind) on port 111/UDP

RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) on port 111/UDP

Port / Type: 111 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Web Servers
Description: HTTP Server type and version|This detects the HTTP Server's type and version.|Configure your server to use an alternate name like
'Wintendo httpD w/Dotmatrix display'
Be sure to remove common logos like apache_pb.gif.
With Apache, you can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.|The remote web server type is :

Apache/2.2.15 (CentOS)

Solution : You can set the directive "ServerTokens Prod" to limit
the information emanating from the server in its response headers.

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Certificate - Self-Signed Certificate Detection|The SSL/TLS certificate on this port is self-signed.|None|The certificate of the remote service is self signed.

Certificate details:
subject ...: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
subject alternative names (SAN):
None
issued by .: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
serial ....: 6673
valid from : 2015-04-28 20:29:21 UTC
valid until: 2016-04-27 20:29:21 UTC
fingerprint (SHA-1): B29708DA23C79BA6C8570AC1009BD3CD7BA1D547
fingerprint (SHA-256): 92B77107335E5755BE42AF9F0F0DACE0BCDD57112280E9121FFF66E4AFBDF24E

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Certificate - Subject Common Name Does Not Match Server FQDN|The SSL/TLS certificate contains a common name (CN) that does not match the hostname.|None|The certificate of the remote service contains a common name (CN) that does not match the hostname "crackme.cenzic.com".

Certificate details:
subject ...: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
subject alternative names (SAN):
None
issued by .: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
serial ....: 6673
valid from : 2015-04-28 20:29:21 UTC
valid until: 2016-04-27 20:29:21 UTC
fingerprint (SHA-1): B29708DA23C79BA6C8570AC1009BD3CD7BA1D547
fingerprint (SHA-256): 92B77107335E5755BE42AF9F0F0DACE0BCDD57112280E9121FFF66E4AFBDF24E

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Report Non Weak Cipher Suites|This routine reports all Non Weak SSL/TLS cipher suites accepted by a service.|None|'Non Weak' cipher suites accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Non Weak' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Non Weak' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Non Weak' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Collect and Report Certificate Details|This script collects and reports the details of all SSL/TLS certificates.

This data will be used by other tests to verify server certificates.|None|The following certificate details of the remote service were collected.

Certificate details:
subject ...: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
subject alternative names (SAN):
None
issued by .: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
serial ....: 6673
valid from : 2015-04-28 20:29:21 UTC
valid until: 2016-04-27 20:29:21 UTC
fingerprint (SHA-1): B29708DA23C79BA6C8570AC1009BD3CD7BA1D547
fingerprint (SHA-256): 92B77107335E5755BE42AF9F0F0DACE0BCDD57112280E9121FFF66E4AFBDF24E

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Report Perfect Forward Secrecy (PFS) Cipher Suites|This routine reports all SSL/TLS cipher suites accepted by a service which are supporting Perfect Forward Secrecy (PFS).|None|Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA

Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA

Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA

Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Web application abuses
Description: CGI Scanning Consolidation|The script consolidates various information for CGI scanning.

This information is based on the following scripts / settings:
- HTTP-Version Detection (OID: 1.3.6.1.4.1.25623.1.0.100034)
- No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)
- Web mirroring / webmirror.nasl (OID: 1.3.6.1.4.1.25623.1.0.10662)
- Directory Scanner / DDI_Directory_Scanner.nasl (OID: 1.3.6.1.4.1.25623.1.0.11032)
- The configured 'cgi_path' within the 'Scanner Preferences' of the scan config in use
- The configured 'Enable CGI scanning' within the 'Global variable settings' of the scan config in use
If you think any of these are wrong please report [email protected]|None|Requests to this service are done via HTTP/1.1.

This service seems to be able to host PHP scripts.

This service seems to be NOT able to host ASP scripts.

The following directories were used for CGI scanning:

https://crackme.cenzic.com/
https://crackme.cenzic.com/cgi-bin
https://crackme.cenzic.com/scripts

While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Report Supported Cipher Suites|This routine reports all SSL/TLS cipher suites accepted by a service.

As the NVT 'SSL/TLS: Check Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.900234) might run into a
timeout the actual reporting of all accepted cipher suites takes place in this NVT instead. The script preference 'Report timeout'
allows you to configure if such an timeout is reported.|None|'Strong' cipher suites accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

'Medium' cipher suites accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Weak' cipher suites accepted by this service via the SSLv3 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

No 'Null' cipher suites accepted by this service via the SSLv3 protocol.

No 'Anonymous' cipher suites accepted by this service via the SSLv3 protocol.

'Strong' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

'Medium' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

No 'Null' cipher suites accepted by this service via the TLSv1.0 protocol.

