[LugBS] vulnerabilità siti
info a antonellofacchetti.it
info a antonellofacchetti.it
Lun 21 Dic 2020 16:23:00 UTC
Il DPO della mia scuola ci ha mandato il controllo di vulnerabilità
riguardante il nostro sito che vi allego con susseguente lettera
accompagnatoria (che allego pure).
Ora, data una lettura veloce mi pare che siano questioni che riguardano
il nostro isp (nel caso Aruba) per cui io non saprei bene che fare. Ora,
visto il tenore della lettera accompagnatoria (sembra tanto una campagna
FUD fear uncertainty and doubt) che pare tanto essere propedeutica a un
"pagaci che ci pensiamo noi", ditemi... che fare? come rispondere?
Qualcuno mi può delucidare sul contenuto dela relazione?
lettera di accompagnamento
Oggetto: possibile vulnerabilità sito istituzionale
A seguito di test sul Vs sito istituzionale, svolto tramite software
dedicato, sono state
evidenziate alcune vulnerabilità.
Risulta quindi fondamentale intervenire sulla piattaforma, per tramite
della ditta/ente che si
occupa della gestione del sito, al fine di rimuovere tali vulnerabilità,
in modo tale da
contenere e rendere accettabile il livello di rischio.
Con l'occasione ricordiamo che per una problematica simile (per la
precisione, per la
piattaforma Rousseau, risultata essere poco sicura ), il Movimento 5
Stelle ha
recentemente ricevuto una sanzione di 50.000,00 Euro.
È quindi evidente che alla questione va data la massima attenzione e
priorità.
Ci teniamo a sottolineare che test di questo genere rappresentano uno
strumento
indicativo, e che potrebbero rendersi necessari test più approfonditi
con l’intervento di un
tecnico specializzato. In tal caso rimaniamo a disposizione per fornire
supporto.
In attesa di un Vostro pronto riscontro porgiamo distinti saluti.
Cordialmente,
Ed ecco il test (lungo, ma quel che conta sono le prime 3 vulnerabilità,
valore 3 in scala da 1 a 5)
Scan Results
December 04, 2020
Report Summary
User Name: Marco Piatti
Login Name: stud5mp
Company: Studio81
User Role: Manager
Address: Via del Carro 14B,
Zip: 21017
Country: Italy
Created: 12/04/2020 at 18:32:51 (GMT+0100)
Launch Date: 12/04/2020 at 17:34:34 (GMT+0100)
Active Hosts: 1
Total Hosts: 1
Type: On demand
Status: Finished
Reference: scan/1607099674.18669
External Scanners: 154.59.121.156 (Scanner 12.1.68-1, Vulnerability
Signatures 2.5.48-4)
Duration: 00:37:08
Title: IC Rudiano
Asset Groups: -
IPs: 89.46.108.65
Excluded IPs: -
Options Profile: Initial Options
Summary of Vulnerabilities
Vulnerabilities Total
24
Security Risk (Avg)
3.0
by Severity
Severity
Confirmed Potential Information Gathered Total
5 0 0 0 0
4 0 0 0 0
3 2 2 0 4
2 0 0 0 0
1 0 0 20 20
Total 2 2 20 24
5 Biggest Categories
Category
Confirmed Potential Information Gathered Total
Information gathering 0 0 7 7
General remote services 1 0 6 7
Web server 0 2 4 6
TCP/IP 0 0 2 2
Firewall 1 0 1 2
Total 2 2 20 24
Detailed Results
89.46.108.65 (webx1321.aruba.it, -)
Vulnerabilities (2)
3
TCP Source Port Pass Firewall
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Scan Results
34000
Firewall
-
-
-
07/10/2017
-
page 2Edited:
PCI Vuln:
No
Yes
THREAT:
Your firewall policy seems to let TCP packets with a specific source
port pass through.
IMPACT:
Some types of requests can pass through the firewall. The port number
listed in the results section of this vulnerability report is the source
port that unauthorized users can use to bypass your firewall.
SOLUTION:
Make sure that all your filtering rules are correct and strict enough.
If the firewall intends to deny TCP connections to a specific port, it
should be configured to block all TCP SYN packets going to this port,
regardless of the source port.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The host responded 3 times to 4 TCP SYN probes sent to destination port
8080 using source port 21. However, it did not respond at all to 4 TCP
SYN probes sent to the same destination port using a random source port.
