Scribd
Upload
217 views44 pages

PHP Vulnerabilities and Exploits Report

This document reports on the results of an automatic security scan performed on a host. Several high severity issues were found, including out-of-date versions of jQuery and PHP with known vulnerabilities.

Uploaded by

Putera Harri Pratama
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
217 views44 pages

PHP Vulnerabilities and Exploits Report

This document reports on the results of an automatic security scan performed on a host. Several high severity issues were found, including out-of-date versions of jQuery and PHP with known vulnerabilities.

Uploaded by

Putera Harri Pratama
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Scan Report

January 17, 2023

Summary
This document reports on the results of an automatic security scan. All dates are dis-
played using the timezone Coordinated Universal Time, which is abbreviated UTC. The
task was 63c61a8344494114f1f850-63c61a8444494114f1f86e-12a12d80. The scan started
at Tue Jan 17 [Link] 2023 UTC and ended at Tue Jan 17 [Link] 2023 UTC. The report
rst summarises the results found. Then, for each host, the report describes every issue
found. Please consider the advice given in each description, in order to rectify the issue.

Contents

1 Result Overview 2
2 Results per Host 2
2.1 [Link] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1.1 High 443/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1.2 Medium 443/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.1.3 Low general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2.1.4 Log general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.1.5 Log 80/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.1.6 Log 443/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
2.1.7 Log general/CPE-T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

1
2 RESULTS PER HOST 2

1 Result Overview

Host High Medium Low Log False Positive


[Link] 7 5 1 30 0
Total: 1 7 5 1 30 0

Vendor security updates are not trusted.


Overrides are o. Even when a result has an override, this report uses the actual threat of the
result.
Information on overrides is included in the report.
Notes are included in the report.
This report might not show details of all issues that were found.
Only results with a minimum QoD of 70 are shown.

This report contains all 43 results selected by the ltering described above. Before ltering
there were 54 results.

2 Results per Host


2.1 [Link]

Host scan start Tue Jan 17 [Link] 2023 UTC


Host scan end Tue Jan 17 [Link] 2023 UTC

Service (Port) Threat Level


443/tcp High
443/tcp Medium
general/tcp Low
general/tcp Log
80/tcp Log
443/tcp Log
general/CPE-T Log

2.1.1 High 443/tcp

High (CVSS: 9.9)


NVT: jQuery End of Life (EOL) Detection (Windows)

Summary
The installed version of jQuery on the remote host has reached the End of Life (EOL) and should
not be used anymore.

Vulnerability Detection Result


. . . continues on next page . . .
2 RESULTS PER HOST 3

. . . continued from previous page . . .


The "jQuery" version on the remote host has reached the end of life.
CPE: cpe:/a:jquery:jquery:1.9.0
Installed version: 1.9.0
Location/URL: [Link]
EOL version: 1
EOL date: unknown

Impact
An EOL version of jQuery is not receiving any security updates from the vendor. Unxed security
vulnerabilities might be leveraged by an attacker to compromise the security of this host.

Solution:
Solution type: VendorFix
Update jQuery on the remote host to a still supported version.

Vulnerability Detection Method


Checks if an EOL version is present on the target host.
Details: jQuery End of Life (EOL) Detection (Windows)
OID:[Link].4.1.25623.1.0.117148
Version used: 2021-06-11T[Link]Z

References
url: [Link]

High (CVSS: 9.8)


NVT: PHP < 7.4.28, 8.0.x < 8.0.16, 8.1.x < 8.1.3 Security Update (Feb 2022) - Windows

Product detection result


cpe:/a:php:php:7.3.33
Detected by PHP Detection (HTTP) (OID: [Link].4.1.25623.1.0.800109)

Summary
PHP released new versions which include a security x.

Vulnerability Detection Result


Installed version: 7.3.33
Fixed version: 7.4.28
Installation
path / port: 443/tcp

Solution:
Solution type: VendorFix
Update to version 7.4.28, 8.0.16, 8.1.3 or later.

. . . continues on next page . . .


2 RESULTS PER HOST 4

. . . continued from previous page . . .

Aected Software/OS
PHP prior to version 7.4.28, 8.0.x through 8.0.15 and 8.1.x through 8.1.2.

Vulnerability Insight
Fix #81708: UAF due to php_lter_oat() failing for ints.

Vulnerability Detection Method


Checks if a vulnerable version is present on the target host.
Details: PHP < 7.4.28, 8.0.x < 8.0.16, 8.1.x < 8.1.3 Security Update (Feb 2022) - Windows
OID:[Link].4.1.25623.1.0.147658
Version used: 2022-09-30T[Link]Z

Product Detection Result


Product: cpe:/a:php:php:7.3.33
Method: PHP Detection (HTTP)
OID: [Link].4.1.25623.1.0.800109)

References
cve: CVE-2021-21708
url: [Link]
url: [Link]
url: [Link]
url: [Link]
cert-bund: WID-SEC-2022-1767
cert-bund: WID-SEC-2022-1335
cert-bund: WID-SEC-2022-1228
cert-bund: WID-SEC-2022-0280
cert-bund: CB-K22/0201
dfn-cert: DFN-CERT-2022-2639
dfn-cert: DFN-CERT-2022-2598
dfn-cert: DFN-CERT-2022-2500
dfn-cert: DFN-CERT-2022-2499
dfn-cert: DFN-CERT-2022-1605
dfn-cert: DFN-CERT-2022-0557
dfn-cert: DFN-CERT-2022-0407
dfn-cert: DFN-CERT-2022-0365

High (CVSS: 8.1)


NVT: PHP < 7.4.30, 8.0.x < 8.0.20, 8.1.x < 8.1.7 Security Update (Jun 2022) - Windows

Product detection result


cpe:/a:php:php:7.3.33
Detected by PHP Detection (HTTP) (OID: [Link].4.1.25623.1.0.800109)

. . . continues on next page . . .


2 RESULTS PER HOST 5

. . . continued from previous page . . .

Summary
PHP released new versions which include a security x.

Vulnerability Detection Result


Installed version: 7.3.33
Fixed version: 7.4.30
Installation
path / port: 443/tcp

Solution:
Solution type: VendorFix
Update to version 7.4.30, 8.0.20, 8.1.7 or later.

Aected Software/OS
PHP prior to version 7.4.30, 8.0.x through 8.0.19 and 8.1.x through 8.1.6.

Vulnerability Insight
The following vulnerabilities exist:
- CVE-2022-31625: Uninitialized array in pg_query_params()
- CVE-2022-31626: mysqlnd/pdo password buer overow

Vulnerability Detection Method


Checks if a vulnerable version is present on the target host.
Details: PHP < 7.4.30, 8.0.x < 8.0.20, 8.1.x < 8.1.7 Security Update (Jun 2022) - Windows
OID:[Link].4.1.25623.1.0.148250
Version used: 2022-09-30T[Link]Z

Product Detection Result


Product: cpe:/a:php:php:7.3.33
Method: PHP Detection (HTTP)
OID: [Link].4.1.25623.1.0.800109)

References
cve: CVE-2022-31625
cve: CVE-2022-31626
url: [Link]
url: [Link]
url: [Link]
url: [Link]
url: [Link]
cert-bund: WID-SEC-2022-0255
cert-bund: CB-K22/0700
dfn-cert: DFN-CERT-2022-2869
dfn-cert: DFN-CERT-2022-2639
. . . continues on next page . . .
2 RESULTS PER HOST 6

. . . continued from previous page . . .


dfn-cert: DFN-CERT-2022-2638
dfn-cert: DFN-CERT-2022-2598
dfn-cert: DFN-CERT-2022-2500
dfn-cert: DFN-CERT-2022-2323
dfn-cert: DFN-CERT-2022-1881
dfn-cert: DFN-CERT-2022-1552
dfn-cert: DFN-CERT-2022-1516
dfn-cert: DFN-CERT-2022-1493
dfn-cert: DFN-CERT-2022-1473
dfn-cert: DFN-CERT-2022-1288

High (CVSS: 7.8)


NVT: PHP < 8.0.27, 8.1.x < 8.1.14, 8.2.x < 8.2.1 Security Update - Windows

Product detection result


cpe:/a:php:php:7.3.33
Detected by PHP Detection (HTTP) (OID: [Link].4.1.25623.1.0.800109)

Summary
PHP is prone to an integer overow vulnerability.

Vulnerability Detection Result


Installed version: 7.3.33
Fixed version: 8.0.27
Installation
path / port: 443/tcp

Solution:
Solution type: VendorFix
Update to version 8.0.27, 8.1.14, 8.2.1 or later.

