reporte completo nessus
TRANSCRIPT
-
8/3/2019 Reporte Completo Nessus
1/23
List of hosts192.168.29.128
High Severity problem(s)found
[^] Back
192.168.29.128Scan Time
Start time : Fri Sep 03 06:45:11 2010
End time : Fri Sep 03 06:51:26 2010
Number of vulnerabilities
Open ports : 17
High : 3
Medium : 1
Low : 38
Remote host information
OperatingSystem :
Linux Kernel 2.6 onUbuntu Linux 8.04 (hardy)
NetBIOSname :
METASPLOITABLE
DNS name :
[^] Back to 192.168.29.128
Port general (0/icmp) [-/+]
ICMP TimestampRequest Remote Date Disclosure
Synopsis:It is possible to determine the exact time set on the remote host.
Description:The remote host answers to an ICMP timestamp request. This allowsan attacker to know the date which is set on your machine. Thismay help him to defeat all your time based authentication protocols.
Risk factor:None
Solution:
Filter out the ICMP timestamp requests (13), and the outgoing ICMPtimestamp replies (14).
Plugin output:The difference between the local and remote clocks is 7 seconds.
Plugin ID:10114
-
8/3/2019 Reporte Completo Nessus
2/23
CVE:CVE-1999-0524
Other references:OSVDB:94
TCP/IP Timestamps Supported
Synopsis:The remote service implements TCP timestamps.
Description:The remote host implements TCP timestamps, as defined byRFC1323. A side effect of this feature is that the uptime of theremote host can sometimes be computed.
Risk factor:None
See also:http://www.ietf.org/rfc/rfc1323.txt
Solution:n/a
Plugin ID:25220
Apache Banner Linux Distribution Disclosure
Synopsis:The name of the Linux distribution running on the remote host was
found in the banner of the web server.
Description:This script extracts the banner of the Apache web server andattempts to determine which Linux distribution the remote host isrunning.
Risk factor:None
Solution:If you do not wish to display this information, edit httpd.conf and setthe directive 'ServerTokens Prod' and restart Apache.
Plugin output:The linux distribution detected was : - Ubuntu 8.04 (gutsy)
Plugin ID:18261
Additional DNS Hostnames
-
8/3/2019 Reporte Completo Nessus
3/23
Synopsis:Potential virtual hosts have been detected.
Description:Hostnames different from the current hostname have been collectedby miscellaneous plugins. Different web servers may be hosted on
name- based virtual hosts.
Risk factor:None
See also:http://en.wikipedia.org/wiki/Virtual_hosting
Solution:If you want to test them, re-scan using the special vhost syntax,such as : www.example.com[192.0.32.10]
Plugin output:
- metasploitable
Plugin ID:46180
VMware Virtual Machine Detection
Synopsis:The remote host seems to be a VMware virtual machine.
Description:According to the MAC address of its network adapter, the remotehost is a VMware virtual machine. Since it is physically accessible
through the network, ensure that its configuration matches yourorganization's security policy.
Risk factor:None
Solution:n/a
Plugin ID:20094
Ethernet card brand
Synopsis:The manufacturer can be deduced from the Ethernet OUI.
Description:Each ethernet MAC address starts with a 24-bit 'OrganizationallyUnique Identifier'. These OUI are registered by IEEE.
Risk factor:
-
8/3/2019 Reporte Completo Nessus
4/23
None
See also:http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:n/a
Plugin output:The following card manufacturers were identified :00:0c:29:f9:d2:4a : VMware, Inc.
Plugin ID:35716
OS Identification
Remote operating system : Linux Kernel 2.6 on Ubuntu Linux 8.04(hardy) Confidence Level : 95 Method : SSH The remote host isrunning Linux Kernel 2.6 on Ubuntu Linux 8.04 (hardy)
Plugin ID:11936
Common Platform Enumeration (CPE)
Synopsis:It is possible to enumerate CPE names that matched on the remotesystem.
Description:By using information obtained from a Nessus scan, this pluginreports CPE (Common Platform Enumeration) matches for varioushardware and software products found on a host. Note that if anofficial CPE is not available for the product, this plugin computes thebest possible CPE based on the information available from the scan.