3
SSL/TLS Server supports TLSv1.0
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
port 443/tcp over SSL
38628
General remote services
-
-
-
12/21/2018
-
No
Yes
THREAT:
TLS is capable of using a multitude of ciphers (algorithms) to create
the public and private key pairs.
For example if TLSv1.0 uses either the RC4 stream cipher, or a block
cipher in CBC mode.
RC4 is known to have biases and the block cipher in CBC mode is
vulnerable to the POODLE attack.
TLSv1.0, if configured to use the same cipher suites as SSLv3, includes
a means by which a TLS implementation can downgrade the connection to
SSL v3.0, thus weakening security.
A POODLE-type
(https://blog.qualys.com/ssllabs/2014/12/08/poodle-bites-tls) attack
could also be launched directly at TLS without negotiating a
downgrade.
This QID is an automatic PCI FAIL in accordance with the PCI standards.
Further details can be found under:
PCI: ASV Program Guide v3.1 (page 27)
(https://www.pcisecuritystandards.org/documents/ASV_Program_Guide_v3.1.pdf)
PCI: Use of SSL Early TLS and ASV Scans
(https://www.pcisecuritystandards.org/documents/Use-of-SSL-Early-TLS-and-ASV-Scans.pdf)
IMPACT:
An attacker can exploit cryptographic flaws to conduct man-in-the-middle
type attacks or to decryption communications.
For example: An attacker could force a downgrade from the TLS protocol
to the older SSLv3.0 protocol and exploit the POODLE vulnerability, read
secure communications or maliciously modify messages.
A POODLE-type
(https://blog.qualys.com/ssllabs/2014/12/08/poodle-bites-tls) attack
could also be launched directly at TLS without negotiating a
downgrade.
Scan Results
page 3SOLUTION:
Disable the use of TLSv1.0 protocol in favor of a cryptographically
stronger protocol such as TLSv1.2.
The following openssl commands can be used
to do a manual test:
openssl s_client -connect ip:port -tls1
If the test is successful, then the target support TLSv1
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLSv1.0 is supported
Potential Vulnerabilities (2)
3
Web Server Stopped Responding
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
port 80/tcp
86476
Web server
-
-
-
02/28/2019
-
No
Yes
THREAT:
The Web server stopped responding to 3 consecutive connection attempts
and/or more than 3 consecutive HTTP / HTTPS requests. Consequently,
the
service aborted testing for HTTP / HTTPS vulnerabilities. The
vulnerabilities already detected are still posted.
IMPACT:
The service was unable to complete testing for HTTP / HTTPS
vulnerabilities since the Web server stopped responding.
SOLUTION:
Check the Web server status.
If the Web server was crashed during the scan, please restart the
server, report the incident to Customer Support and stop scanning the
Web server
until the issue is resolved.
If the Web server is unable to process multiple concurrent HTTP / HTTPS
requests, please lower the scan harshness level and launch another scan.
If this vulnerability continues to be reported, please contact Customer
Support.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The web server did not respond for 4 consecutive HTTP requests.
After these, the service was still unable to connect to the web server 2
minutes later.
Scan Results
page 43
Web Server Stopped Responding
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
port 443/tcp over SSL
86476
Web server
-
-
-
02/28/2019
-
No
Yes
THREAT:
The Web server stopped responding to 3 consecutive connection attempts
and/or more than 3 consecutive HTTP / HTTPS requests. Consequently,
the
service aborted testing for HTTP / HTTPS vulnerabilities. The
vulnerabilities already detected are still posted.
IMPACT:
The service was unable to complete testing for HTTP / HTTPS
vulnerabilities since the Web server stopped responding.
SOLUTION:
Check the Web server status.
If the Web server was crashed during the scan, please restart the
server, report the incident to Customer Support and stop scanning the
Web server
until the issue is resolved.
If the Web server is unable to process multiple concurrent HTTP / HTTPS
requests, please lower the scan harshness level and launch another scan.
If this vulnerability continues to be reported, please contact Customer
Support.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The web server did not respond for 4 consecutive HTTP requests.
After these, the service was still unable to connect to the web server 2
minutes later.