Aected Software/OS
PHP prior to version 8.0.27, version 8.1.x through 8.1.13 and 8.2.0.

Vulnerability Insight
Due to an uncaught integer overow, PDO::quote() of PDO_SQLite may return a not properly
quoted string.

Vulnerability Detection Method


Checks if a vulnerable version is present on the target host.
Details: PHP < 8.0.27, 8.1.x < 8.1.14, 8.2.x < 8.2.1 Security Update - Windows
OID:[Link].4.1.25623.1.0.149070
Version used: 2023-01-09T[Link]Z

. . . continues on next page . . .


2 RESULTS PER HOST 7

. . . continued from previous page . . .


Product Detection Result
Product: cpe:/a:php:php:7.3.33
Method: PHP Detection (HTTP)
OID: [Link].4.1.25623.1.0.800109)

References
cve: CVE-2022-31631
url: [Link]
url: [Link]
url: [Link]
cert-bund: WID-SEC-2023-0035
dfn-cert: DFN-CERT-2023-0071
dfn-cert: DFN-CERT-2023-0034

High (CVSS: 7.5)


NVT: PHP 'CVE-2017-7189' Improper Input Validation Vulnerability (Windows)

Product detection result


cpe:/a:php:php:7.3.33
Detected by PHP Detection (HTTP) (OID: [Link].4.1.25623.1.0.800109)

Summary
PHP is improperly validating input from untrusted input.

Vulnerability Detection Result


Installed version: 7.3.33
Fixed version: None
Installation
path / port: 443/tcp

Solution:
Solution type: WillNotFix
No solution was made available by the vendor. General solution options are to upgrade to a
newer release, disable respective features, remove the product or replace the product by another
one.
Note: PHP versions 7.0.18 and 7.1.4 introduced a x which was reverted again in version 7.0.19
/ 7.1.5 respectively and the x wasn't introduced again as of today (08-2020).

Aected Software/OS
All PHP versions since 4.3.0 up to the latest 7.x versions.
Note: PHP versions 7.0.18 and 7.1.4 introduced a x which was reverted again in version 7.0.19
/ 7.1.5 respectively.

Vulnerability Insight
. . . continues on next page . . .
2 RESULTS PER HOST 8

. . . continued from previous page . . .


main/streams/xp_socket.c in PHP misparses fsockopen calls, such as by interpreting fsock-
open('[Link]:80', 443) as if the address/port were [Link]:80:443, which is later truncated to
[Link]:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in
this example) is hardcoded into an application as a security policy, but the hostname argument
(i.e., [Link]:80 in this example) is obtained from untrusted input.

Vulnerability Detection Method


Checks if a vulnerable version is present on the target host.
Details: PHP 'CVE-2017-7189' Improper Input Validation Vulnerability (Windows)
OID:[Link].4.1.25623.1.0.108875
Version used: 2021-07-08T[Link]Z

Product Detection Result


Product: cpe:/a:php:php:7.3.33
Method: PHP Detection (HTTP)
OID: [Link].4.1.25623.1.0.800109)

References
cve: CVE-2017-7189
url: [Link]
url: [Link]
url: [Link]
,→95a

High (CVSS: 10.0)


NVT: PHP End Of Life Detection (Windows)

Product detection result


cpe:/a:php:php:7.3.33
Detected by PHP Detection (HTTP) (OID: [Link].4.1.25623.1.0.800109)

Summary
The PHP version on the remote host has reached the end of life and should not be used anymore.

Vulnerability Detection Result


The "PHP" version on the remote host has reached the end of life.
CPE: cpe:/a:php:php:7.3.33
Installed version: 7.3.33
EOL version: 7.3
EOL date: 2021-12-06

Impact
An end of life version of PHP is not receiving any security updates from the vendor. Unxed
security vulnerabilities might be leveraged by an attacker to compromise the security of this host.
. . . continues on next page . . .
2 RESULTS PER HOST 9

. . . continued from previous page . . .

Solution:
Solution type: VendorFix
Update the PHP version on the remote host to a still supported version.

Vulnerability Insight
Each release branch of PHP is fully supported for two years from its initial stable release. During
this period, bugs and security issues that have been reported are xed and are released in regular
point releases.
After this two year period of active support, each branch is then supported for an additional
year for critical security issues only. Releases during this period are made on an as-needed basis:
there may be multiple point releases, or none, depending on the number of reports.
Once the three years of support are completed, the branch reaches its end of life and is no longer
supported.

Vulnerability Detection Method


Checks if a vulnerable version is present on the target host.
Details: PHP End Of Life Detection (Windows)
OID:[Link].4.1.25623.1.0.105888
Version used: 2021-04-13T[Link]Z

Product Detection Result


Product: cpe:/a:php:php:7.3.33
Method: PHP Detection (HTTP)
OID: [Link].4.1.25623.1.0.800109)

References
url: [Link]
url: [Link]

High (CVSS: 7.5)


NVT: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS

Summary
This routine reports all SSL/TLS cipher suites accepted by a service where attack vectors exists
only on HTTPS services.

Vulnerability Detection Result


'Vulnerable' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
'Vulnerable' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
. . . continues on next page . . .
2 RESULTS PER HOST 10

. . . continued from previous page . . .

Solution:
Solution type: Mitigation
The conguration of this services should be changed so that it does not accept the listed cipher
suites anymore.
Please see the references for more resources supporting you with this task.

Aected Software/OS
Services accepting vulnerable SSL/TLS cipher suites via HTTPS.

Vulnerability Insight
These rules are applied for the evaluation of the vulnerable cipher suites:
- 64-bit block cipher 3DES vulnerable to the SWEET32 attack (CVE-2016-2183).

Vulnerability Detection Method


Details: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS
OID:[Link].4.1.25623.1.0.108031
Version used: 2022-08-01T[Link]Z

References
cve: CVE-2016-2183
cve: CVE-2016-6329
cve: CVE-2020-12872
url: [Link]
url: [Link]
url: [Link]
cert-bund: WID-SEC-2022-2226
cert-bund: WID-SEC-2022-1955
cert-bund: CB-K21/1094
cert-bund: CB-K20/1023
cert-bund: CB-K20/0321
cert-bund: CB-K20/0314
cert-bund: CB-K20/0157
cert-bund: CB-K19/0618
cert-bund: CB-K19/0615
cert-bund: CB-K18/0296
cert-bund: CB-K17/1980
cert-bund: CB-K17/1871
cert-bund: CB-K17/1803
cert-bund: CB-K17/1753
cert-bund: CB-K17/1750
cert-bund: CB-K17/1709
cert-bund: CB-K17/1558
cert-bund: CB-K17/1273
cert-bund: CB-K17/1202
cert-bund: CB-K17/1196
. . . continues on next page . . .
2 RESULTS PER HOST 11

. . . continued from previous page . . .


cert-bund: CB-K17/1055
cert-bund: CB-K17/1026
cert-bund: CB-K17/0939
cert-bund: CB-K17/0917
cert-bund: CB-K17/0915
cert-bund: CB-K17/0877
cert-bund: CB-K17/0796
cert-bund: CB-K17/0724
cert-bund: CB-K17/0661
cert-bund: CB-K17/0657
cert-bund: CB-K17/0582
cert-bund: CB-K17/0581
cert-bund: CB-K17/0506
cert-bund: CB-K17/0504
cert-bund: CB-K17/0467
cert-bund: CB-K17/0345
cert-bund: CB-K17/0098
cert-bund: CB-K17/0089
cert-bund: CB-K17/0086
cert-bund: CB-K17/0082
cert-bund: CB-K16/1837
cert-bund: CB-K16/1830
cert-bund: CB-K16/1635
cert-bund: CB-K16/1630
cert-bund: CB-K16/1624
cert-bund: CB-K16/1622
cert-bund: CB-K16/1500
cert-bund: CB-K16/1465
cert-bund: CB-K16/1307
cert-bund: CB-K16/1296
dfn-cert: DFN-CERT-2021-1618
dfn-cert: DFN-CERT-2021-0775
dfn-cert: DFN-CERT-2021-0770
dfn-cert: DFN-CERT-2021-0274
dfn-cert: DFN-CERT-2020-2141
dfn-cert: DFN-CERT-2020-0368
dfn-cert: DFN-CERT-2019-1455
dfn-cert: DFN-CERT-2019-0068
dfn-cert: DFN-CERT-2018-1296
dfn-cert: DFN-CERT-2018-0323
dfn-cert: DFN-CERT-2017-2070
dfn-cert: DFN-CERT-2017-1954
dfn-cert: DFN-CERT-2017-1885
dfn-cert: DFN-CERT-2017-1831
dfn-cert: DFN-CERT-2017-1821
dfn-cert: DFN-CERT-2017-1785
dfn-cert: DFN-CERT-2017-1626
. . . continues on next page . . .
2 RESULTS PER HOST 12