Risk factor:None
See also:http://cpe.mitre.org/
Solution:n/a
Plugin output:The remote operating system matched the following CPE :cpe:/o:ubuntu:ubuntu_linux:8.04 (Inferred CPE) Here is the list ofapplication CPE IDs that matched on the remote system :cpe:/a:openbsd:openssh:4.7 cpe:/a:isc:bind:9.4.cpe:/a:samba:samba:3.0.20 -> Samba 3.0.20
-
8/3/2019 Reporte Completo Nessus
5/23
cpe:/a:apache:http_server:2.2.8 cpe:/a:php:php:5.2.4-2ubuntu5.10
Plugin ID:45590
Nessus Scan Information
Information about this scan : Nessus version : 4.2.2 (Build 9129)Plugin feed version : 201008312334 Type of plugin feed : HomeFeed(Non-commercial use only) Scanner IP : 192.168.29.1 Portscanner(s) : nessus_syn_scanner Port range : default Thoroughtests : no Experimental tests : no Paranoia level : 1 Report Verbosity: 1 Safe checks : yes Optimize the test : yes CGI scanning : disabledWeb application tests : disabled Max hosts : 80 Max checks : 5 Recvtimeout : 5 Backports : Detected Scan Start Date : 2010/9/3 6:45Scan duration : 374 sec
Plugin ID:19506
Web Application Tests Disabled
Synopsis:Web application tests were not enabled during the scan.
Description:One or several web servers were detected by Nessus, but neitherthe CGI tests nor the Web Application Tests were enabled. If youwant to get a more complete report, you should enable one of thesefeatures, or both. Please note that the scan might take significantlylonger with these tests, which is why they are disabled by default.
Risk factor:
None
See also:http://blog.tenablesecurity.com/web-app-auditing/
Solution:To enable specific CGI tests, go to the 'Advanced' tab, select 'Globalvariable settings' and set 'Enable CGI scanning'. To generic enableweb application tests, go to the 'Advanced' tab, select 'WebApplication Tests Settings' and set 'Enable web applications tests'.You may configure other options, for example HTTP credentials in'Login configurations', or form-based authentication in 'HTTP loginpage'.
Plugin ID:43067
Traceroute Information
Synopsis:It was possible to obtain traceroute information.
-
8/3/2019 Reporte Completo Nessus
6/23
Description:Makes a traceroute to the remote host.
Risk factor:None
Solution:n/a
Plugin output:For your information, here is the traceroute from 192.168.29.1 to192.168.29.128 : 192.168.29.1 192.168.29.128
Plugin ID:10287
Port netbios-ns (137/udp) [-/+]
Windows NetBIOS / SMB Remote Host Information
Disclosure
Synopsis:It is possible to obtain the network name of the remote host.
Description:The remote host listens on UDP port 137 or TCP port 445 and repliesto NetBIOS nbtscan or SMB requests. Note that this plugin gathersinformation to be used in other plugins but does not itself generatea report.
Risk factor:
None
Solution:n/a
Plugin output:The following 7 NetBIOS names have been gathered :METASPLOITABLE = Computer name METASPLOITABLE =Messenger Service METASPLOITABLE = File Server Service__MSBROWSE__ = Master Browser WORKGROUP = Workgroup /Domain name WORKGROUP = Master Browser WORKGROUP =Browser Service Elections This SMB server seems to be a SAMBAserver (MAC address is NULL).
Plugin ID:10150
Port smb (139/tcp) [-/+]
SMB Service Detection
Synopsis:
-
8/3/2019 Reporte Completo Nessus
7/23
A file / print sharing service is listening on the remote host.
Description:The remote service understands the CIFS (Common Internet FileSystem) or Server Message Block (SMB) protocol, used to provideshared access to files, printers, etc between nodes on a network.
Risk factor:None
Solution:n/a
Plugin output:An SMB server is running on this port.
Plugin ID:11011
Port ftp? (21/tcp) [-/+]
Port ssh (22/tcp) [-/+]
Debian OpenSSH/OpenSSL Package Random NumberGenerator Weakness
Synopsis:The remote SSH host keys are weak.
Description:The remote SSH host key has been generated on a Debian or
Ubuntu system which contains a bug in the random numbergenerator of its OpenSSL library. The problem is due to a Debianpackager removing nearly all sources of entropy in the remoteversion of OpenSSL. An attacker can easily obtain the private part ofthe remote key and use this to set up decipher the remote sessionor set up a man in the middle attack.
Risk factor:Critical
CVSS Base Score:10.0CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
See also:http://www.nessus.org/u?5d01bdab (Debian)
See also:http://www.nessus.org/u?f14f4224 (Ubuntu)
Solution:Consider all cryptographic material generated on the remote host tobe guessable. In particuliar, all SSH, SSL and OpenVPN key material
-
8/3/2019 Reporte Completo Nessus
8/23
should be re-generated.