Information Gathered (20)
1
DNS Host Name
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
6
Information gathering
-
-
-
01/04/2018
-
No
No
THREAT:
The fully qualified domain name of this host, if it was obtained from a
DNS server, is displayed in the RESULT section.
IMPACT:
N/A
Scan Results
page 5SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
IP address Host name
89.46.108.65 webx1321.aruba.it
1
Firewall Detected
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
34011
Firewall
-
-
-
04/22/2019
-
No
No
THREAT:
A packet filtering device protecting this IP was detected. This is
likely to be a firewall or a router using access control lists (ACLs).
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Some of the ports filtered by the firewall are: 20, 22, 23, 25, 53, 111,
135, 445, 1, 7.
Listed below are the ports filtered by the firewall.
No response has been received when any of these ports are probed.
1-3,5,7,9,11,13,15,17-20,22-25,27,29,31,33,35,37-39,41-79,81-223,242-246,
256-265,280-282,309,311,318,322-325,344-351,363,369-381,383-442,444-581,
587,592-593,598,600,606-620,624,627,631,633-637,666-674,700,704-705,707,
709-711,729-731,740-742,744,747-754,758-765,767,769-777,780-783,786,799-801,
860,873,886-888,900-901,911,950,954-955,990-993,995-1001,1008,1010-1011,
1015,1023-1100,1109-1112,1114,1123,1155,1167,1170,1207,1212,1214,1220-1222,
1234-1236,1241,1243,1245,1248,1269,1313-1314,1337,1344-1625,1636-1774,
1776-1815,1818-1824,1900-1909,1911-1920,1944-1951,1973,1981,1985-2028,
2030,2032-2036,2038,2040-2049,2053,2065,2067,2080,2097,2100,2102, and more.
We have omitted from this list 700 higher ports to keep the report size
manageable.
Scan Results
page 61
Internet Service Provider
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
45005
Information gathering
-
-
-
09/27/2013
-
No
No
THREAT:
The information shown in the Result section was returned by the network
infrastructure responsible for routing traffic from our cloud platform
to the
target network (where the scanner appliance is located).
This information was returned from: 1) the WHOIS service, or 2) the
infrastructure provided by the closest gateway server to our cloud
platform. If
your ISP is routing traffic, your ISP's gateway server returned this
information.
IMPACT:
This information can be used by malicious users to gather more
information about the network infrastructure that may aid in launching
further
attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
The ISP network handle is: RIPE-C3
ISP Network description:
RIPE Network Coordination Centre
1
Traceroute
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
45006
Information gathering
-
-
-
05/09/2003
-
No
No
THREAT:
Traceroute describes the path in realtime from the scanner to the remote
host being contacted. It reports the IP addresses of all the routers in
between.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
Scan Results
page 7ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Hops IP Round Trip Time Probe 1 154.59.121.130 0.15ms ICMP 2
149.14.142.217 13.66ms ICMP 3 130.117.51.13 13.80ms ICMP 4 130.117.0.142
8.66ms ICMP 5 154.54.36.54 16.22ms ICMP 6 130.117.0.61 22.37ms ICMP 7
154.54.61.90 23.34ms ICMP 8 154.54.59.1 29.11ms ICMP 9 130.117.48.114
33.06ms ICMP 10 149.6.18.50 33.72ms UDP 80
11 62.149.185.27 33.12ms TCP 80
12 89.46.108.65 32.47ms ICMP
1
Port
Host Scan Time
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
45038
Information gathering
-
-
-
03/18/2016
-
No
No
THREAT:
The Host Scan Time is the period of time it takes the scanning engine to
perform the vulnerability assessment of a single target host. The Host Scan
Time for this host is reported in the Result section below.
The Host Scan Time does not have a direct correlation to the Duration
time as displayed in the Report Summary section of a scan results
report. The
Duration is the period of time it takes the service to perform a scan
task. The Duration includes the time it takes the service to scan all
hosts, which
may involve parallel scanning. It also includes the time it takes for a
scanner appliance to pick up the scan task and transfer the results back
to the
service's Secure Operating Center. Further, when a scan task is
distributed across multiple scanners, the Duration includes the time it
takes to
perform parallel host scanning on all scanners.