. . . continued from previous page . . .


dfn-cert: DFN-CERT-2017-1326
dfn-cert: DFN-CERT-2017-1239
dfn-cert: DFN-CERT-2017-1238
dfn-cert: DFN-CERT-2017-1090
dfn-cert: DFN-CERT-2017-1060
dfn-cert: DFN-CERT-2017-0968
dfn-cert: DFN-CERT-2017-0947
dfn-cert: DFN-CERT-2017-0946
dfn-cert: DFN-CERT-2017-0904
dfn-cert: DFN-CERT-2017-0816
dfn-cert: DFN-CERT-2017-0746
dfn-cert: DFN-CERT-2017-0677
dfn-cert: DFN-CERT-2017-0675
dfn-cert: DFN-CERT-2017-0611
dfn-cert: DFN-CERT-2017-0609
dfn-cert: DFN-CERT-2017-0522
dfn-cert: DFN-CERT-2017-0519
dfn-cert: DFN-CERT-2017-0482
dfn-cert: DFN-CERT-2017-0351
dfn-cert: DFN-CERT-2017-0090
dfn-cert: DFN-CERT-2017-0089
dfn-cert: DFN-CERT-2017-0088
dfn-cert: DFN-CERT-2017-0086
dfn-cert: DFN-CERT-2016-1943
dfn-cert: DFN-CERT-2016-1937
dfn-cert: DFN-CERT-2016-1732
dfn-cert: DFN-CERT-2016-1726
dfn-cert: DFN-CERT-2016-1715
dfn-cert: DFN-CERT-2016-1714
dfn-cert: DFN-CERT-2016-1588
dfn-cert: DFN-CERT-2016-1555
dfn-cert: DFN-CERT-2016-1391
dfn-cert: DFN-CERT-2016-1378

[ return to [Link] ]

2.1.2 Medium 443/tcp

Medium (CVSS: 6.8)


NVT: PHP < 7.4.31, 8.0.x < 8.0.24, 8.1.x < 8.1.11 Security Update - Windows

Product detection result


cpe:/a:php:php:7.3.33
Detected by PHP Detection (HTTP) (OID: [Link].4.1.25623.1.0.800109)

. . . continues on next page . . .


2 RESULTS PER HOST 13

. . . continued from previous page . . .

Summary
PHP is prone to multiple vulnerabilities.

Vulnerability Detection Result


Installed version: 7.3.33
Fixed version: 7.4.31
Installation
path / port: 443/tcp

Solution:
Solution type: VendorFix
Update to version 7.4.31, 8.0.24, 8.1.11 or later.

Aected Software/OS
PHP versions prior to 7.4.31, 8.0.x prior to 8.0.24 and 8.1.x prior to 8.1.11.

Vulnerability Insight
The following vulnerabilities exist:
- CVE-2022-31628: The phar uncompressor code would recursively uncompress 'quines' gzip les,
resulting in an innite loop.
- CVE-2022-31629: The vulnerability enables network and same-site attackers to set a standard
insecure cookie in the victim's browser which is treated as a '__Host-' or '__Secure-' cookie by
PHP applications.

Vulnerability Detection Method


Checks if a vulnerable version is present on the target host.
Details: PHP < 7.4.31, 8.0.x < 8.0.24, 8.1.x < 8.1.11 Security Update - Windows
OID:[Link].4.1.25623.1.0.104332
Version used: 2022-09-30T[Link]Z

Product Detection Result


Product: cpe:/a:php:php:7.3.33
Method: PHP Detection (HTTP)
OID: [Link].4.1.25623.1.0.800109)

References
cve: CVE-2022-31628
cve: CVE-2022-31629
url: [Link]
url: [Link]
url: [Link]
url: [Link]
url: [Link]
cert-bund: WID-SEC-2022-1567
. . . continues on next page . . .
2 RESULTS PER HOST 14

. . . continued from previous page . . .


dfn-cert: DFN-CERT-2022-2869
dfn-cert: DFN-CERT-2022-2639
dfn-cert: DFN-CERT-2022-2638
dfn-cert: DFN-CERT-2022-2598
dfn-cert: DFN-CERT-2022-2523
dfn-cert: DFN-CERT-2022-2337
dfn-cert: DFN-CERT-2022-2157

Medium (CVSS: 5.0)


NVT: PHP < 7.4.33, 8.0.x < 8.0.25, 8.1.x < 8.1.12 Security Update - Windows

Product detection result


cpe:/a:php:php:7.3.33
Detected by PHP Detection (HTTP) (OID: [Link].4.1.25623.1.0.800109)

Summary
PHP is prone to multiple vulnerabilities.

Vulnerability Detection Result


Installed version: 7.3.33
Fixed version: 7.4.33
Installation
path / port: 443/tcp

Solution:
Solution type: VendorFix
Update to version 7.4.33, 8.0.25, 8.1.12 or later.

Aected Software/OS
PHP prior to version 7.4.33, version 8.0.x through 8.0.24 and 8.1.x through 8.1.11.

Vulnerability Insight
The following vulnerabilities exist:
- CVE-2022-31630: OOB read due to insucient input validation in imageloadfont()
- CVE-2022-37454: Buer overow in hash_update() on long parameter

Vulnerability Detection Method


Checks if a vulnerable version is present on the target host.
Details: PHP < 7.4.33, 8.0.x < 8.0.25, 8.1.x < 8.1.12 Security Update - Windows
OID:[Link].4.1.25623.1.0.148831
Version used: 2022-11-04T[Link]Z

Product Detection Result


Product: cpe:/a:php:php:7.3.33
. . . continues on next page . . .
2 RESULTS PER HOST 15

. . . continued from previous page . . .


Method: PHP Detection (HTTP)
OID: [Link].4.1.25623.1.0.800109)

References
cve: CVE-2022-31630
cve: CVE-2022-37454
url: [Link]
url: [Link]
url: [Link]
cert-bund: WID-SEC-2022-1934
cert-bund: WID-SEC-2022-1816
dfn-cert: DFN-CERT-2023-0028
dfn-cert: DFN-CERT-2022-2869
dfn-cert: DFN-CERT-2022-2793
dfn-cert: DFN-CERT-2022-2715
dfn-cert: DFN-CERT-2022-2639
dfn-cert: DFN-CERT-2022-2638
dfn-cert: DFN-CERT-2022-2598
dfn-cert: DFN-CERT-2022-2535
dfn-cert: DFN-CERT-2022-2523
dfn-cert: DFN-CERT-2022-2420
dfn-cert: DFN-CERT-2022-2380

Medium (CVSS: 5.0)


NVT: Sensitive File Disclosure (HTTP)

Summary
The script attempts to identify les containing sensitive data at the remote web server like e.g.:
- software (Blog, CMS) conguration or log les
- web / application server conguration / password les (.htaccess, .htpasswd, [Link]g,
[Link], ...)
- database backup les
- SSH or SSL/TLS Private-Keys

Vulnerability Detection Result


The following files containing sensitive information were identified:
Description: Microsoft IIS / [Link] Core Module [Link] file accessible. Thi
,→s could contain sensitive information about the structure of the application /
,→ web server and shouldn't be accessible.
Match: <configuration>
<[Link]>
Used regex: ^\s*<(configuration|system\.web(Server)?)>
Extra match: </[Link]>
</configuration>
Used regex: ^\s*</(configuration|system\.web(Server)?)>
URL: [Link]
. . . continues on next page . . .
2 RESULTS PER HOST 16

. . . continued from previous page . . .

Impact
Based on the information provided in these les an attacker might be able to gather additional
info and/or sensitive data like usernames and passwords.

Solution:
Solution type: Mitigation
The sensitive les shouldn't be accessible via a web server. Restrict access to it or remove it
completely.

Vulnerability Detection Method


Enumerate the remote web server and check if sensitive les are accessible.
Details: Sensitive File Disclosure (HTTP)
OID:[Link].4.1.25623.1.0.107305
Version used: 2022-09-13T[Link]Z

Medium (CVSS: 4.3)


NVT: SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection

Summary
It was possible to detect the usage of the deprecated TLSv1.0 and/or TLSv1.1 protocol on this
system.

Vulnerability Detection Result


In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and
,→ TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers c
,→an be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: [Link].4.1
,→.25623.1.0.802067) VT.

Impact
An attacker might be able to use the known cryptographic aws to eavesdrop the connection
between clients and the service to get access to sensitive data transferred within the secured
connection.
Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates
anymore.