No 'Anonymous' cipher suites accepted by this service via the TLSv1.0 protocol.

'Strong' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

'Medium' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

No 'Null' cipher suites accepted by this service via the TLSv1.1 protocol.

No 'Anonymous' cipher suites accepted by this service via the TLSv1.1 protocol.

'Strong' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

'Medium' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

No 'Null' cipher suites accepted by this service via the TLSv1.2 protocol.

No 'Anonymous' cipher suites accepted by this service via the TLSv1.2 protocol.

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Product detection
Description: MySQL/MariaDB Detection|Detection of installed version of
MySQL/MariaDB.

Detect a running MySQL/MariaDB by getting the banner, Extract the version
from the banner and store the information in KB|None|Detected MySQL

Version: unknown
Location: 3306/tcp
CPE: cpe:/a:oracle:mysql

Concluded from version/product identification result:
unknown

Extra information:
Scanner received a ER_HOST_NOT_PRIVILEGED error from the remote MySQL server.
Some tests may fail. Allow the scanner to access the remote MySQL server for better results.

Port / Type: 3306 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Service detection
Description: Services|This routine attempts to guess which service is running on the
remote ports. For instance, it searches for a web server which could listen on another port than
80 or 443 and makes this information available for other check routines.|None|An unknown service is running on this port.
It is usually reserved for MySQL
Port / Type: 3306 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Service detection
Description: Identify unknown services with 'GET'|This plugin performs service detection.

This plugin is a complement of find_service.nasl. It sends a GET request
to the remaining unknown services and tries to identify them.|None|A MySQL server seems to be running on this port but it
rejects connection from the openvas scanner.
Port / Type: 3306 / tcp
Severity: informational

Scan on December 20 2017, 03:57 AM UTC

Resolved
ID: NOCVE
Family/Group: Product detection
Description: Apache Web Server Version Detection|Detection of installed version of Apache Web Server

The script detects the version of Apache HTTP Server on remote host and sets the KB.|None|Detected Apache

Version: 2.2.15
Location: 443/tcp
CPE: cpe:/a:apache:http_server:2.2.15

Concluded from version/product identification result:

Apache/2.2.15 (CentOS) Server at crackme.cenzic.com Port 443

Concluded from version/product identification location:
https://crackme.cenzic.com/non-existent.html

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: CVE-2004-2320, CVE-2003-1567
Family/Group: Web application abuses
Description: http TRACE XSS attack|Debugging functions are enabled on the remote HTTP server.

The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.

It has been shown that servers supporting this method are subject to
cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when
used in conjunction with various weaknesses in browsers.

An attacker may use this flaw to trick your legitimate web users to give
him their credentials.|Disable these methods.|Solution:
Add the following lines for each virtual host in your configuration file :

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Port / Type: 80 / tcp
Severity: medium

Resolved
ID: CVE-2004-2320, CVE-2003-1567
Family/Group: Web application abuses
Description: http TRACE XSS attack|Debugging functions are enabled on the remote HTTP server.

The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.

It has been shown that servers supporting this method are subject to
cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when
used in conjunction with various weaknesses in browsers.

An attacker may use this flaw to trick your legitimate web users to give
him their credentials.|Disable these methods.|Solution:
Add the following lines for each virtual host in your configuration file :

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Certificate Expired|The remote server's SSL/TLS certificate has already expired.|Replace the SSL/TLS certificate by a new one.|The certificate of the remote service expired on 2016-04-27 20:29:21.

Certificate details:
subject ...: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
subject alternative names (SAN):
None
issued by .: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
serial ....: 6673
valid from : 2015-04-28 20:29:21 UTC
valid until: 2016-04-27 20:29:21 UTC
fingerprint (SHA-1): B29708DA23C79BA6C8570AC1009BD3CD7BA1D547
fingerprint (SHA-256): 92B77107335E5755BE42AF9F0F0DACE0BCDD57112280E9121FFF66E4AFBDF24E

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Report Medium Cipher Suites|This routine reports all Medium SSL/TLS cipher suites accepted by a service.|None|'Medium' cipher suites accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Medium' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Medium' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Medium' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: CVE-2016-2183, CVE-2016-6329
Family/Group: SSL and TLS
Description: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS|This routine reports all SSL/TLS cipher suites accepted by a service
where attack vectors exists only on HTTPS services.|The configuration of this services should be changed so
that it does not accept the listed cipher suites anymore.

