Scribd
Upload
29 views7 pages

Load PDF

Uploaded by

Lucifer Morningstar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
29 views7 pages

Load PDF

Uploaded by

Lucifer Morningstar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

10.247.62.

106
May 15, 2025

Report Summary
User Name: Niti sharma
Login Name: ncbhu_ns
Company: NIC_Bhubaneshwar
User Role: Manager
Address: NIC HQ I.T, Delhi shastri park
City: New Delhi
State: Delhi
Zip: 751001
Country: India
Created: 05/15/2025 at 11:21:23 AM (GMT+0530)
Template Title: Authenticated scan-based report_NDC DELHI
Asset Groups: -
IPs: 10.247.62.106
Sort by: Host
Trend Analysis: Latest vulnerability data
Date Range: 01/01/1999 - 05/15/2025
Active Hosts: 1
Hosts Matching Filters: 1

Summary of Vulnerabilities

Vulnerabilities Total 5 Security Risk (Avg) 5.0 Business Risk 16/100

by Severity
Severity Confirmed Potential Information Gathered Total
5 1 - - 1
4 0 - - 0
3 1 - - 1
2 2 - - 2
1 1 - - 1
Total 5 - - 5

5 Biggest Categories
Category Confirmed Potential Information Gathered Total
Security Policy 3 - - 3
General remote services 2 - - 2
Total 5 - - 5

10.247.62.106 page 1
Vulnerabilities by Status

Vulnerabilities by Severity

Top 5 Vulnerable Categories

10.247.62.106 page 2
Operating Systems Detected

Services Detected

Detailed Results

10.247.62.106 (-, -) Red Hat Enterprise Linux Server 7.9

Vulnerabilities Total 5 Security Risk 5.0

by Severity
Severity Confirmed Potential Information Gathered Total
5 1 - - 1
4 0 - - 0
3 1 - - 1
2 2 - - 2
1 1 - - 1
Total 5 - - 5

5 Biggest Categories
Category Confirmed Potential Information Gathered Total
Security Policy 3 - - 3
General remote services 2 - - 2
Total 5 - - 5

Vulnerabilities (5)

5 EOL/Obsolete Operating System: Red Hat Enterprise Linux 7.9 Detected Active

QID: 106236
Category: Security Policy
Associated CVEs: -
Vendor Reference: End of Life for Red Hat Enterprise Linux 7.9
Bugtraq ID: -
Service Modified: 05/08/2025
User Modified: -
Edited: No

10.247.62.106 page 3
PCI Vuln: Yes
Ticket State:

First Detected: 05/14/2025 at 04:55:25 PM (GMT+0530)


Last Detected: 05/14/2025 at 07:44:45 PM (GMT+0530)
Times Detected: 2
Last Fixed: N/A

THREAT:
THREAT:

Support for Red Hat Enterprise Linux 7.9 ended on May 30, June 2024. No further bug fixes, enhancements, security updates or technical support is
available for this version.

IMPACT:

The system is at high risk of being exposed to security vulnerabilities. Because the vendor no longer provides updates, obsolete software is more
vulnerable to viruses and other attacks.

SOLUTION:

Update to a supported version of Red Hat Enterprise Linux operating system.


RESULTS:
RESULTS:

EOL/Obsolete Operating System: Red Hat Enterprise Linux 7.9 Detected

3 OpenSSH Command Injection Vulnerability (Generic) Active

QID: 105936
Category: Security Policy
Associated CVEs: CVE-2020-15778
Vendor Reference: OpenSSH
Bugtraq ID: -
Service Modified: 07/23/2024
User Modified: -
Edited: No
PCI Vuln: Yes
Ticket State:

First Detected: 05/14/2025 at 04:55:25 PM (GMT+0530)


Last Detected: 05/14/2025 at 07:44:45 PM (GMT+0530)
Times Detected: 2
Last Fixed: N/A

THREAT:
THREAT:

OpenSSH is the premier connectivity tool for remote login with the SSH protocol.
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination
argument.
Affected Versions:
8.3p1 and prior versions of OpenSSH

IMPACT:

Successful exploitation could disclose sensitive information.

SOLUTION:

10.247.62.106 page 4
No solution available from Linux vendors yet.
Workaround:As per upstream, because of the way scp is based on a historical protocol called rcp which relies on that style of argument passing and
therefore encounters expansion problems. Making changes to how the scp command line works breaks the pattern used by scp consumers. Upstream
therefore recommends the use of rsync in the place of scp for better security. More details about supported alternatives available at Red Hat
guide (https://access.redhat.com/articles/5284081).
RESULTS:
RESULTS:

Vulnerable version of OpenSSH Detected:

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017

2 SHA1 deprecated setting for SSH port 22/tcp Active

QID: 38909
Category: General remote services
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 09/05/2024
User Modified: -
Edited: No
PCI Vuln: No
Ticket State:

First Detected: 05/14/2025 at 04:55:25 PM (GMT+0530)


Last Detected: 05/14/2025 at 07:44:45 PM (GMT+0530)
Times Detected: 2
Last Fixed: N/A

THREAT:
THREAT:

The SSH protocol (Secure Shell) is a method for secure remote login from one computer to another.
The target is using deprecated SHA1
cryptographic settings to communicate.

IMPACT:

vulnerable to collision attacks, which are designed to fabricate the same hash value for different input data.each hash is supposedly unique.

SOLUTION:

Avoid using deprecated cryptographic settings.


Use best practices when configuring SSH.
Refer to NIST Retires SHA-1 Cryptographic Algorithm (SSH)
(https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm) .
Other documents to refer
Deprecate settings listed for red hat
(https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.4_release_notes/chap-red_hat_enterprise_linux-7.4_release_notes-de
precated_functionality_in_rhel7)
Key exchange (https://www.ietf.org/archive/id/draft-ietf-curdle-ssh-kex-sha2-13.html)
CBC Cipher (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5161)
SHA1 ietf reference (https://datatracker.ietf.org/doc/html/rfc9142)
Settings currently considered deprecated:
1.Key exchange algorithms:
diffie-hellman-group1-sha1, rsa1024sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, gss-gex-sha1-*, gss-group1-sha1-*
and gss-group14-sha1-*.
2.MAC:
hmac-sha1, hmac-sha1-96, [email protected], [email protected]
3.Host key:
ssh-rsa, ssh-dss, [email protected], [email protected]

RESULTS:
RESULTS:
Type Name

10.247.62.106 page 5
host key algorithm ssh-rsa
MAC hmac-sha1

2 SSL Certificate - Subject Common Name Does Not Match Server FQDN port 443/tcp over SSL Active

QID: 38170
Category: General remote services
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 10/11/2019
User Modified: -
Edited: No
PCI Vuln: No
Ticket State:

First Detected: 05/14/2025 at 04:55:25 PM (GMT+0530)


Last Detected: 05/14/2025 at 07:44:45 PM (GMT+0530)
Times Detected: 2
Last Fixed: N/A

THREAT:
THREAT:

An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote
server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection.
A certificate whose Subject commonName or subjectAltName does not match the server FQDN offers only encryption without authentication.
Please note that a false positive reporting of this vulnerability is possible in the following case:
If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured.
In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve
this problem.

IMPACT:

A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and
then steal all the encryption communication.

SOLUTION:

Please install a server certificate whose Subject commonName or subjectAltName matches the server FQDN.
RESULTS:
RESULTS:

Certificate #0 CN=pmcaresforchildren.in (www.pmcaresforchildren.in) and IP (10.247.62.106) don't match


(pmcaresforchildren.in) and IP (10.247.62.106) don't match
(pmcaresforchildren.in) and IP (10.247.62.106) don't match

1 World-Writable Directories Should Have Their Sticky Bits Set Active

QID: 105146
Category: Security Policy
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 09/19/2024
User Modified: -
Edited: No
PCI Vuln: No
Ticket State:

First Detected: 05/14/2025 at 04:55:25 PM (GMT+0530)


Last Detected: 05/14/2025 at 07:44:45 PM (GMT+0530)
Times Detected: 2

10.247.62.106 page 6
Last Fixed: N/A

THREAT:
THREAT:

The Results section lists world-writable directories whose sticky bits are not set.

IMPACT:

N/A

SOLUTION:

It's best practice to set the sticky bit for world-writable directories.
RESULTS:
RESULTS:

/usr/netvault/tmp

CONFIDENTIAL AND PROPRIETARY INFORMATION.


Qualys provides the QualysGuard Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this
report is complete or error-free. Copyright 2025, Qualys, Inc.

10.247.62.106 page 7

You might also like