Solution:
Solution type: Mitigation
It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the
TLSv1.2+ protocols. Please see the references for more information.

Aected Software/OS
All services providing an encrypted communication using the TLSv1.0 and/or TLSv1.1 protocols.

. . . continues on next page . . .


2 RESULTS PER HOST 17

. . . continued from previous page . . .


Vulnerability Insight
The TLSv1.0 and TLSv1.1 protocols contain known cryptographic aws like:
- CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)
- CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded
Legacy Encryption (FREAK)

Vulnerability Detection Method


Check the used TLS protocols of the services provided by this system.
Details: SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection
OID:[Link].4.1.25623.1.0.117274
Version used: 2021-07-19T[Link]Z

References
cve: CVE-2011-3389
cve: CVE-2015-0204
url: [Link]
url: [Link]
url: [Link]
url: [Link]
url: [Link]
url: [Link]
,→-report-2014
cert-bund: CB-K18/0799
cert-bund: CB-K16/1289
cert-bund: CB-K16/1096
cert-bund: CB-K15/1751
cert-bund: CB-K15/1266
cert-bund: CB-K15/0850
cert-bund: CB-K15/0764
cert-bund: CB-K15/0720
cert-bund: CB-K15/0548
cert-bund: CB-K15/0526
cert-bund: CB-K15/0509
cert-bund: CB-K15/0493
cert-bund: CB-K15/0384
cert-bund: CB-K15/0365
cert-bund: CB-K15/0364
cert-bund: CB-K15/0302
cert-bund: CB-K15/0192
cert-bund: CB-K15/0079
cert-bund: CB-K15/0016
cert-bund: CB-K14/1342
cert-bund: CB-K14/0231
cert-bund: CB-K13/0845
cert-bund: CB-K13/0796
cert-bund: CB-K13/0790
dfn-cert: DFN-CERT-2020-0177
. . . continues on next page . . .
2 RESULTS PER HOST 18

. . . continued from previous page . . .


dfn-cert: DFN-CERT-2020-0111
dfn-cert: DFN-CERT-2019-0068
dfn-cert: DFN-CERT-2018-1441
dfn-cert: DFN-CERT-2018-1408
dfn-cert: DFN-CERT-2016-1372
dfn-cert: DFN-CERT-2016-1164
dfn-cert: DFN-CERT-2016-0388
dfn-cert: DFN-CERT-2015-1853
dfn-cert: DFN-CERT-2015-1332
dfn-cert: DFN-CERT-2015-0884
dfn-cert: DFN-CERT-2015-0800
dfn-cert: DFN-CERT-2015-0758
dfn-cert: DFN-CERT-2015-0567
dfn-cert: DFN-CERT-2015-0544
dfn-cert: DFN-CERT-2015-0530
dfn-cert: DFN-CERT-2015-0396
dfn-cert: DFN-CERT-2015-0375
dfn-cert: DFN-CERT-2015-0374
dfn-cert: DFN-CERT-2015-0305
dfn-cert: DFN-CERT-2015-0199
dfn-cert: DFN-CERT-2015-0079
dfn-cert: DFN-CERT-2015-0021
dfn-cert: DFN-CERT-2014-1414
dfn-cert: DFN-CERT-2013-1847
dfn-cert: DFN-CERT-2013-1792
dfn-cert: DFN-CERT-2012-1979
dfn-cert: DFN-CERT-2012-1829
dfn-cert: DFN-CERT-2012-1530
dfn-cert: DFN-CERT-2012-1380
dfn-cert: DFN-CERT-2012-1377
dfn-cert: DFN-CERT-2012-1292
dfn-cert: DFN-CERT-2012-1214
dfn-cert: DFN-CERT-2012-1213
dfn-cert: DFN-CERT-2012-1180
dfn-cert: DFN-CERT-2012-1156
dfn-cert: DFN-CERT-2012-1155
dfn-cert: DFN-CERT-2012-1039
dfn-cert: DFN-CERT-2012-0956
dfn-cert: DFN-CERT-2012-0908
dfn-cert: DFN-CERT-2012-0868
dfn-cert: DFN-CERT-2012-0867
dfn-cert: DFN-CERT-2012-0848
dfn-cert: DFN-CERT-2012-0838
dfn-cert: DFN-CERT-2012-0776
dfn-cert: DFN-CERT-2012-0722
dfn-cert: DFN-CERT-2012-0638
dfn-cert: DFN-CERT-2012-0627
. . . continues on next page . . .
2 RESULTS PER HOST 19

. . . continued from previous page . . .


dfn-cert: DFN-CERT-2012-0451
dfn-cert: DFN-CERT-2012-0418
dfn-cert: DFN-CERT-2012-0354
dfn-cert: DFN-CERT-2012-0234
dfn-cert: DFN-CERT-2012-0221
dfn-cert: DFN-CERT-2012-0177
dfn-cert: DFN-CERT-2012-0170
dfn-cert: DFN-CERT-2012-0146
dfn-cert: DFN-CERT-2012-0142
dfn-cert: DFN-CERT-2012-0126
dfn-cert: DFN-CERT-2012-0123
dfn-cert: DFN-CERT-2012-0095
dfn-cert: DFN-CERT-2012-0051
dfn-cert: DFN-CERT-2012-0047
dfn-cert: DFN-CERT-2012-0021
dfn-cert: DFN-CERT-2011-1953
dfn-cert: DFN-CERT-2011-1946
dfn-cert: DFN-CERT-2011-1844
dfn-cert: DFN-CERT-2011-1826
dfn-cert: DFN-CERT-2011-1774
dfn-cert: DFN-CERT-2011-1743
dfn-cert: DFN-CERT-2011-1738
dfn-cert: DFN-CERT-2011-1706
dfn-cert: DFN-CERT-2011-1628
dfn-cert: DFN-CERT-2011-1627
dfn-cert: DFN-CERT-2011-1619
dfn-cert: DFN-CERT-2011-1482

Medium (CVSS: 6.4)


NVT: SSL/TLS: Missing 'Secure' Cookie Attribute (HTTP)

Summary
The remote HTTP web server / application is missing to set the 'Secure' cookie attribute for
one or more sent HTTP cookie.

Vulnerability Detection Result


The cookies:
Set-Cookie: laravel_session=eyJpdiI6IjcxcjQvM2NleDlicTh0L2Y0TXc0ekE9PSIsInZhbHVl
,→IjoiYkJTd0JyUHladHpEM3YrSzI1cGJSZUJSUnhZVHZ4b1RqSWNnUXBqcnlSS1pUVGt2VDY1SU5vN3
,→NITlFocGs2OERndUw2ZG0vNHU0ek5ER1hHS3dTUmxWTnFOL3dMeXcvelV2YmN0MysvYnJQUEZZQ1hi
,→ZVFZVkRyb1I2VnpvZmkiLCJtYWMiOiI1MDc4MjYwMGU4YzI2MDgxOWM4NzBiMTA0NTc1MTg4OGY5YT
,→FhYThiNjE2ZTM0MGM3ZjE3Y2E4MTE4YTcxZjBlIiwidGFnIjoiIn0%3D; expires=Tue, 17-Jan-
,→2023 [Link] GMT; Max-Age=***replaced***; path=/; httponly; samesite=lax
are missing the "Secure" cookie attribute.

Solution:
Solution type: Mitigation
. . . continues on next page . . .
2 RESULTS PER HOST 20

. . . continued from previous page . . .


Set the 'Secure' cookie attribute for any cookies that are sent over a SSL/TLS connection.

Aected Software/OS
Any web application accessible via a SSL/TLS connection.

Vulnerability Insight
The aw exists if a cookie is not using the 'Secure' cookie attribute and is sent over a SSL/TLS
connection.
This allows a cookie to be passed to the server by the client over non-secure channels (HTTP)
and subsequently allows an attacker to e.g. conduct session hijacking attacks.

Vulnerability Detection Method


Checks all cookies sent by the remote HTTP web server / application over a SSL/TLS connection
for a missing 'Secure' cookie attribute.
Details: SSL/TLS: Missing 'Secure' Cookie Attribute (HTTP)
OID:[Link].4.1.25623.1.0.902661
Version used: 2023-01-11T[Link]Z

References
url: [Link]
url: [Link]
url: [Link]
,→02)

[ return to [Link] ]

2.1.3 Low general/tcp

Low (CVSS: 2.6)


NVT: TCP timestamps

Summary
The remote host implements TCP timestamps and therefore allows to compute the uptime.

Vulnerability Detection Result


It was detected that the host implements RFC1323/RFC7323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 3023570952
Packet 2: 4025270182

Impact
A side eect of this feature is that the uptime of the remote host can sometimes be computed.

Solution:
Solution type: Mitigation
. . . continues on next page . . .
2 RESULTS PER HOST 21

. . . continued from previous page . . .


To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
/etc/[Link]. Execute 'sysctl -p' to apply the settings at runtime.
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options
when initiating TCP connections, but use them if the TCP peer that is initiating communication
includes them in their synchronize (SYN) segment.
See the references for more information.

Aected Software/OS
TCP implementations that implement RFC1323/RFC7323.

Vulnerability Insight
The remote host implements TCP timestamps, as dened by RFC1323/RFC7323.

Vulnerability Detection Method


Special IP packets are forged and sent with a little delay in between to the target IP. The
responses are searched for a timestamps. If found, the timestamps are reported.
Details: TCP timestamps
OID:[Link].4.1.25623.1.0.80091
Version used: 2020-08-24T[Link]Z

References
url: [Link]
url: [Link]
url: [Link]
,→ownload/[Link]?id=9152

[ return to [Link] ]

2.1.4 Log general/tcp

Log (CVSS: 0.0)


NVT: Hostname Determination Reporting

Summary
The script reports information on how the hostname of the target was determined.

Vulnerability Detection Result


Hostname determination for IP [Link]:
Hostname|Source
[Link]|IP-address

Solution:
. . . continues on next page . . .
2 RESULTS PER HOST 22

. . . continued from previous page . . .

Log Method
Details: Hostname Determination Reporting
OID:[Link].4.1.25623.1.0.108449
Version used: 2022-07-27T[Link]Z

Log (CVSS: 0.0)


NVT: jQuery Detection Consolidation

Summary
Consolidation of jQuery detections.

Vulnerability Detection Result


Detected jQuery
Version: 1.9.0
Location: /[Link]
CPE: cpe:/a:jquery:jquery:1.9.0
Concluded from version/product identification result:
src="[Link]

Solution:

Log Method
Details: jQuery Detection Consolidation
OID:[Link].4.1.25623.1.0.150658
Version used: 2021-09-21T[Link]Z

References
url: [Link]

Log (CVSS: 0.0)


NVT: nginx Detection Consolidation

Summary
Consolidation of nginx detections.

Vulnerability Detection Result


Detected nginx
Version: 1.14.1
Location: 443/tcp
CPE: cpe:/a:nginx:nginx:1.14.1
Concluded from version/product identification result:
Server: nginx/1.14.1

. . . continues on next page . . .


2 RESULTS PER HOST 23

. . . continued from previous page . . .


Solution:

Log Method
Details: nginx Detection Consolidation
OID:[Link].4.1.25623.1.0.113787
Version used: 2022-02-03T[Link]Z

References
url: [Link]

Log (CVSS: 0.0)


NVT: OS Detection Consolidation and Reporting

Summary
This script consolidates the OS information detected by several VTs and tries to nd the best
matching OS.
Furthermore it reports all previously collected information leading to this best matching OS. It
also reports possible additional information which might help to improve the OS detection.
If any of this information is wrong or could be improved please consider to report these to the
referenced community forum.

Vulnerability Detection Result


Best matching OS:
OS: Microsoft Windows
CPE: cpe:/o:microsoft:windows
Found by NVT: [Link].4.1.25623.1.0.102002 (Operating System (OS) Detection (ICM
,→P))
Concluded from ICMP based OS fingerprint
Setting key "Host/runs_windows" based on this information

Solution:

Log Method
Details: OS Detection Consolidation and Reporting
OID:[Link].4.1.25623.1.0.105937
Version used: 2023-01-12T[Link]Z

References
url: [Link]

Log (CVSS: 0.0)


NVT: SSL/TLS: Hostname discovery from server certicate

. . . continues on next page . . .


2 RESULTS PER HOST 24

. . . continued from previous page . . .


Summary
It was possible to discover an additional hostname of this server from its certicate Common or
Subject Alt Name.

Vulnerability Detection Result


The following additional and resolvable hostnames pointing to a different host i
,→p were detected:
[Link]

Solution:

Log Method
Details: SSL/TLS: Hostname discovery from server certificate
OID:[Link].4.1.25623.1.0.111010
Version used: 2021-11-22T[Link]Z

Log (CVSS: 0.0)


NVT: Traceroute

Summary
Collect information about the network route and network distance between the scanner host and
the target host.

Vulnerability Detection Result


Network route from scanner ([Link]) to target ([Link]):
[Link]
[Link]
[Link]
[Link]
[Link]
[Link]
[Link]
[Link]
[Link]
Network distance between scanner and target: 9

Solution:

Vulnerability Insight
For internal networks, the distances are usually small, often less than 4 hosts between scanner
and target. For public targets the distance is greater and might be 10 hosts or more.

Log Method
A combination of the protocols ICMP and TCP is used to determine the route. This method is
applicable for IPv4 only and it is also known as 'traceroute'.
. . . continues on next page . . .
2 RESULTS PER HOST 25

. . . continued from previous page . . .


Details: Traceroute
OID:[Link].4.1.25623.1.0.51662
Version used: 2022-10-17T[Link]Z

[ return to [Link] ]

2.1.5 Log 80/tcp

Log (CVSS: 0.0)


NVT: CGI Scanning Consolidation

Summary
The script consolidates various information for CGI scanning.
This information is based on the following scripts / settings:
- HTTP-Version Detection (OID: [Link].4.1.25623.1.0.100034)
- No 404 check (OID: [Link].4.1.25623.1.0.10386)
- Web mirroring / [Link] (OID: [Link].4.1.25623.1.0.10662)
- Directory Scanner / DDI_Directory_Scanner.nasl (OID: [Link].4.1.25623.1.0.11032)
- The congured 'cgi_path' within the 'Scanner Preferences' of the scan cong in use
- The congured 'Enable CGI scanning', 'Enable generic web application scanning' and 'Add
historic /scripts and /cgi-bin to directories for CGI scanning' within the 'Global variable settings'
of the scan cong in use
If you think any of this information is wrong please report it to the referenced community forum.

Vulnerability Detection Result


The Hostname/IP "[Link]" was used to access the remote host.
Generic web application scanning is disabled for this host via the "Enable gener
,→ic web application scanning" option within the "Global variable settings" of t
,→he scan config in use.
Requests to this service are done via HTTP/1.1.
This service seems to be able to host PHP scripts.
This service seems to be able to host ASP scripts.
The User-Agent "Mozilla/5.0 [en] (X11, U; OpenVAS-VT 21.4.3)" was used to access
,→ the remote host.
Historic /scripts and /cgi-bin are not added to the directories used for CGI sca
,→nning. You can enable this again with the "Add historic /scripts and /cgi-bin
,→to directories for CGI scanning" option within the "Global variable settings"
,→of the scan config in use.
The following directories were used for CGI scanning:
[Link]
While this is not, in and of itself, a bug, you should manually inspect these di
,→rectories to ensure that they are in compliance with company security standard
,→s

Solution:
. . . continues on next page . . .
2 RESULTS PER HOST 26

. . . continued from previous page . . .

Log Method
Details: CGI Scanning Consolidation
OID:[Link].4.1.25623.1.0.111038
Version used: 2022-09-22T[Link]Z

References
url: [Link]

Log (CVSS: 0.0)


NVT: HTTP Security Headers Detection

Summary
All known security headers are being checked on the remote web server.
On completion a report will hand back whether a specic security header has been implemented
(including its value and if it is deprecated) or is missing on the target.

Vulnerability Detection Result


Missing Headers | More Information
--------------------------------------------------------------------------------
,→------------------------------------------------------------------------------
,→------------------------------------------------
Content-Security-Policy | [Link]
,→/#content-security-policy
Cross-Origin-Embedder-Policy | [Link] Not
,→e: This is an upcoming header
Cross-Origin-Opener-Policy | [Link] Not
,→e: This is an upcoming header
Cross-Origin-Resource-Policy | [Link] Not
,→e: This is an upcoming header
Document-Policy | [Link]
,→cy/document-policy#document-policy-http-header
Feature-Policy | [Link]
,→/#feature-policy, Note: The Feature Policy header has been renamed to Permissi
,→ons Policy
Permissions-Policy | [Link]
,→cy/#permissions-policy-http-header-field
Referrer-Policy | [Link]
,→/#referrer-policy
Sec-Fetch-Dest | [Link]
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-Mode | [Link]
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-Site | [Link]
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
. . . continues on next page . . .
2 RESULTS PER HOST 27

. . . continued from previous page . . .