Please see the references for more resources supporting you with this task.|'Vulnerable' cipher suites accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: Service detection
Description: Services|This routine attempts to guess which service is running on the
remote ports. For instance, it searches for a web server which could listen on another port than
80 or 443 and makes this information available for other check routines.|None|A TLScustom server answered on this port
Port / Type: 443 / tcp
Severity: informational

Resolved
ID: CVE-2003-1418
Family/Group: Web application abuses
Description: Apache Web Server ETag Header Information Disclosure Weakness|A weakness has been discovered in Apache web servers that are
configured to use the FileETag directive.|OpenBSD has released a patch that addresses this issue. Inode numbers
returned from the server are now encoded using a private hash to avoid
the release of sensitive information.

Novell has released TID10090670 to advise users to apply the available
workaround of disabling the directive in the configuration file for
Apache releases on NetWare. Please see the attached Technical
Information Document for further details.|Information that was gathered:
Inode: 628
Size: 129

Port / Type: 80 / tcp
Severity: medium

Resolved
ID: CVE-2013-2566, CVE-2015-2808, CVE-2015-4000
Family/Group: SSL and TLS
Description: SSL/TLS: Report Weak Cipher Suites|This routine reports all Weak SSL/TLS cipher suites accepted by a service.

NOTE: No severity for SMTP services with 'Opportunistic TLS' and weak cipher suites on port 25/tcp is reported.
If too strong cipher suites are configured for this service the alternative would be to fall back to an even more insecure
cleartext communication.|The configuration of this services should be changed so
that it does not accept the listed weak cipher suites anymore.

Please see the references for more resources supporting you with this task.|'Weak' cipher suites accepted by this service via the SSLv3 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: CVE-2016-0800, CVE-2014-3566
Family/Group: SSL and TLS
Description: SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection|It was possible to detect the usage of the
deprecated SSLv2 and/or SSLv3 protocol on this system.|It is recommended to disable the deprecated
SSLv2 and/or SSLv3 protocols in favor of the TLSv1+ protocols. Please see the
references for more information.|In addition to TLSv1.0+ the service is also providing the deprecated SSLv3 protocol and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Weak and Supported Ciphers' (OID: 1.3.6.1.4.1.25623.1.0.802067) NVT.
Port / Type: 443 / tcp
Severity: medium

Resolved
ID: CVE-2014-3566
Family/Group: SSL and TLS
Description: SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE)|This host is prone to an information disclosure vulnerability.|Possible Mitigations are:
- Disable SSLv3
- Disable cipher suites supporting CBC cipher modes
- Enable TLS_FALLBACK_SCSV if the service is providing TLSv1.0+|None
Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Certificate Signed Using A Weak Signature Algorithm|The remote service is using a SSL/TLS certificate chain that has been signed using a cryptographically weak hashing algorithm.|Servers that use SSL/TLS certificates signed using an SHA-1 signature will need to obtain new SHA-2 signed SSL/TLS certificates to avoid these
web browser SSL/TLS certificate warnings.|The following certificates are part of the certificate chain but using insecure signature algorithms:

Subject: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
Signature Algorithm: sha1WithRSAEncryption

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability|The SSL/TLS service uses Diffie-Hellman groups with insufficient strength
(key size < 2048).|Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use
a 2048-bit or stronger Diffie-Hellman group. (see https://weakdh.org/sysadmin.html).

For Apache Web Servers:
Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than 1024 bits.|Server Temporary Key Size: 1024 bits
Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: General
Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps |It was detected that the host implements RFC1323.

The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 530863946
Packet 2: 530865270

Port / Type: None / tcp
Severity: low

Resolved
ID: CVE-1999-0524
Family/Group: Service detection
Description: ICMP Timestamp Detection|The remote host responded to an ICMP timestamp request. The Timestamp Reply is
an ICMP message which replies to a Timestamp message. It consists of the
originating timestamp sent by the sender of the Timestamp as well as a receive
timestamp and a transmit timestamp. This information could theoretically be used
to exploit weak time-based random number generators in other services.|None|None
Port / Type: None / icmp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Service detection
Description: OS Detection Consolidation and Reporting|This script consolidates the OS information detected by several NVTs and tries to find the best matching OS.

Furthermore it reports all previously collected information leading to this best matching OS. It also reports possible additional informations
which might help to improve the OS detection.