For host running the Qualys Windows agent this QID reports the time
taken by the agent to collect the host metadata used for the most recent
assessment scan.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Scan duration: 2226 seconds
Start time: Fri, Dec 04 2020, 16:35:02 GMT
Scan Results
page 8End time: Fri, Dec 04 2020, 17:12:08 GMT
1
Host Names Found
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
45039
Information gathering
-
-
-
08/27/2020
-
No
No
THREAT:
The following host names were discovered for this computer using various
methods such as DNS look up, NetBIOS query, and SQL server name
query.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Host Name Source
webx1321.aruba.it FQDN
1
Scan Activity per Port
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
45426
Information gathering
-
-
-
06/24/2020
-
No
No
THREAT:
Scan activity per port is an estimate of the amount of internal process
time the scanner engine spent scanning a particular TCP or UDP port. This
information can be useful to determine the reason for long scan times.
The individual time values represent internal process time, not elapsed
time, and can be longer than the total scan time because of internal
parallelism. High values are often caused by slowly responding services or
services on which requests time out.
IMPACT:
N/A
Scan Results
page 9SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Protocol Port Time
TCP 80 2:16:27
TCP 443 1:22:12
1
Open TCP Services List
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
82023
TCP/IP
-
-
-
06/15/2009
-
No
No
THREAT:
The port scanner enables unauthorized users with the appropriate tools
to draw a map of all services on this host that can be accessed from the
Internet. The test was carried out with a "stealth" port scanner so that
the server does not log real connections.
The Results section displays the port number (Port), the default service
listening on the port (IANA Assigned Ports/Services), the description of the
service (Description) and the service that the scanner detected using
service discovery (Service Detected).
IMPACT:
Unauthorized users can exploit this information to test vulnerabilities
in each of the open services.
SOLUTION:
Shut down any unknown or unused service on the list. If you have
difficulty figuring out which service is provided by which process or
program,
contact your provider's support team. For more information about
commercial and open-source Intrusion Detection Systems available for
detecting
port scanners of this kind, visit the CERT Web site (http://www.cert.org).
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Port
IANA Assigned Ports/Services Description Service Detected
80 www-http World Wide Web HTTP http
443 https http protocol over TLS/SSL http over ssl
1
QID:
Scan Results
OS On Redirected Port
ICMP Replies Received
82040
page 10Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
TCP/IP
-
-
-
01/16/2003
-
No
No
THREAT:
ICMP (Internet Control and Error Message Protocol) is a protocol
encapsulated in IP packets. ICMP's principal purpose is to provide a
protocol layer
that informs gateways of the inter-connectivity and accessibility of
other gateways or hosts.
We have sent the following types of packets to trigger the host to send
us ICMP replies:
Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)
Listed in the "Result" section are the ICMP replies that we have received.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
ICMP Reply Type Triggered By Additional Information
Echo (type=0 code=0) Echo Request Echo Reply
Unreachable (type=3 code=10) (Various) Destination Host Prohibited
1
Microsoft IIS Server Detected
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
port 80/tcp
45104
Information gathering
-
-
-
11/26/2020
-
No
No
THREAT:
Microsoft Internet Information Services (IIS) Web Server was detected on
the target host.
QID Detection Logic (authenticated):
Operating System: Windows
The QID checks for key "HKLM\SOFTWARE\Microsoft\InetStp SetupString"
value "SetupString" to verify if IIS is present on the Host or not.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Scan Results
page 11Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Microsoft-IIS/4.0
1
Web Server Version
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
port 80/tcp
86000
Web server
-
-
-
11/03/2020
-
No
No
THREAT:
A web server is server software, or hardware dedicated to running this
software, that can satisfy client requests on the World Wide Web.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Server Version Server Banner
Microsoft-IIS/4.0 aruba-proxy
1
List of Web Directories
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
Scan Results
port 80/tcp
86672
Web server
-
-
-
09/11/2004
-
No
No
page 12THREAT:
Based largely on the HTTP reply code, the following directories are most
likely present on the host.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Directory Source
/cgi-bin/ brute force
/test/ brute force
/tmp/ brute force
/CMS/ brute force
1
SSL Server Information Retrieval
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
port 443/tcp over SSL
38116
General remote services
-
-
-
05/24/2016
-
No
No
THREAT:
The following is a list of supported SSL ciphers.