,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-User | [Link]
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
X-Content-Type-Options | [Link]
,→/#x-content-type-options
X-Frame-Options | [Link]
,→/#x-frame-options
X-Permitted-Cross-Domain-Policies | [Link]
,→/#x-permitted-cross-domain-policies
X-XSS-Protection | [Link]
,→/#x-xss-protection, Note: Most major browsers have dropped / deprecated suppor
,→t for this header in 2020.

Solution:

Log Method
Details: HTTP Security Headers Detection
OID:[Link].4.1.25623.1.0.112081
Version used: 2021-07-14T[Link]Z

References
url: [Link]
url: [Link]
url: [Link]

Log (CVSS: 0.0)


NVT: Response Time / No 404 Error Code Check

Summary
This VT tests if the remote web server does not reply with a 404 error code and checks if it is
replying to the scanners requests in a reasonable amount of time.

Vulnerability Detection Result


The host returns a 30x (e.g. 301) error code when a non-existent file is request
,→ed. Some HTTP-related checks have been disabled.

Solution:

Vulnerability Insight
This web server might show the following issues:
- it is [mis]congured in that it does not return '404 Not Found' error codes when a non-existent
le is requested, perhaps returning a site map, search page, authentication page or redirect
instead.
. . . continues on next page . . .
2 RESULTS PER HOST 28

. . . continued from previous page . . .


The Scanner might enabled some counter measures for that, however they might be insucient.
If a great number of security issues are reported for this port, they might not all be accurate.
- it doesn't response in a reasonable amount of time to various HTTP requests sent by this VT.
In order to keep the scan total time to a reasonable amount, the remote web server might not be
tested. If the remote server should be tested it has to be xed to have it reply to the scanners
requests in a reasonable amount of time.
Alternatively the 'Maximum response time (in seconds)' preference could be raised to a higher
value if longer scan times are accepted.

Log Method
Details: Response Time / No 404 Error Code Check
OID:[Link].4.1.25623.1.0.10386
Version used: 2020-11-27T[Link]Z

Log (CVSS: 0.0)


NVT: Services

Summary
This routine attempts to guess which service is running on the remote ports. For instance, it
searches for a web server which could listen on another port than 80 or 443 and makes this
information available for other check routines.

Vulnerability Detection Result


A web server is running on this port

Solution:

Log Method
Details: Services
OID:[Link].4.1.25623.1.0.10330
Version used: 2021-03-15T[Link]Z

[ return to [Link] ]

2.1.6 Log 443/tcp

Log (CVSS: 0.0)


NVT: CGI Scanning Consolidation

Summary
The script consolidates various information for CGI scanning.
This information is based on the following scripts / settings:
- HTTP-Version Detection (OID: [Link].4.1.25623.1.0.100034)
- No 404 check (OID: [Link].4.1.25623.1.0.10386)
. . . continues on next page . . .
2 RESULTS PER HOST 29

. . . continued from previous page . . .


- Web mirroring / [Link] (OID: [Link].4.1.25623.1.0.10662)
- Directory Scanner / DDI_Directory_Scanner.nasl (OID: [Link].4.1.25623.1.0.11032)
- The congured 'cgi_path' within the 'Scanner Preferences' of the scan cong in use
- The congured 'Enable CGI scanning', 'Enable generic web application scanning' and 'Add
historic /scripts and /cgi-bin to directories for CGI scanning' within the 'Global variable settings'
of the scan cong in use
If you think any of this information is wrong please report it to the referenced community forum.

Vulnerability Detection Result


The Hostname/IP "[Link]" was used to access the remote host.
Generic web application scanning is disabled for this host via the "Enable gener
,→ic web application scanning" option within the "Global variable settings" of t
,→he scan config in use.
Requests to this service are done via HTTP/1.1.
This service seems to be able to host PHP scripts.
This service seems to be NOT able to host ASP scripts.
The User-Agent "Mozilla/5.0 [en] (X11, U; OpenVAS-VT 21.4.3)" was used to access
,→ the remote host.
Historic /scripts and /cgi-bin are not added to the directories used for CGI sca
,→nning. You can enable this again with the "Add historic /scripts and /cgi-bin
,→to directories for CGI scanning" option within the "Global variable settings"
,→of the scan config in use.
The following directories were used for CGI scanning:
[Link]
While this is not, in and of itself, a bug, you should manually inspect these di
,→rectories to ensure that they are in compliance with company security standard
,→s
The following directories were excluded from CGI scanning because the "Regex pat
,→tern to exclude directories from CGI scanning" setting of the NVT "Global vari
,→able settings" (OID: [Link].4.1.25623.1.0.12288) for this scan was: "/(index\
,→.php|image|img|css|js$|js/|javascript|style|theme|icon|jquery|graphic|grafik|p
,→icture|bilder|thumbnail|media/|skins?/)"
[Link]
[Link]

Solution:

Log Method
Details: CGI Scanning Consolidation
OID:[Link].4.1.25623.1.0.111038
Version used: 2022-09-22T[Link]Z

References
url: [Link]
2 RESULTS PER HOST 30

Log (CVSS: 0.0)


NVT: HTTP Security Headers Detection

Summary
All known security headers are being checked on the remote web server.
On completion a report will hand back whether a specic security header has been implemented
(including its value and if it is deprecated) or is missing on the target.

Vulnerability Detection Result


Missing Headers | More Information
--------------------------------------------------------------------------------
,→------------------------------------------------------------------------------
,→------------------------------------------------------------------------------
,→----------
Content-Security-Policy | [Link]
,→/#content-security-policy
Cross-Origin-Embedder-Policy | [Link] Not
,→e: This is an upcoming header
Cross-Origin-Opener-Policy | [Link] Not
,→e: This is an upcoming header
Cross-Origin-Resource-Policy | [Link] Not
,→e: This is an upcoming header
Document-Policy | [Link]
,→cy/document-policy#document-policy-http-header
Expect-CT | [Link]
,→/#expect-ct, Note: This is an upcoming header
Feature-Policy | [Link]
,→/#feature-policy, Note: The Feature Policy header has been renamed to Permissi
,→ons Policy
Permissions-Policy | [Link]
,→cy/#permissions-policy-http-header-field
Public-Key-Pins | Please check the output of the VTs including
,→ 'SSL/TLS:' and 'HPKP' in their name for more information and configuration he
,→lp. Note: Most major browsers have dropped / deprecated support for this heade
,→r in 2020.
Referrer-Policy | [Link]
,→/#referrer-policy
Sec-Fetch-Dest | [Link]
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-Mode | [Link]
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-Site | [Link]
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-User | [Link]
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
. . . continues on next page . . .
2 RESULTS PER HOST 31

. . . continued from previous page . . .


,→rted only in newer browsers like e.g. Firefox 90
Strict-Transport-Security | Please check the output of the VTs including
,→ 'SSL/TLS:' and 'HSTS' in their name for more information and configuration he
,→lp.
X-Content-Type-Options | [Link]
,→/#x-content-type-options
X-Frame-Options | [Link]
,→/#x-frame-options
X-Permitted-Cross-Domain-Policies | [Link]
,→/#x-permitted-cross-domain-policies
X-XSS-Protection | [Link]
,→/#x-xss-protection, Note: Most major browsers have dropped / deprecated suppor
,→t for this header in 2020.

Solution:

Log Method
Details: HTTP Security Headers Detection
OID:[Link].4.1.25623.1.0.112081
Version used: 2021-07-14T[Link]Z

References
url: [Link]
url: [Link]
url: [Link]

Log (CVSS: 0.0)


NVT: HTTP Server Banner Enumeration

Summary
This script tries to detect / enumerate dierent HTTP server banner (e.g. from a frontend,
backend or proxy server) by sending various dierent HTTP requests (valid and invalid ones).

Vulnerability Detection Result


It was possible to enumerate the following HTTP server banner(s):
Server banner | Enumeration technique
---------------------------------------------------------------------
Server: nginx/1.14.1 | Valid HTTP 1.0 GET request to '/[Link]'
X-Powered-By: PHP/7.3.33 | Valid HTTP 1.0 GET request to '/[Link]'

Solution:

Log Method
Details: HTTP Server Banner Enumeration
OID:[Link].4.1.25623.1.0.108708
. . . continues on next page . . .
2 RESULTS PER HOST 32

. . . continued from previous page . . .


Version used: 2022-06-28T[Link]Z

Log (CVSS: 0.0)


NVT: HTTP Server type and version

Summary
This script detects and reports the HTTP Server's banner which might provide the type and
version of it.

Vulnerability Detection Result


The remote HTTP Server banner is:
Server: nginx/1.14.1

Solution:

Log Method
Details: HTTP Server type and version
OID:[Link].4.1.25623.1.0.10107
Version used: 2020-08-24T[Link]Z

Log (CVSS: 0.0)


NVT: HTTP TRACE

Summary
Transparent or reverse HTTP proxies may be implement on some sites.

Vulnerability Detection Result


The GET method revealed those proxies on the way to this web server :
HTTP/1.1 google

Solution:

Log Method
Details: HTTP TRACE
OID:[Link].4.1.25623.1.0.11040
Version used: 2022-02-18T[Link]Z

Log (CVSS: 0.0)


NVT: PHP Detection (HTTP)

Summary
HTTP based detection of PHP.
. . . continues on next page . . .
2 RESULTS PER HOST 33

. . . continued from previous page . . .

Vulnerability Detection Result


Detected PHP
Version: 7.3.33
Location: 443/tcp
CPE: cpe:/a:php:php:7.3.33
Concluded from version/product identification result:
X-Powered-By: PHP/7.3.33

Solution:

Log Method
Details: PHP Detection (HTTP)
OID:[Link].4.1.25623.1.0.800109
Version used: 2021-04-13T[Link]Z

Log (CVSS: 0.0)


NVT: robot(s).txt exists on the Web Server

Summary
Web Servers can use a le called /robot(s).txt to ask search engines to ignore certain les and
directories. By nature this le can not be used to protect private les from public read access.

Vulnerability Detection Result


The file '[Link] contains the following:
User-agent: *
Disallow:

Solution:
Solution type: Mitigation
Review the content of the /robot(s).txt le and consider removing the les from the server or
protect them in other ways in case you actually intended non-public availability.

Vulnerability Insight
Any serious web search engine will honor the /robot(s).txt le and not scan the les and direc-
tories listed there.
Any entries listed in this le are not even hidden anymore.

Log Method
Details: robot(s).txt exists on the Web Server
OID:[Link].4.1.25623.1.0.10302
Version used: 2020-08-24T[Link]Z

References
. . . continues on next page . . .
2 RESULTS PER HOST 34

. . . continued from previous page . . .


url: [Link]
url: [Link]

Log (CVSS: 0.0)


NVT: Services

Summary
This routine attempts to guess which service is running on the remote ports. For instance, it
searches for a web server which could listen on another port than 80 or 443 and makes this
information available for other check routines.

Vulnerability Detection Result


A TLScustom server answered on this port

Solution:

Log Method
Details: Services
OID:[Link].4.1.25623.1.0.10330
Version used: 2021-03-15T[Link]Z

Log (CVSS: 0.0)


NVT: Services

Summary
This routine attempts to guess which service is running on the remote ports. For instance, it
searches for a web server which could listen on another port than 80 or 443 and makes this
information available for other check routines.

Vulnerability Detection Result


An HTTP proxy is running on this port through SSL

Solution:

Log Method
Details: Services
OID:[Link].4.1.25623.1.0.10330
Version used: 2021-03-15T[Link]Z

Log (CVSS: 0.0)


NVT: Services

. . . continues on next page . . .


2 RESULTS PER HOST 35

. . . continued from previous page . . .


Summary
This routine attempts to guess which service is running on the remote ports. For instance, it
searches for a web server which could listen on another port than 80 or 443 and makes this
information available for other check routines.

Vulnerability Detection Result


A web server is running on this port through SSL

Solution:

Log Method
Details: Services
OID:[Link].4.1.25623.1.0.10330
Version used: 2021-03-15T[Link]Z

Log (CVSS: 0.0)


NVT: SSL/TLS: Collect and Report Certicate Details

Summary
This script collects and reports the details of all SSL/TLS certicates.
This data will be used by other tests to verify server certicates.

Vulnerability Detection Result


The following certificate details of the remote service were collected.
Certificate details:
fingerprint (SHA-1) | 4325A9DE465BAF474E4DACC74E45D4AA20B06440
fingerprint (SHA-256) | D24EE0124418137C4F5C17793174358CDA8A69E21C4483
,→717E3C7762C0F4CF50
issued by | CN=Sectigo RSA Domain Validation Secure Server
,→ CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB
public key size (bits) | 2048
serial | 6D46B9AA5CEB348926753D5929D4C7A5
signature algorithm | sha256WithRSAEncryption
subject | CN=*.[Link]
subject alternative names (SAN) | *.[Link], [Link]
valid from | 2022-03-05 [Link] UTC
valid until | 2023-04-04 [Link] UTC

Solution:

Log Method
Details: SSL/TLS: Collect and Report Certificate Details
OID:[Link].4.1.25623.1.0.103692
Version used: 2021-12-10T[Link]Z
2 RESULTS PER HOST 36

Log (CVSS: 0.0)


NVT: SSL/TLS: HTTP Public Key Pinning (HPKP) Missing

Summary
The remote web server is not enforcing HPKP.
Note: Most major browsers have dropped / deprecated support for this header in 2020.

Vulnerability Detection Result


The remote web server is not enforcing HPKP.
HTTP-Banner:
HTTP/1.1 200 OK
Server: nginx/1.14.1
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
X-Powered-By: PHP/7.3.33
Cache-Control: no-cache, private
Date: ***replaced***
Set-Cookie: ***replaced***_session=eyJpdiI6IjJ6bDdMRjBEM2x3Y1lrZHBqbWxPY3c9PSIsI
,→nZhbHVlIjoiV1F1d25nNTFFa3dCZHA4UjJwN1lJU2NBeXR0SU0rTWZsWjNSKzYycE84WEl5VFFpRXR
,→oMWtnVkRXdzQ2YWxiMGwyN0FNWEdRbDBscHIvOGR0eUZqUTR3TUhkemNBNTlmdmFtYnNMR0llQlZoL
,→2lUbE9CaHRoeUtsWFJGcGN0UVUiLCJtYWMiOiI1MTUzZGU2ODBkNzExZGNmYTM2MGRhMjFlMjdkNzE
,→yODExNGZlOTkxNTk3Njc3MjQ3NTY1Zjg5NmU1ZmVmNTg4IiwidGFnIjoiIn0%3D; expires=***re
,→placed***
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Connection: close

Solution:
Solution type: Workaround
Enable HPKP or add / congure the required directives correctly following the guides linked in
the references.
Note: Some web servers are not sending headers on specic status codes by default. Please review
your web server or application conguration to always send these headers on every response
independently from the status code.
- Apache: Use 'Header always set' instead of 'Header set'.
- nginx: Append the 'always' keyword to each 'add_header' directive.
For dierent applications or web severs please refer to the related documentation for a similar
conguration possibility.

Log Method
Details: SSL/TLS: HTTP Public Key Pinning (HPKP) Missing
OID:[Link].4.1.25623.1.0.108247
Version used: 2021-01-26T[Link]Z

References
url: [Link]
url: [Link]
. . . continues on next page . . .
2 RESULTS PER HOST 37

. . . continued from previous page . . .


,→for-http-hpkp
url: [Link]
url: [Link]
url: [Link]
url: [Link]

Log (CVSS: 0.0)


NVT: SSL/TLS: HTTP Strict Transport Security (HSTS) Missing

Summary
The remote web server is not enforcing HSTS.

Vulnerability Detection Result


The remote web server is not enforcing HSTS.
HTTP-Banner:
HTTP/1.1 200 OK
Server: nginx/1.14.1
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
X-Powered-By: PHP/7.3.33
Cache-Control: no-cache, private
Date: ***replaced***
Set-Cookie: ***replaced***_session=eyJpdiI6IjJ6bDdMRjBEM2x3Y1lrZHBqbWxPY3c9PSIsI
,→nZhbHVlIjoiV1F1d25nNTFFa3dCZHA4UjJwN1lJU2NBeXR0SU0rTWZsWjNSKzYycE84WEl5VFFpRXR
,→oMWtnVkRXdzQ2YWxiMGwyN0FNWEdRbDBscHIvOGR0eUZqUTR3TUhkemNBNTlmdmFtYnNMR0llQlZoL
,→2lUbE9CaHRoeUtsWFJGcGN0UVUiLCJtYWMiOiI1MTUzZGU2ODBkNzExZGNmYTM2MGRhMjFlMjdkNzE
,→yODExNGZlOTkxNTk3Njc3MjQ3NTY1Zjg5NmU1ZmVmNTg4IiwidGFnIjoiIn0%3D; expires=***re
,→placed***
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Connection: close

Solution:
Solution type: Workaround
Enable HSTS or add / congure the required directives correctly following the guides linked in
the references.
Note: Some web servers are not sending headers on specic status codes by default. Please review
your web server or application conguration to always send these headers on every response
independently from the status code.
- Apache: Use 'Header always set' instead of 'Header set'.
- nginx: Append the 'always' keyword to each 'add_header' directive.
For dierent applications or web severs please refer to the related documentation for a similar
conguration possibility.