If any of this information is wrong or could be improved please consider to report these to [email protected].|None|Best matching OS:

OS: CentOS 6
Version: 6
CPE: cpe:/o:centos:centos:6
Found by NVT: 1.3.6.1.4.1.25623.1.0.111067 (HTTP OS Identification)
Concluded from HTTP Server banner on port 80/tcp: Server: Apache/2.2.15 (CentOS)
Setting key "Host/runs_unixoide" based on this information

Other OS detections (in order of reliability):

OS: Linux 2.6.32 - 3.10
CPE: cpe:/o:linux:linux_kernel:3
Found by NVT: 1.3.6.1.4.1.25623.1.0.108021 (Nmap OS Identification (NASL wrapper))
Concluded from Nmap TCP/IP fingerprinting:
OS details: Linux 2.6.32 - 3.10
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3

OS: Linux Kernel
CPE: cpe:/o:linux:kernel
Found by NVT: 1.3.6.1.4.1.25623.1.0.102002 (ICMP based OS Fingerprinting)
Concluded from ICMP based OS fingerprint:
(100% confidence)

Linux Kernel

Port / Type: None / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Hostname discovery from server certificate|It was possible to discover an additional hostname
of this server from its certificate Common or Subject Alt Name.|None|The following additional and resolvable hostnames were detected:

crackme.trustwave.com

Port / Type: None / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Service detection
Description: Services|This routine attempts to guess which service is running on the
remote ports. For instance, it searches for a web server which could listen on another port than
80 or 443 and makes this information available for other check routines.|None|A web server is running on this port through SSL
Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: General
Description: Traceroute|A traceroute from the scanning server to the target system was
conducted. This traceroute is provided primarily for informational
value only. In the vast majority of cases, it does not represent a
vulnerability. However, if the displayed traceroute contains any
private addresses that should not have been publicly visible, then you
have an issue you need to correct.|Block unwanted packets from escaping your network.|Here is the route from 139.59.253.117 to 204.13.201.47:

139.59.253.117
138.197.250.210
138.197.245.2
116.51.17.165
129.250.2.75
129.250.3.83
129.250.4.33
129.250.3.48
129.250.5.16
129.250.2.204
129.250.4.158
129.250.202.146
209.10.192.137
209.10.196.29
204.13.201.47

Port / Type: None / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Service detection
Description: CPE Inventory|This routine uses information collected by other routines about
CPE identities (http://cpe.mitre.org/) of operating systems, services and
applications detected during the scan.|None|204.13.201.47|cpe:/a:apache:http_server:2.2.15
204.13.201.47|cpe:/a:oracle:mysql
204.13.201.47|cpe:/o:centos:centos:6
Port / Type: None / CPE-T
Severity: informational

Resolved
ID: NOCVE
Family/Group: Web Servers
Description: HTTP Server type and version|This detects the HTTP Server's type and version.|Configure your server to use an alternate name like
'Wintendo httpD w/Dotmatrix display'
Be sure to remove common logos like apache_pb.gif.
With Apache, you can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.|The remote web server type is :

Apache/2.2.15 (CentOS)

Solution : You can set the directive "ServerTokens Prod" to limit
the information emanating from the server in its response headers.

Port / Type: 80 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Service detection
Description: Services|This routine attempts to guess which service is running on the
remote ports. For instance, it searches for a web server which could listen on another port than
80 or 443 and makes this information available for other check routines.|None|A web server is running on this port
Port / Type: 80 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Web application abuses
Description: CGI Scanning Consolidation|The script consolidates various information for CGI scanning.

This information is based on the following scripts / settings:
- HTTP-Version Detection (OID: 1.3.6.1.4.1.25623.1.0.100034)
- No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)
- Web mirroring / webmirror.nasl (OID: 1.3.6.1.4.1.25623.1.0.10662)
- Directory Scanner / DDI_Directory_Scanner.nasl (OID: 1.3.6.1.4.1.25623.1.0.11032)
- The configured 'cgi_path' within the 'Scanner Preferences' of the scan config in use
- The configured 'Enable CGI scanning' within the 'Global variable settings' of the scan config in use
If you think any of these are wrong please report [email protected]|None|Requests to this service are done via HTTP/1.1.

This service seems to be able to host PHP scripts.

This service seems to be NOT able to host ASP scripts.

The following directories were used for CGI scanning:

http://crackme.cenzic.com/
http://crackme.cenzic.com/cgi-bin
http://crackme.cenzic.com/scripts

While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards

Port / Type: 80 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Product detection
Description: Apache Web Server Version Detection|Detection of installed version of Apache Web Server

The script detects the version of Apache HTTP Server on remote host and sets the KB.|None|Detected Apache

Version: 2.2.15
Location: 80/tcp
CPE: cpe:/a:apache:http_server:2.2.15

Concluded from version/product identification result:
Server: Apache/2.2.15

Port / Type: 80 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: RPC
Description: RPC portmapper (TCP)|This script performs detection of RPC portmapper on TCP.|None|RPC portmapper is running on this port
Port / Type: 111 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: RPC
Description: Obtain list of all port mapper registered programs via RPC|This script calls the DUMP RPC on the port mapper, to obtain the
list of all registered programs.|None|These are the registered RPC programs:

RPC program #100000 version 4 'portmapper' (portmap sunrpc rpcbind) on port 111/TCP

RPC program #100000 version 3 'portmapper' (portmap sunrpc rpcbind) on port 111/TCP

RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) on port 111/TCP

RPC program #100000 version 4 'portmapper' (portmap sunrpc rpcbind) on port 111/UDP

RPC program #100000 version 3 'portmapper' (portmap sunrpc rpcbind) on port 111/UDP

RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) on port 111/UDP

Port / Type: 111 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Web Servers
Description: HTTP Server type and version|This detects the HTTP Server's type and version.|Configure your server to use an alternate name like
'Wintendo httpD w/Dotmatrix display'
Be sure to remove common logos like apache_pb.gif.
With Apache, you can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.|The remote web server type is :

Apache/2.2.15 (CentOS)

Solution : You can set the directive "ServerTokens Prod" to limit
the information emanating from the server in its response headers.

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Certificate - Self-Signed Certificate Detection|The SSL/TLS certificate on this port is self-signed.|None|The certificate of the remote service is self signed.

Certificate details:
subject ...: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
subject alternative names (SAN):
None
issued by .: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
serial ....: 6673
valid from : 2015-04-28 20:29:21 UTC
valid until: 2016-04-27 20:29:21 UTC
fingerprint (SHA-1): B29708DA23C79BA6C8570AC1009BD3CD7BA1D547
fingerprint (SHA-256): 92B77107335E5755BE42AF9F0F0DACE0BCDD57112280E9121FFF66E4AFBDF24E

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Certificate - Subject Common Name Does Not Match Server FQDN|The SSL/TLS certificate contains a common name (CN) that does not match the hostname.|None|The certificate of the remote service contains a common name (CN) that does not match the hostname "crackme.cenzic.com".

Certificate details:
subject ...: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
subject alternative names (SAN):
None
issued by .: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
serial ....: 6673
valid from : 2015-04-28 20:29:21 UTC
valid until: 2016-04-27 20:29:21 UTC
fingerprint (SHA-1): B29708DA23C79BA6C8570AC1009BD3CD7BA1D547
fingerprint (SHA-256): 92B77107335E5755BE42AF9F0F0DACE0BCDD57112280E9121FFF66E4AFBDF24E

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Report Non Weak Cipher Suites|This routine reports all Non Weak SSL/TLS cipher suites accepted by a service.|None|'Non Weak' cipher suites accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Non Weak' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Non Weak' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Non Weak' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Collect and Report Certificate Details|This script collects and reports the details of all SSL/TLS certificates.

This data will be used by other tests to verify server certificates.|None|The following certificate details of the remote service were collected.

Certificate details:
subject ...: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
subject alternative names (SAN):
None
issued by .: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
serial ....: 6673
valid from : 2015-04-28 20:29:21 UTC
valid until: 2016-04-27 20:29:21 UTC
fingerprint (SHA-1): B29708DA23C79BA6C8570AC1009BD3CD7BA1D547
fingerprint (SHA-256): 92B77107335E5755BE42AF9F0F0DACE0BCDD57112280E9121FFF66E4AFBDF24E

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Report Perfect Forward Secrecy (PFS) Cipher Suites|This routine reports all SSL/TLS cipher suites accepted by a service which are supporting Perfect Forward Secrecy (PFS).|None|Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA

Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA

Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA

Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Web application abuses
Description: CGI Scanning Consolidation|The script consolidates various information for CGI scanning.

This information is based on the following scripts / settings:
- HTTP-Version Detection (OID: 1.3.6.1.4.1.25623.1.0.100034)
- No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)
- Web mirroring / webmirror.nasl (OID: 1.3.6.1.4.1.25623.1.0.10662)
- Directory Scanner / DDI_Directory_Scanner.nasl (OID: 1.3.6.1.4.1.25623.1.0.11032)
- The configured 'cgi_path' within the 'Scanner Preferences' of the scan config in use
- The configured 'Enable CGI scanning' within the 'Global variable settings' of the scan config in use
If you think any of these are wrong please report [email protected]|None|Requests to this service are done via HTTP/1.1.

This service seems to be able to host PHP scripts.

This service seems to be NOT able to host ASP scripts.

The following directories were used for CGI scanning:

https://crackme.cenzic.com/
https://crackme.cenzic.com/cgi-bin
https://crackme.cenzic.com/scripts

While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Report Supported Cipher Suites|This routine reports all SSL/TLS cipher suites accepted by a service.