Note: If a cipher is included in this list it means that it was possible
to establish a SSL connection using that cipher. There are some web servers
setups that allow connections to be established using a LOW grade
cipher, only to provide a web page stating that the URL is accessible only
through a non-LOW grade cipher. In this case even though LOW grade
cipher will be listed here QID 38140 will not be reported.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
CIPHER
KEY-EXCHANGE
AUTHENTICATION MAC
ENCRYPTION(KEY-STRENGTH) GRADE
AES(128) MEDIUM
SSLv2 PROTOCOL IS DISABLED
SSLv3 PROTOCOL IS DISABLED
TLSv1 PROTOCOL IS ENABLED
Scan Results
TLSv1 COMPRESSION METHOD None
ECDHE-RSA-AES128-SHA ECDH
RSA
SHA1
page 13ECDHE-RSA-AES256-SHA
ECDH
RSA
SHA1 AES(256) HIGH
TLSv1.1 PROTOCOL IS ENABLED
TLSv1.1 COMPRESSION METHOD None AES128-SHA RSA RSA SHA1 AES(128) MEDIUM
AES256-SHA RSA RSA SHA1 AES(256) HIGH
CAMELLIA128-SHA RSA RSA SHA1 Camellia(128) MEDIUM
CAMELLIA256-SHA RSA RSA SHA1 Camellia(256) HIGH
ECDHE-RSA-AES128-SHA ECDH RSA SHA1 AES(128) MEDIUM
ECDHE-RSA-AES256-SHA ECDH RSA SHA1 AES(256) HIGH
TLSv1.2 PROTOCOL IS ENABLED
TLSv1.2 COMPRESSION METHOD None AES128-SHA RSA RSA SHA1 AES(128) MEDIUM
AES256-SHA RSA RSA SHA1 AES(256) HIGH
CAMELLIA128-SHA RSA RSA SHA1 Camellia(128) MEDIUM
CAMELLIA256-SHA RSA RSA SHA1 Camellia(256) HIGH
AES128-GCM-SHA256 RSA RSA AEAD AESGCM(128) MEDIUM
AES256-GCM-SHA384 RSA RSA AEAD AESGCM(256) HIGH
ECDHE-RSA-AES128-SHA ECDH RSA SHA1 AES(128) MEDIUM
ECDHE-RSA-AES256-SHA ECDH RSA SHA1 AES(256) HIGH
ECDHE-RSA-AES128-SHA256 ECDH RSA SHA256 AES(128) MEDIUM
ECDHE-RSA-AES256-SHA384 ECDH RSA SHA384 AES(256) HIGH
ECDHE-RSA-AES128-GCM-SHA256 ECDH RSA AEAD AESGCM(128) MEDIUM
ECDHE-RSA-AES256-GCM-SHA384 ECDH RSA AEAD AESGCM(256) HIGH
AES128-SHA256 RSA RSA SHA256 AES(128) MEDIUM
AES256-SHA256 RSA RSA SHA256 AES(256) HIGH
TLSv1.3 PROTOCOL IS DISABLED
1
SSL Session Caching Information
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
port 443/tcp over SSL
38291
General remote services
-
-
-
03/19/2020
-
No
No
THREAT:
SSL session is a collection of security parameters that are negotiated
by the SSL client and server for each SSL connection. SSL session caching is
targeted to reduce the overhead of negotiations in recurring SSL
connections. SSL sessions can be reused to resume an earlier connection
or to
establish multiple simultaneous connections. The client suggests an SSL
session to be reused by identifying the session with a Session-ID during
SSL handshake. If the server finds it appropriate to reuse the session,
then they both proceed to secure communication with already known security
parameters.
This test determines if SSL session caching is enabled on the host.
IMPACT:
SSL session caching is part of the SSL and TLS protocols and is not a
security threat. The result of this test is for informational purposes
only.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
Scan Results
page 14There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLSv1 session caching is enabled on the target.
TLSv1.1 session caching is enabled on the target.
TLSv1.2 session caching is enabled on the target.