Log Method
Details: SSL/TLS: HTTP Strict Transport Security (HSTS) Missing
. . . continues on next page . . .
2 RESULTS PER HOST 38

. . . continued from previous page . . .


OID:[Link].4.1.25623.1.0.105879
Version used: 2021-01-26T[Link]Z

References
url: [Link]
url: [Link]
,→t_Security_Cheat_Sheet.html
url: [Link]
,→y-hsts
url: [Link]
url: [Link]
url: [Link]
url: [Link]

Log (CVSS: 0.0)


NVT: SSL/TLS: NPN / ALPN Extension and Protocol Support Detection

Summary
This routine identies services supporting the following extensions to TLS:
- Application-Layer Protocol Negotiation (ALPN)
- Next Protocol Negotiation (NPN).
Based on the availability of this extensions the supported Network Protocols by this service are
gathered and reported.

Vulnerability Detection Result


The remote service advertises support for the following Network Protocol(s) via
,→the NPN extension:
SSL/TLS Protocol:Network Protocol
TLSv1.0:HTTP/1.1
TLSv1.0:HTTP/2
TLSv1.0:gRPC
TLSv1.1:HTTP/1.1
TLSv1.1:HTTP/2
TLSv1.1:gRPC
TLSv1.2:HTTP/1.1
TLSv1.2:HTTP/2
TLSv1.2:gRPC
The remote service advertises support for the following Network Protocol(s) via
,→the ALPN extension:
SSL/TLS Protocol:Network Protocol
TLSv1.0:HTTP/1.1
TLSv1.0:HTTP/2
TLSv1.0:gRPC
TLSv1.1:HTTP/1.1
TLSv1.1:HTTP/2
TLSv1.1:gRPC
TLSv1.2:HTTP/1.1
. . . continues on next page . . .
2 RESULTS PER HOST 39

. . . continued from previous page . . .


TLSv1.2:HTTP/2
TLSv1.2:gRPC

Solution:

Log Method
Details: SSL/TLS: NPN / ALPN Extension and Protocol Support Detection
OID:[Link].4.1.25623.1.0.108099
Version used: 2022-09-22T[Link]Z

References
url: [Link]
url: [Link]

Log (CVSS: 0.0)


NVT: SSL/TLS: Report Medium Cipher Suites

Summary
This routine reports all Medium SSL/TLS cipher suites accepted by a service.

Vulnerability Detection Result


'Medium' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
'Medium' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
'Medium' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
'Medium' cipher suites accepted by this service via the TLSv1.3 protocol:
TLS_AES_128_GCM_SHA256
. . . continues on next page . . .
2 RESULTS PER HOST 40

. . . continued from previous page . . .

Solution:

Vulnerability Insight
Any cipher suite considered to be secure for only the next 10 years is considered as medium.

Log Method
Details: SSL/TLS: Report Medium Cipher Suites
OID:[Link].4.1.25623.1.0.902816
Version used: 2021-12-01T[Link]Z

Log (CVSS: 0.0)


NVT: SSL/TLS: Report Non Weak Cipher Suites

Summary
This routine reports all Non Weak SSL/TLS cipher suites accepted by a service.

Vulnerability Detection Result


'Non Weak' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
'Non Weak' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
'Non Weak' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
'Non Weak' cipher suites accepted by this service via the TLSv1.3 protocol:
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
. . . continues on next page . . .
2 RESULTS PER HOST 41

. . . continued from previous page . . .

Solution:

Log Method
Details: SSL/TLS: Report Non Weak Cipher Suites
OID:[Link].4.1.25623.1.0.103441
Version used: 2021-12-01T[Link]Z

Log (CVSS: 0.0)


NVT: SSL/TLS: Report Perfect Forward Secrecy (PFS) Cipher Suites

Summary
This routine reports all SSL/TLS cipher suites accepted by a service which are supporting Perfect
Forward Secrecy (PFS).

Vulnerability Detection Result


Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this serv
,→ice via the TLSv1.0 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this serv
,→ice via the TLSv1.1 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this serv
,→ice via the TLSv1.2 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this serv
,→ice via the TLSv1.3 protocol:
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256

Solution:

Log Method
Details: SSL/TLS: Report Perfect Forward Secrecy (PFS) Cipher Suites
OID:[Link].4.1.25623.1.0.105018
Version used: 2021-12-09T[Link]Z
2 RESULTS PER HOST 42

Log (CVSS: 0.0)


NVT: SSL/TLS: Report Supported Cipher Suites

Summary
This routine reports all SSL/TLS cipher suites accepted by a service.

Vulnerability Detection Result


No 'Strong' cipher suites accepted by this service via the TLSv1.0 protocol.
'Medium' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
No 'Weak' cipher suites accepted by this service via the TLSv1.0 protocol.
No 'Null' cipher suites accepted by this service via the TLSv1.0 protocol.
No 'Anonymous' cipher suites accepted by this service via the TLSv1.0 protocol.
No 'Strong' cipher suites accepted by this service via the TLSv1.1 protocol.
'Medium' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
No 'Weak' cipher suites accepted by this service via the TLSv1.1 protocol.
No 'Null' cipher suites accepted by this service via the TLSv1.1 protocol.
No 'Anonymous' cipher suites accepted by this service via the TLSv1.1 protocol.
'Strong' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
'Medium' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
No 'Weak' cipher suites accepted by this service via the TLSv1.2 protocol.
No 'Null' cipher suites accepted by this service via the TLSv1.2 protocol.
No 'Anonymous' cipher suites accepted by this service via the TLSv1.2 protocol.
'Strong' cipher suites accepted by this service via the TLSv1.3 protocol:
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
'Medium' cipher suites accepted by this service via the TLSv1.3 protocol:
TLS_AES_128_GCM_SHA256
No 'Weak' cipher suites accepted by this service via the TLSv1.3 protocol.
. . . continues on next page . . .
2 RESULTS PER HOST 43

. . . continued from previous page . . .


No 'Null' cipher suites accepted by this service via the TLSv1.3 protocol.
No 'Anonymous' cipher suites accepted by this service via the TLSv1.3 protocol.

Solution:

Vulnerability Insight
Notes:
- As the VT 'SSL/TLS: Check Supported Cipher Suites' (OID: [Link].4.1.25623.1.0.900234)
might run into a timeout the actual reporting of all accepted cipher suites takes place in this VT
instead.
- SSLv2 ciphers are not getting reported as the protocol itself is deprecated, needs to be considered
as weak and is reported separately as deprecated.

Log Method
Details: SSL/TLS: Report Supported Cipher Suites
OID:[Link].4.1.25623.1.0.802067
Version used: 2022-08-25T[Link]Z

Log (CVSS: 0.0)


NVT: SSL/TLS: Version Detection

Summary
Enumeration and reporting of SSL/TLS protocol versions supported by a remote service.

Vulnerability Detection Result


The remote SSL/TLS service supports the following SSL/TLS protocol version(s):
TLSv1.0
TLSv1.1
TLSv1.2
TLSv1.3

Solution:

Log Method
Sends multiple connection requests to the remote service and attempts to determine the SSL/TLS
protocol versions supported by the service from the replies.
Note: The supported SSL/TLS protocol versions included in the report of this VT are reported
independently from the allowed / supported SSL/TLS ciphers.
Details: SSL/TLS: Version Detection
OID:[Link].4.1.25623.1.0.105782
Version used: 2021-12-06T[Link]Z

[ return to [Link] ]
2 RESULTS PER HOST 44

2.1.7 Log general/CPE-T

Log (CVSS: 0.0)


NVT: CPE Inventory

Summary
This routine uses information collected by other routines about CPE identities of operating
systems, services and applications detected during the scan.
Note: Some CPEs for specic products might show up twice or more in the output. Background:
After a product got renamed or a specic vendor was acquired by another one it might happen
that a product gets a new CPE within the NVD CPE Dictionary but older entries are kept with
the older CPE.

Vulnerability Detection Result


[Link]|cpe:/[Link]nginx:1.14.1
[Link]|cpe:/a:jquery:jquery:1.9.0
[Link]|cpe:/a:nginx:nginx:1.14.1
[Link]|cpe:/a:php:php:7.3.33
[Link]|cpe:/o:microsoft:windows

Solution:

Log Method
Details: CPE Inventory
OID:[Link].4.1.25623.1.0.810002
Version used: 2022-07-27T[Link]Z

References
url: [Link]

[ return to [Link] ]

This le was automatically generated.

You might also like