As the NVT 'SSL/TLS: Check Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.900234) might run into a
timeout the actual reporting of all accepted cipher suites takes place in this NVT instead. The script preference 'Report timeout'
allows you to configure if such an timeout is reported.|None|'Strong' cipher suites accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

'Medium' cipher suites accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Weak' cipher suites accepted by this service via the SSLv3 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

No 'Null' cipher suites accepted by this service via the SSLv3 protocol.

No 'Anonymous' cipher suites accepted by this service via the SSLv3 protocol.

'Strong' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

'Medium' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

No 'Null' cipher suites accepted by this service via the TLSv1.0 protocol.

No 'Anonymous' cipher suites accepted by this service via the TLSv1.0 protocol.

'Strong' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

'Medium' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

No 'Null' cipher suites accepted by this service via the TLSv1.1 protocol.

No 'Anonymous' cipher suites accepted by this service via the TLSv1.1 protocol.

'Strong' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

'Medium' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

No 'Null' cipher suites accepted by this service via the TLSv1.2 protocol.

No 'Anonymous' cipher suites accepted by this service via the TLSv1.2 protocol.

Port / Type: 443 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Product detection
Description: MySQL/MariaDB Detection|Detection of installed version of
MySQL/MariaDB.

Detect a running MySQL/MariaDB by getting the banner, Extract the version
from the banner and store the information in KB|None|Detected MySQL

Version: unknown
Location: 3306/tcp
CPE: cpe:/a:oracle:mysql

Concluded from version/product identification result:
unknown

Extra information:
Scanner received a ER_HOST_NOT_PRIVILEGED error from the remote MySQL server.
Some tests may fail. Allow the scanner to access the remote MySQL server for better results.

Port / Type: 3306 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Service detection
Description: Services|This routine attempts to guess which service is running on the
remote ports. For instance, it searches for a web server which could listen on another port than
80 or 443 and makes this information available for other check routines.|None|An unknown service is running on this port.
It is usually reserved for MySQL
Port / Type: 3306 / tcp
Severity: informational

Resolved
ID: NOCVE
Family/Group: Service detection
Description: Identify unknown services with 'GET'|This plugin performs service detection.

This plugin is a complement of find_service.nasl. It sends a GET request
to the remaining unknown services and tries to identify them.|None|A MySQL server seems to be running on this port but it
rejects connection from the openvas scanner.
Port / Type: 3306 / tcp
Severity: informational

X-Frame-Options Header Not Set

Details

ID: 41620b1bed45dc41997746c32f4beaa1
Affected Hosts:
- https://kevanpng.github.io
First seen: 2019-03-25 04:31:41

Description

X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

Recommendation

Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. ALLOW-FROM allows specific websites to frame the web page in supported web browsers).

Scan on December 20 2017, 04:01 AM UTC

Resolved
ID: CVE-2004-2320, CVE-2003-1567
Family/Group: Web application abuses
Description: http TRACE XSS attack|Debugging functions are enabled on the remote HTTP server.

The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.

It has been shown that servers supporting this method are subject to
cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when
used in conjunction with various weaknesses in browsers.

An attacker may use this flaw to trick your legitimate web users to give
him their credentials.|Disable these methods.|Solution:
Add the following lines for each virtual host in your configuration file :

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Port / Type: 80 / tcp
Severity: medium

Resolved
ID: CVE-2004-2320, CVE-2003-1567
Family/Group: Web application abuses
Description: http TRACE XSS attack|Debugging functions are enabled on the remote HTTP server.

The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.

It has been shown that servers supporting this method are subject to
cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when
used in conjunction with various weaknesses in browsers.

An attacker may use this flaw to trick your legitimate web users to give
him their credentials.|Disable these methods.|Solution:
Add the following lines for each virtual host in your configuration file :

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Certificate Expired|The remote server's SSL/TLS certificate has already expired.|Replace the SSL/TLS certificate by a new one.|The certificate of the remote service expired on 2016-04-27 20:29:21.

Certificate details:
subject ...: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
subject alternative names (SAN):
None
issued by .: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
serial ....: 6673
valid from : 2015-04-28 20:29:21 UTC
valid until: 2016-04-27 20:29:21 UTC
fingerprint (SHA-1): B29708DA23C79BA6C8570AC1009BD3CD7BA1D547
fingerprint (SHA-256): 92B77107335E5755BE42AF9F0F0DACE0BCDD57112280E9121FFF66E4AFBDF24E

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: CVE-2016-2183, CVE-2016-6329
Family/Group: SSL and TLS
Description: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS|This routine reports all SSL/TLS cipher suites accepted by a service
where attack vectors exists only on HTTPS services.|The configuration of this services should be changed so
that it does not accept the listed cipher suites anymore.