1
SSL/TLS invalid protocol version tolerance
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
port 443/tcp over SSL
38597
General remote services
-
-
-
01/29/2016
-
No
No
THREAT:
SSL/TLS protocols have different version that can be supported by both
the client and the server. This test attempts to send invalid protocol
versions to the target in order to find out what is the target's
behavior. The results section contains a table that indicates what was the
target's response to each of our tests.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
my version target version
0304 0303
0399 0303
0400 rejected
0499 0303
1
SSL/TLS Key Exchange Methods
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
Scan Results
port 443/tcp over SSL
38704
General remote services
-
-
-
07/12/2018
-
No
No
page 15THREAT:
The following is a list of SSL/TLS key exchange methods supported by the
server, along with their respective key sizes and strengths.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NAME
GROUP KEY-SIZE FORWARD-SECRET CLASSICAL-STRENGTH QUANTUM-STRENGTH
ECDHE secp256r1 256 yes 128 low
ECDHE secp521r1 521 yes 260 low
ECDHE brainpoolp512r1 512 yes 256 low
ECDHE brainpoolp384r1 384 yes 192 low
ECDHE secp384r1 384 yes 192 low
ECDHE brainpoolp256r1 256 yes 128 low
ECDHE secp256k1 256 yes 128 low
ECDHE sect571r1 571 yes 285 low
ECDHE sect571k1 571 yes 285 low
ECDHE sect409k1 409 yes 204 low
ECDHE sect409r1 409 yes 204 low
ECDHE sect283k1 283 yes 141 low
ECDHE sect283r1 283 yes 141 low
TLSv1
TLSv1.1
RSA
2048 no 110 low
ECDHE secp256r1 256 yes 128 low
ECDHE secp521r1 521 yes 260 low
ECDHE brainpoolp512r1 512 yes 256 low
ECDHE brainpoolp384r1 384 yes 192 low
ECDHE secp384r1 384 yes 192 low
ECDHE brainpoolp256r1 256 yes 128 low
ECDHE secp256k1 256 yes 128 low
TLSv1.2
RSA
Scan Results
2048 no 110 low
ECDHE secp256r1 256 yes 128 low
ECDHE secp521r1 521 yes 260 low
ECDHE brainpoolp512r1 512 yes 256 low
ECDHE brainpoolp384r1 384 yes 192 low
ECDHE secp384r1 384 yes 192 low
ECDHE brainpoolp256r1 256 yes 128 low
ECDHE secp256k1 256 yes 128 low
page 161
SSL/TLS Protocol Properties
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
port 443/tcp over SSL
38706
General remote services
-
-
-
07/12/2018
-
No
No
THREAT:
The following is a list of detected SSL/TLS protocol properties.
IMPACT:
Items include:
Extended Master Secret: indicates whether the extended_master_secret
extension is supported or required by the server. This extension enhances
security and is recommended. Applicable to TLSv1, TLSv1.1, TLSv1.2,
DTLSv1, DTLSv1.2
Encrypt Then MAC: indicates whether the encrypt_then_mac extension is
supported or required by the server. This extension enhances the security
of non-AEAD ciphers and is recommended. Applicable to TLSv1, TLSv1.1,
TLSv1.2, DTLSv1, DTLSv1.2
Heartbeat: indicates whether the heartbeat extension is supported. It is
not recommended to enable this, except for DTLS. Applicable to TLSv1,
TLSv1.1, TLSv1.2, TLSv1.3, DTLSv1, DTLSv1.2
Truncated HMAC: indicates whether the truncated_hmac extension is
supported. This can degrade security and is not recommended. Applicable to
TLSv1, TLSv1.1, TLSv1.2, DTLSv1, DTLSv1.2
Cipher priority: indicates whether client, server or both determine the
priority of ciphers. Having the server determine the priority is
recommended.
Applicable to SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, DTLSv1, DTLSv1.2
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
NAME
STATUS
TLSv1
Extended Master Secret no
Encrypt Then MAC no
Heartbeat yes
Truncated HMAC no
OCSP stapling no
SCT extension no
TLSv1.1
Extended Master Secret no
Encrypt Then MAC no
Heartbeat yes
Truncated HMAC no
Cipher priority controlled by server
OCSP stapling no
SCT extension no
TLSv1.2
Extended Master Secret
Scan Results
no
page 17Encrypt Then MAC no
Heartbeat yes
Truncated HMAC no
Cipher priority controlled by server
OCSP stapling no
SCT extension no
1
TLS Secure Renegotiation Extension Support Information
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
port 443/tcp over SSL
42350
General remote services
-
-
-
03/21/2016
-
No
No
THREAT:
Secure Socket Layer (SSL) and Transport Layer Security (TLS)
renegotiation are vulnerable to an attack in which the attacker forms a TLS
connection with the target server, injects content of his choice, and
then splices in a new TLS connection from a client. The server treats the
client's initial TLS handshake as a renegotiation and thus believes that
the initial data transmitted by the attacker is from the same entity as
the subsequent client data. TLS protocol was extended to
cryptographically tierenegotiations to the TLS connections they are
being performed
over. This is referred to as TLS secure renegotiation extension. This
detection determines whether the TLS secure renegotiation extension is
supported by the server or not.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TLS Secure Renegotiation Extension Status: supported.
1
SSL Web Server Version
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
port 443/tcp
86001
Web server
-
-
-
01/01/1999
-
No
No
COMPLIANCE:
Scan Results
page 18Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Server Version Server Banner
_ aruba-proxy
1
List of Web Directories
QID:
Category:
CVE ID:
Vendor Reference:
Bugtraq ID:
Service Modified:
User Modified:
Edited:
PCI Vuln:
port 443/tcp
86672
Web server
-
-
-
09/11/2004
-
No
No
THREAT:
Based largely on the HTTP reply code, the following directories are most
likely present on the host.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
Scan Results
RESULTS:
Directory Source
/cgi-bin/ brute force
/test/ brute force
/CMS/ brute force
/tmp/ brute force
page 19Appendix
Hosts Scanned (IP)
89.46.108.65
Target distribution across scanner appliances
External : 89.46.108.65
Options Profile
Initial Options
Scan Settings
Ports:
Scanned TCP Ports: Standard Scan
Scanned UDP Ports: Standard Scan
Scan Dead Hosts: Off
Load Balancer Detection: Off
Perform 3-way Handshake: Off
Vulnerability Detection: Complete
Password Brute Forcing:
System: Disabled
Custom: Disabled
Authentication:
Windows: Disabled
Unix/Cisco: Disabled
Oracle: Disabled
Oracle Listener: Disabled
SNMP: Disabled
VMware: Disabled
DB2: Disabled
HTTP: Disabled
MySQL: Disabled
Tomcat Server: Disabled
MongoDB: Disabled
Palo Alto Networks Firewall: Disabled
Jboss Server: Disabled
Oracle WebLogic Server: Disabled
MariaDB: Disabled
InformixDB: Disabled
MS Exchange Server: Disabled
Oracle HTTP Server: Disabled
MS SharePoint: Disabled
Kubernetes: Disabled
Overall Performance: Normal
Authenticated Scan Certificate Discovery: Disabled
Test Authentication:
Disabled
Hosts to Scan in Parallel:
Use Appliance Parallel ML Scaling: Off
External Scanners: 15
Scanner Appliances: 30
Scan Results
page 20Processes to Run in Parallel:
Total Processes: 10
HTTP Processes: 10
Packet (Burst) Delay: Medium
Port Scanning and Host Discovery:
Intensity:
Normal
Dissolvable Agent:
Dissolvable Agent (for this profile): Disabled
Windows Share Enumeration: Disabled
Windows Directory Search: Disabled
Lite OS Discovery: Disabled
Host Alive Testing: Disabled
Do Not Overwrite OS: Disabled
Advanced Settings
Host Discovery: TCP Standard Scan, UDP Standard Scan, ICMP On
Ignore firewall-generated TCP RST packets: Off
Ignore all TCP RST packets: Off
Ignore firewall-generated TCP SYN-ACK packets: Off
Do not send TCP ACK or SYN-ACK packets during host discovery: Off
Report Legend
Vulnerability Levels
A Vulnerability is a design flaw or mis-configuration which makes your
network (or a host on your network) susceptible to malicious attacks
from local or
remote users. Vulnerabilities can exist in several areas of your
network, such as in your firewalls, FTP servers, Web servers, operating
systems or CGI bins.
Depending on the level of the security risk, the successful exploitation
of a vulnerability can vary from the disclosure of information about the
host to a
complete compromise of the host.
Severity
Level Description
1 Minimal Intruders can collect information about the host (open ports,
services, etc.) and may be
able to use this information to find other vulnerabilities.