Plugin ID:32314
CVE:
CVE-2008-0166
BID:29179
Other references:OSVDB:45029
Service Detection
An SSH server is running on this port.
Plugin ID:22964
SSH Server Type and Version Information
Synopsis:An SSH server is listening on this port.
Description:It is possible to obtain information about the remote SSH server bysending an empty authentication request.
Risk factor:None
Solution:n/a
Plugin output:SSH version : SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1 SSHsupported authentication : publickey,password
Plugin ID:10267
SSH Protocol Versions Supported
Synopsis:
A SSH server is running on the remote host.
Description:This plugin determines the versions of the SSH protocol supportedby the remote SSH daemon.
Risk factor:None
-
8/3/2019 Reporte Completo Nessus
9/23
Solution:n/a
Plugin output:The remote SSH daemon supports the following versions of the SSHprotocol : - 1.99 - 2.0 SSHv2 host key fingerprint :
56:56:24:0f:21:1d:de:a7:2b:ae:61:b1:24:3d:e8:f3
Plugin ID:10881
Backported Security Patch Detection (SSH)
Synopsis:Security patches are backported.
Description:Security patches may have been 'back ported' to the remote SSHserver without changing its version number. Banner-based checks
have been disabled to avoid false positives. Note that this test isinformational only and does not denote any security problem.
Risk factor:None
See also:http://www.nessus.org/u?d636c8c7
Solution:N/A
Plugin output:
Give Nessus credentials to perform local checks.
Plugin ID:39520
Port telnet? (23/tcp) [-/+]
Port smtp? (25/tcp) [-/+]
Port mysql? (3306/tcp) [-/+]
Port distcc? (3632/tcp) [-/+]
Port cifs (445/tcp) [-/+]
Samba NDR MS-RPC Request Heap-Based Remote BufferOverflow
Synopsis:It is possible to execute code on the remote host through Samba.
-
8/3/2019 Reporte Completo Nessus
10/23
Description:The version of the Samba server installed on the remote host isaffected by multiple heap overflow vulnerabilities, which can beexploited remotely to execute code with the privileges of the Sambadaemon.
Risk factor:Critical
CVSS Base Score:10.0CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
See also:http://www.samba.org/samba/security/CVE-2007-2446.html
Solution:Upgrade to Samba version 3.0.25 or later.
Plugin ID:25216
CVE:CVE-2007-2446
BID:23973, 24195, 24196, 24197, 24198
Other references:OSVDB:34699, OSVDB:34731, OSVDB:34732, OSVDB:34733
Microsoft Windows SMB Shares Unprivileged Access
Synopsis:It is possible to access a network share.
Description:The remote has one or more Windows shares that can be accessedthrough the network with the given credentials. Depending on theshare rights, it may allow an attacker to read/write confidential data.
Risk factor:High
CVSS Base Score:7.5CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Solution:To restrict access under Windows, open Explorer, do a right click oneach share, go to the 'sharing' tab, and click on 'permissions'.
Plugin output:The following shares can be accessed using a NULL session : - tmp -(readable,writable) + Content of this share : .. .ICE-unix .X11-unix
-
8/3/2019 Reporte Completo Nessus
11/23
5344.jsvc_up
Plugin ID:42411
CVE:
CVE-1999-0519, CVE-1999-0520
BID:8026
Other references:OSVDB:299
Samba Server Detection
Synopsis:An SMB server is running on the remote host.
Description:The remote host is running Samba, a CIFS/SMB server for Unix.
Risk factor:None
See also:http://www.samba.org/
Solution:n/a
Plugin ID:
25240
SMB Service Detection
Synopsis:A file / print sharing service is listening on the remote host.
Description:The remote service understands the CIFS (Common Internet FileSystem) or Server Message Block (SMB) protocol, used to provideshared access to files, printers, etc between nodes on a network.
Risk factor:
None
Solution:n/a
Plugin output:A CIFS server is running on this port.
Plugin ID:
-
8/3/2019 Reporte Completo Nessus
12/23
11011
SMB NativeLanManager Remote System InformationDisclosure
Synopsis:It is possible to obtain information about the remote operatingsystem.
Description:It is possible to get the remote operating system name and version(Windows and/or Samba) by sending an authentication request toport 139 or 445.
Risk factor:None
Solution:n/a
Plugin output:The remote Operating System is : Unix The remote native lanmanager is : Samba 3.0.20-Debian The remote SMB Domain Nameis : METASPLOITABLE
Plugin ID:10785
SMB Log In Possible
Synopsis:It is possible to log into the remote host.
Description:The remote host is running Microsoft Windows operating system orSamba, a CIFS/SMB server for Unix. It was possible to log into itusing one of the following account : - NULL session - Guest account- Given Credentials
Risk factor:None
See also:http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP
See also:http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP
Solution:n/a
Plugin output:- NULL sessions are enabled on the remote host
-
8/3/2019 Reporte Completo Nessus
13/23
Plugin ID:10394
CVE:CVE-1999-0504, CVE-1999-0505, CVE-1999-0506, CVE-2000-0222,CVE-2002-1117, CVE-2005-3595
BID:494, 990, 11199
Other references:OSVDB:297, OSVDB:3106, OSVDB:8230, OSVDB:10050
SMB Shares Enumeration
Synopsis:It is possible to enumerate remote network shares.
Description:
By connecting to the remote host, Nessus was able to enumeratethe network share names.
Risk factor:None
Solution:N/A
Plugin output:Here are the SMB shares available on the remote host when loggedas a NULL session: - print$ - tmp - opt - IPC$ - ADMIN$
Plugin ID:10395
Obtains the password policy
Synopsis:It is possible to retrieve the remote host's password policy using thesupplied credentials.
Description:Using the supplied credentials it was possible to extract thepassword policy for the remote Windows host. The password policymust conform to the Informational System Policy.
Risk factor:None
Solution:n/a
Plugin output:The following password policy is defined on the remote host:
-
8/3/2019 Reporte Completo Nessus
14/23
Minimum password len: 5 Password history len: 0 Maximumpassword age (d): No limit Password must meet complexityrequirements: Disabled Minimum password age (d): 0 Forced logofftime (s): Not set Locked account time (s): 1800 Time between failedlogon (s): 1800 Number of invalid logon before locked out (s): 0
Plugin ID:17651
Windows SMB NULL Session Authentication
Synopsis:It is possible to log into the remote Windows host with a NULLsession.
Description:The remote host is running Microsoft Windows, and it was possibleto log into it using a NULL session (i.e., with no login or password).An unauthenticated remote attacker can leverage this issue to get
information about the remote host.
Risk factor:None
See also:http://support.microsoft.com/kb/q143474/
See also:http://support.microsoft.com/kb/q246261/
Solution:n/a
Plugin ID:26920
CVE:CVE-1999-0519, CVE-1999-0520, CVE-2002-1117
BID:494
Other references:OSVDB:299
SMB LanMan Pipe Server Listing Disclosure
Synopsis:It is possible to obtain network information.
Description:It was possible to obtain the browse list of the remote Windowssystem by send a request to the LANMAN pipe. The browse list isthe list of the nearest Windows systems of the remote host.
-
8/3/2019 Reporte Completo Nessus
15/23
Risk factor:None
Solution:n/a
Plugin output:Here is the browse list of the remote host : METASPLOITABLE ( os :0.0 )
Plugin ID:10397
Other references:OSVDB:300
SMB use host SID to enumerate local users
Synopsis:It is possible to enumerate local users.
Description:Using the host SID, it is possible to enumerate local users on theremote Windows system.
Risk factor:None
Solution:n/a
Plugin output:- Administrator (id 500, Administrator account) - nobody (id 501,Guest account) - root (id 1000) - root (id 1001) - daemon (id 1002) -daemon (id 1003) - bin (id 1004) - bin (id 1005) - sys (id 1006) - sys(id 1007) - sync (id 1008) - adm (id 1009) - games (id 1010) - tty (id1011) - man (id 1012) - disk (id 1013) - lp (id 1014) - lp (id 1015) -mail (id 1016) - mail (id 1017) - news (id 1018) - news (id 1019) -uucp (id 1020) - uucp (id 1021) - man (id 1025) - proxy (id 1026) -proxy (id 1027) - kmem (id 1031) - dialout (id 1041) - fax (id 1043)- voice (id 1045) - cdrom (id 1049) - floppy (id 1051) - tape (id1053) - sudo (id 1055) - audio (id 1059) - dip (id 1061) - www-data(id 1066) - www-data (id 1067) - backup (id 1068) - backup (id1069) - operator (id 1075) - list (id 1076) - list (id 1077) - irc (id1078) - irc (id 1079) - src (id 1081) - gnats (id 1082) - gnats (id1083) - shadow (id 1085) - utmp (id 1087) - video (id 1089) - sasl(id 1091) - plugdev (id 1093) - staff (id 1101) - games (id 1121) -libuuid (id 1200) Note that, in addition to the Administrator andGuest accounts, Nessus has enumerated only those local users withIDs between 1000 and 1200. To use a different range, edit the scanpolicy and change the 'Start UID' and/or 'End UID' preferences forthis plugin, then re-run the scan.
-
8/3/2019 Reporte Completo Nessus
16/23
Plugin ID:10860
CVE:CVE-2000-1200
BID:959
Other references:OSVDB:714
SMB LsaQueryInformationPolicy Function SID Enumeration
Synopsis:It is possible to obtain the host SID for the remote host.
Description:By emulating the call to LsaQueryInformationPolicy(), it was possible
to obtain the host SID (Security Identifier). The host SID can thenbe used to get the list of local users.
Risk factor:None
See also:http://technet.microsoft.com/en-us/library/bb418944.aspx
Solution:You can prevent anonymous lookups of the host SID by setting the'RestrictAnonymous' registry setting to an appropriate value. Referto the 'See also' section for guidance.
Plugin output:The remote host SID value is : 1-5-21-1042354039-2475377354-766472396 The value of 'RestrictAnonymous' setting is : unknown
Plugin ID:10859
CVE:CVE-2000-1200
BID:959
Other references:OSVDB:715
Port dns (53/tcp) [-/+]
DNS Server Detection
Synopsis:
-
8/3/2019 Reporte Completo Nessus
17/23
A DNS server is listening on the remote host.
Description:The remote service is a Domain Name System (DNS) server, whichprovides a mapping between hostnames and IP addresses.
Risk factor:None
See also:http://en.wikipedia.org/wiki/Domain_Name_System
Solution:Disable this service if it is not needed or restrict access to internalhosts only if the service is available externally.
Plugin ID:11002
DNS Server Detection
Synopsis:A DNS server is listening on the remote host.
Description:The remote service is a Domain Name System (DNS) server, whichprovides a mapping between hostnames and IP addresses.
Risk factor:None
See also:
http://en.wikipedia.org/wiki/Domain_Name_System
Solution:Disable this service if it is not needed or restrict access to internalhosts only if the service is available externally.
Plugin ID:11002
DNS Server hostname.bind Map Hostname Disclosure
Synopsis:The DNS server discloses the remote host name.
Description:It is possible to learn the remote host name by querying the remoteDNS server for 'hostname.bind' in the CHAOS domain.
Risk factor:None
Solution:
-
8/3/2019 Reporte Completo Nessus
18/23
It may be possible to disable this feature. Consult the vendor'sdocumentation for more information.
Plugin output:The remote host name is : metasploitable
Plugin ID:35371
ISC BIND version Directive Remote Version Disclosure
Synopsis:It is possible to obtain the version number of the remote DNSserver.
Description:The remote host is running BIND, an open-source DNS server. It ispossible to extract the version number of the remote installation bysending a special DNS request for the text 'version.bind' in the
domain 'chaos'.
Risk factor:None
Solution:It is possible to hide the version number of bind by using the'version' directive in the 'options' section in named.conf
Plugin output:The version of the remote DNS server is : 9.4.2
Plugin ID:
10028
Other references:OSVDB:23
Port postgresql (5432/tcp) [-/+]
PostgreSQL Server Detection
Synopsis:A database service is listening on the remote host.
Description:The remote service is a PostgreSQL database server, or a derivativesuch as EnterpriseDB.
Risk factor:None
See also:http://www.postgresql.org/
-
8/3/2019 Reporte Completo Nessus
19/23
Solution:Limit incoming traffic to this port if desired.
Plugin ID:26024
Port www (80/tcp) [-/+]
HTTP TRACE / TRACK Methods Allowed
Synopsis:Debugging functions are enabled on the remote web server.
Description:The remote webserver supports the TRACE and/or TRACK methods.TRACE and TRACK are HTTP methods that are used to debug webserver connections.
Risk factor:
Medium
CVSS Base Score:4.3CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
See also:http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
See also:http://www.apacheweek.com/issues/03-01-24
See also:http://www.kb.cert.org/vuls/id/288308
See also:http://www.kb.cert.org/vuls/id/867593
See also:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1
Solution:Disable these methods. Refer to the plugin output for moreinformation.
Plugin output:To disable these methods, add the following lines for each virtualhost in your configuration file : RewriteEngine on RewriteCond%{REQUEST_METHOD} (TRACE|TRACK) RewriteRule .* - [F]Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2support disabling the TRACE method natively via the 'TraceEnable'directive. Nessus sent the following TRACE request : ------------------------------ snip ------------------------------ TRACE
-
8/3/2019 Reporte Completo Nessus
20/23
/Nessus808436792.html HTTP/1.1 Connection: Close Host:192.168.29.128 Pragma: no-cache User-Agent: Mozilla/4.0(compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png,*/* Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8 ------------------------------ snip ------------------------------ and received the
following response from the remote server : ------------------------------ snip ------------------------------ HTTP/1.1 200 OK Date: Fri, 03 Sep2010 11:48:27 GMT Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch Keep-Alive: timeout=15, max=100Connection: Keep-Alive Transfer-Encoding: chunked Content-Type:message/http TRACE /Nessus808436792.html HTTP/1.1 Connection:Keep-Alive Host: 192.168.29.128 Pragma: no-cache User-Agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,image/png, */* Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8 ------------------------------ snip ------------------------------
Plugin ID:
11213
CVE:CVE-2003-1567, CVE-2004-2320, CVE-2010-0386
BID:9506, 9561, 11604, 33374, 37995
Other references:OSVDB:877, OSVDB:3726, OSVDB:5648, OSVDB:50485
Service Detection
A web server is running on this port.
Plugin ID:22964
HTTP methods per directory
Synopsis:This plugin determines which HTTP methods are allowed on variousCGI directories.
Description:By calling the OPTIONS method, it is possible to determine whichHTTP methods are allowed on each directory. As this list may be
incomplete, the plugin also tests - if 'Thorough tests' are enabled or'Enable web applications tests' is set to 'yes' in the scan policy -various known HTTP methods on each directory and considers themas unsupported if it receives a response code of 400, 403, 405, or501. Note that the plugin output is only informational and does notnecessarily indicate the presence of any security vulnerabilities.
Risk factor:None
-
8/3/2019 Reporte Completo Nessus
21/23
Solution:n/a
Plugin output:Based on the response to an OPTIONS request : - HTTP methods
GET HEAD OPTIONS POST TRACE are allowed on : /
Plugin ID:43111
HTTP Server type and version
Synopsis:A web server is running on the remote host.
Description:This plugin attempts to determine the type and the version of theremote web server.
Risk factor:None
Solution:n/a
Plugin output:The remote web server type is : Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch Solution : You can set the directive'ServerTokens Prod' to limit the information emanating from theserver in its response headers.
Plugin ID:10107
HyperText Transfer Protocol (HTTP) Information
Synopsis:Some information about the remote HTTP configuration can beextracted.
Description:This test gives some information about the remote HTTP protocol -the version used, whether HTTP Keep-Alive and HTTP pipelining areenabled, etc... This test is informational only and does not denote
any security problem.
Risk factor:None
Solution:n/a
Plugin output:
-
8/3/2019 Reporte Completo Nessus
22/23
Protocol version : HTTP/1.1 SSL : no Keep-Alive : yes Optionsallowed : (Not implemented) Headers : Date: Fri, 03 Sep 201011:48:29 GMT Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch Last-Modified: Wed, 17 Mar 201014:08:25 GMT ETag: "107f7-2d-481ffa5ca8840" Accept-Ranges:bytes Content-Length: 45 Keep-Alive: timeout=15, max=100
Connection: Keep-Alive Content-Type: text/html
Plugin ID:24260
Backported Security Patch Detection (WWW)
Synopsis:Security patches are backported.
Description:Security patches may have been 'back ported' to the remote HTTPserver without changing its version number. Banner-based checks
have been disabled to avoid false positives. Note that this test isinformational only and does not denote any security problem.
Risk factor:None
See also:http://www.nessus.org/u?d636c8c7
Solution:N/A
Plugin output:
Give Nessus credentials to perform local checks.
Plugin ID:39521
Port ajp13 (8009/tcp) [-/+]
AJP Connector Detection
Synopsis:There is an AJP connector listening on the remote host.
Description:The remote host is running an AJP (Apache JServ Protocol)connector, a service by which a standalone web server such asApache communicates over TCP with a Java servlet container suchas Tomcat.
Risk factor:None
See also:
-
8/3/2019 Reporte Completo Nessus
23/23
http://tomcat.apache.org/connectors-doc/
See also:http://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html
Solution:
n/a
Plugin output:The connector listing on this port supports the ajp13 protocol.
Plugin ID:21186