Please see the references for more resources supporting you with this task.|'Vulnerable' cipher suites accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: CVE-2003-1418
Family/Group: Web application abuses
Description: Apache Web Server ETag Header Information Disclosure Weakness|A weakness has been discovered in Apache web servers that are
configured to use the FileETag directive.|OpenBSD has released a patch that addresses this issue. Inode numbers
returned from the server are now encoded using a private hash to avoid
the release of sensitive information.

Novell has released TID10090670 to advise users to apply the available
workaround of disabling the directive in the configuration file for
Apache releases on NetWare. Please see the attached Technical
Information Document for further details.|Information that was gathered:
Inode: 628
Size: 129

Port / Type: 80 / tcp
Severity: medium

Resolved
ID: CVE-2013-2566, CVE-2015-2808, CVE-2015-4000
Family/Group: SSL and TLS
Description: SSL/TLS: Report Weak Cipher Suites|This routine reports all Weak SSL/TLS cipher suites accepted by a service.

NOTE: No severity for SMTP services with 'Opportunistic TLS' and weak cipher suites on port 25/tcp is reported.
If too strong cipher suites are configured for this service the alternative would be to fall back to an even more insecure
cleartext communication.|The configuration of this services should be changed so
that it does not accept the listed weak cipher suites anymore.

Please see the references for more resources supporting you with this task.|'Weak' cipher suites accepted by this service via the SSLv3 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: CVE-2016-0800, CVE-2014-3566
Family/Group: SSL and TLS
Description: SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection|It was possible to detect the usage of the
deprecated SSLv2 and/or SSLv3 protocol on this system.|It is recommended to disable the deprecated
SSLv2 and/or SSLv3 protocols in favor of the TLSv1+ protocols. Please see the
references for more information.|In addition to TLSv1.0+ the service is also providing the deprecated SSLv3 protocol and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Weak and Supported Ciphers' (OID: 1.3.6.1.4.1.25623.1.0.802067) NVT.
Port / Type: 443 / tcp
Severity: medium

Resolved
ID: CVE-2014-3566
Family/Group: SSL and TLS
Description: SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE)|This host is prone to an information disclosure vulnerability.|Possible Mitigations are:
- Disable SSLv3
- Disable cipher suites supporting CBC cipher modes
- Enable TLS_FALLBACK_SCSV if the service is providing TLSv1.0+|None
Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Certificate Signed Using A Weak Signature Algorithm|The remote service is using a SSL/TLS certificate chain that has been signed using a cryptographically weak hashing algorithm.|Servers that use SSL/TLS certificates signed using an SHA-1 signature will need to obtain new SHA-2 signed SSL/TLS certificates to avoid these
web browser SSL/TLS certificate warnings.|The following certificates are part of the certificate chain but using insecure signature algorithms:

Subject: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
Signature Algorithm: sha1WithRSAEncryption

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability|The SSL/TLS service uses Diffie-Hellman groups with insufficient strength
(key size < 2048).|Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use
a 2048-bit or stronger Diffie-Hellman group. (see https://weakdh.org/sysadmin.html).

For Apache Web Servers:
Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than 1024 bits.|Server Temporary Key Size: 1024 bits
Port / Type: 443 / tcp
Severity: medium

Scan on December 20 2017, 04:01 AM UTC

Resolved
ID: CVE-2004-2320, CVE-2003-1567
Family/Group: Web application abuses
Description: http TRACE XSS attack|Debugging functions are enabled on the remote HTTP server.

The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.

It has been shown that servers supporting this method are subject to
cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when
used in conjunction with various weaknesses in browsers.

An attacker may use this flaw to trick your legitimate web users to give
him their credentials.|Disable these methods.|Solution:
Add the following lines for each virtual host in your configuration file :

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Port / Type: 80 / tcp
Severity: medium

Resolved
ID: CVE-2004-2320, CVE-2003-1567
Family/Group: Web application abuses
Description: http TRACE XSS attack|Debugging functions are enabled on the remote HTTP server.

The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.

It has been shown that servers supporting this method are subject to
cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when
used in conjunction with various weaknesses in browsers.

An attacker may use this flaw to trick your legitimate web users to give
him their credentials.|Disable these methods.|Solution:
Add the following lines for each virtual host in your configuration file :

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Certificate Expired|The remote server's SSL/TLS certificate has already expired.|Replace the SSL/TLS certificate by a new one.|The certificate of the remote service expired on 2016-04-27 20:29:21.