2 Medium Intruders may be able to collect sensitive information from the
host, such as the
precise version of software installed. With this information, intruders
can easily
exploit known vulnerabilities specific to software versions.
3 Serious Intruders may be able to gain access to specific information
stored on the host,
including security settings. This could result in potential misuse of
the host by
intruders. For example, vulnerabilities at this level may include
partial disclosure of
file contents, access to certain files on the host, directory browsing,
disclosure of
filtering rules and security mechanisms, denial of service attacks, and
unauthorized use
of services, such as mail-relaying.
4 Critical Intruders can possibly gain control of the host, or there may
be potential leakage of
highly sensitive information. For example, vulnerabilities at this level
may include
full read access to files, potential backdoors, or a listing of all the
users on the
host.
5 Urgent Intruders can easily gain control of the host, which can lead
to the compromise of your
entire network security. For example, vulnerabilities at this level may
include full
read and write access to files, remote execution of commands, and the
presence of
backdoors.
Potential Vulnerability Levels
A potential vulnerability is one which we cannot confirm exists. The
only way to verify the existence of such vulnerabilities on your network
would be to
perform an intrusive scan, which could result in a denial of service.
This is strictly against our policy. Instead, we urge you to investigate
these potential
vulnerabilities further.
Severity
1
Scan Results
Level Description
Minimal If this vulnerability exists on your system, intruders can
collect information about the
host (open ports, services, etc.) and may be able to use this
information to find other
vulnerabilities.
page 21Severity
Level
Description
2 Medium If this vulnerability exists on your system, intruders may be
able to collect sensitive
information from the host, such as the precise version of software
installed. With this
information, intruders can easily exploit known vulnerabilities specific
to software
versions.
3 Serious If this vulnerability exists on your system, intruders may be
able to gain access to
specific information stored on the host, including security settings.
This could result
in potential misuse of the host by intruders. For example,
vulnerabilities at this level
may include partial disclosure of file contents, access to certain files
on the host,
directory browsing, disclosure of filtering rules and security
mechanisms, denial of
service attacks, and unauthorized use of services, such as mail-relaying.
4 Critical If this vulnerability exists on your system, intruders can
possibly gain control of the
host, or there may be potential leakage of highly sensitive information.
For example,
vulnerabilities at this level may include full read access to files,
potential
backdoors, or a listing of all the users on the host.
5 Urgent If this vulnerability exists on your system, intruders can
easily gain control of the
host, which can lead to the compromise of your entire network security.
For example,
vulnerabilities at this level may include full read and write access to
files, remote
execution of commands, and the presence of backdoors.
Information Gathered
Information Gathered includes visible information about the network
related to the host, such as traceroute information, Internet Service
Provider (ISP), or a
list of reachable hosts. Information Gathered severity levels also
include Network Mapping data, such as detected firewalls, SMTP banners,
or a list of open
TCP services.
Severity
Level Description
1 Minimal Intruders may be able to retrieve sensitive information
related to the host, such as
open UDP and TCP services lists, and detection of firewalls.
2 Medium Intruders may be able to determine the operating system running
on the host, and view banner versions.
3 Serious Intruders may be able to detect highly sensitive data, such as
global system user lists.
CONFIDENTIAL AND PROPRIETARY INFORMATION.
Qualys provides the QualysGuard Service "As Is," without any warranty of
any kind. Qualys makes no warranty that the information contained in
this report is
complete or error-free. Copyright 2020, Qualys, Inc.
Scan Results
page 22
-------------- parte successiva --------------
Un allegato non testuale è stato rimosso....
Nome: rudiano.pdf
Tipo: application/pdf
Dimensione: 50095 bytes
Descrizione: non disponibile
URL: <http://lugbs.linux.it/pipermail/lug/attachments/20201221/bdc4777d/attachment-0002.pdf>
-------------- parte successiva --------------
Un allegato non testuale è stato rimosso....
Nome: test sito istituzionale.pdf
Tipo: application/pdf
Dimensione: 119264 bytes
Descrizione: non disponibile
URL: <http://lugbs.linux.it/pipermail/lug/attachments/20201221/bdc4777d/attachment-0003.pdf>
Maggiori informazioni sulla lista
Lug