Certificate details:
subject ...: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
subject alternative names (SAN):
None
issued by .: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
serial ....: 6673
valid from : 2015-04-28 20:29:21 UTC
valid until: 2016-04-27 20:29:21 UTC
fingerprint (SHA-1): B29708DA23C79BA6C8570AC1009BD3CD7BA1D547
fingerprint (SHA-256): 92B77107335E5755BE42AF9F0F0DACE0BCDD57112280E9121FFF66E4AFBDF24E

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: CVE-2016-2183, CVE-2016-6329
Family/Group: SSL and TLS
Description: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS|This routine reports all SSL/TLS cipher suites accepted by a service
where attack vectors exists only on HTTPS services.|The configuration of this services should be changed so
that it does not accept the listed cipher suites anymore.

Please see the references for more resources supporting you with this task.|'Vulnerable' cipher suites accepted by this service via the SSLv3 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: CVE-2003-1418
Family/Group: Web application abuses
Description: Apache Web Server ETag Header Information Disclosure Weakness|A weakness has been discovered in Apache web servers that are
configured to use the FileETag directive.|OpenBSD has released a patch that addresses this issue. Inode numbers
returned from the server are now encoded using a private hash to avoid
the release of sensitive information.

Novell has released TID10090670 to advise users to apply the available
workaround of disabling the directive in the configuration file for
Apache releases on NetWare. Please see the attached Technical
Information Document for further details.|Information that was gathered:
Inode: 628
Size: 129

Port / Type: 80 / tcp
Severity: medium

Resolved
ID: CVE-2013-2566, CVE-2015-2808, CVE-2015-4000
Family/Group: SSL and TLS
Description: SSL/TLS: Report Weak Cipher Suites|This routine reports all Weak SSL/TLS cipher suites accepted by a service.

NOTE: No severity for SMTP services with 'Opportunistic TLS' and weak cipher suites on port 25/tcp is reported.
If too strong cipher suites are configured for this service the alternative would be to fall back to an even more insecure
cleartext communication.|The configuration of this services should be changed so
that it does not accept the listed weak cipher suites anymore.

Please see the references for more resources supporting you with this task.|'Weak' cipher suites accepted by this service via the SSLv3 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

'Weak' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: CVE-2016-0800, CVE-2014-3566
Family/Group: SSL and TLS
Description: SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection|It was possible to detect the usage of the
deprecated SSLv2 and/or SSLv3 protocol on this system.|It is recommended to disable the deprecated
SSLv2 and/or SSLv3 protocols in favor of the TLSv1+ protocols. Please see the
references for more information.|In addition to TLSv1.0+ the service is also providing the deprecated SSLv3 protocol and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Weak and Supported Ciphers' (OID: 1.3.6.1.4.1.25623.1.0.802067) NVT.
Port / Type: 443 / tcp
Severity: medium

Resolved
ID: CVE-2014-3566
Family/Group: SSL and TLS
Description: SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE)|This host is prone to an information disclosure vulnerability.|Possible Mitigations are:
- Disable SSLv3
- Disable cipher suites supporting CBC cipher modes
- Enable TLS_FALLBACK_SCSV if the service is providing TLSv1.0+|None
Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Certificate Signed Using A Weak Signature Algorithm|The remote service is using a SSL/TLS certificate chain that has been signed using a cryptographically weak hashing algorithm.|Servers that use SSL/TLS certificates signed using an SHA-1 signature will need to obtain new SHA-2 signed SSL/TLS certificates to avoid these
web browser SSL/TLS certificate warnings.|The following certificates are part of the certificate chain but using insecure signature algorithms:

Subject: 1.2.840.113549.1.9.1=#726F6F7440637261636B6D652E7472757374776176652E636F6D,CN=crackme.trustwave.com,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
Signature Algorithm: sha1WithRSAEncryption

Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: SSL and TLS
Description: SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability|The SSL/TLS service uses Diffie-Hellman groups with insufficient strength
(key size < 2048).|Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use
a 2048-bit or stronger Diffie-Hellman group. (see https://weakdh.org/sysadmin.html).

For Apache Web Servers:
Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than 1024 bits.|Server Temporary Key Size: 1024 bits
Port / Type: 443 / tcp
Severity: medium

Resolved
ID: NOCVE
Family/Group: General
Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps |It was detected that the host implements RFC1323.

The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 530863946
Packet 2: 530865270

Port / Type: None / tcp
Severity: low

kevanpng / blog Goto Github PK

blog's People

blog's Issues

Scan on December 20 2017, 04:01 AM UTC

Scan on December 20 2017, 03:57 AM UTC

Scan on December 20 2017, 03:57 AM UTC

Scan on December 20 2017, 03:57 AM UTC

X-Frame-Options Header Not Set

Details

Description

Recommendation

Scan on December 20 2017, 04:01 AM UTC

Scan on December 20 2017, 04:01 AM UTC

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs