PBX Elastix 2pu361

PBX Elastix
Report generated by Nessus™ Fri, 06 Mar 2020 09:36:12 SA Pacific Standard Time
TABLE OF CONTENTS
Vulnerabilities by Host
• 10.120.120.209.....................................................................................................................................................4
Remediations
• Suggested Remediations................................................................................................................................. 279
Vulnerabilities by Host
10.120.120.209
2 14 49 4 124
CRITICAL HIGH MEDIUM LOW INFO
Scan Information
Start time: Fri Mar 6 09:19:23 2020

End time: Fri Mar 6 09:36:12 2020
Host Information
IP: 10.120.120.209
OS: Linux Kernel 2.6 on CentOS release 5
Vulnerabilities
58987 - PHP Unsupported Version Detection
Synopsis
The remote host contains an unsupported version of a web application scripting language.
Description
According to its version, the installation of PHP on the remote host is no longer supported.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it
is likely to contain security vulnerabilities.
See Also
http://php.net/eol.php
https://wiki.php.net/rfc/releaseprocess
Solution
Upgrade to a version of PHP that is currently supported.
Risk Factor
Critical
10.120.120.209 4
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information
Published: 2012/05/04, Modified: 2019/05/21
Plugin Output
tcp/443
Source : X-Powered-By: PHP/5.1.6

Installed version : 5.1.6
End of support date : 2006/08/24
Announcement : http://php.net/eol.php
Supported versions : 7.1.x / 7.2.x / 7.3.x
10.120.120.209 5
33850 - Unix Operating System Unsupported Version Detection
Synopsis
The operating system running on the remote host is no longer supported.
Description
According to its self-reported version number, the Unix operating system running on the remote host is no longer
supported.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it
is likely to contain security vulnerabilities.
Solution
Upgrade to a version of the Unix operating system that is currently supported.
Risk Factor
Critical
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information
Plugin Output
tcp/0
CentOS release 5 support ended on 2017-03-31.

Upgrade to CentOS 7 / 6.
For more information, see : http://www.nessus.org/u?b549f616
10.120.120.209 6
35043 - PHP 5 < 5.2.7 Multiple Vulnerabilities
Synopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP installed on the remote host is prior to 5.2.7. It is, therefore, affected
by multiple vulnerabilities :
- There is a buffer overflow flaw in the bundled PCRE library that allows a denial of service attack.
(CVE-2008-2371)
- Multiple directory traversal vulnerabilities exist in functions such as 'posix_access', 'chdir', and 'ftok'
that allow a remote attacker to bypass 'safe_mode'
restrictions. (CVE-2008-2665 and CVE-2008-2666).
- A buffer overflow flaw in 'php_imap.c' may be triggered when processing long message headers due to the use
of obsolete API calls. This can be exploited to cause a denial of service or to execute arbitrary code.
(CVE-2008-2829)
- A buffer overflow in the 'imageloadfont' function in 'ext/gd/gd.c' can be triggered when a specially crafted font is
given. This can be exploited to cause a denial of service or to execute arbitrary code. (CVE-2008-3658)
- A buffer overflow flaw exists in PHP's internal function 'memnstr' which can be exploited by an attacker using
the delimiter argument to the 'explode' function. This can be used to cause a denial of service or to execute
arbitrary code. (CVE-2008-3659)
- When PHP is used as a FastCGI module, an attacker by requesting a file whose file name extension is
preceded by multiple dots can cause a denial of service.
(CVE-2008-3660)
- A heap-based buffer overflow flaw in the mbstring extension can be triggered via a specially crafted string
containing an HTML entity that is not handled during Unicode conversion. This can be exploited to execute
arbitrary code.(CVE-2008-5557)
- Improper initialization of global variables 'page_uid'

and 'page_gid' when PHP is used as an Apache module allows the bypassing of security restriction due to SAPI
'php_getuid' function overloading. (CVE-2008-5624)
- PHP does not enforce the correct restrictions when 'safe_mode' is enabled through a 'php_admin_flag'
setting in 'httpd.conf'. This allows an attacker, by placing a specially crafted 'php_value' entry in '.htaccess', to
able to write to arbitrary files.
(CVE-2008-5625)
- The 'ZipArchive::extractTo' function in the ZipArchive extension fails to filter directory traversal sequences from
file names. An attacker can exploit this to write to arbitrary files. (CVE-2008-5658)
- Under limited circumstances, an attacker can cause a file truncation to occur when calling the 'dba_replace'
function with an invalid argument. (CVE-2008-7068)
10.120.120.209 7
- A buffer overflow error exists in the function 'date_from_ISO8601' function within file 'xmlrpc.c'
because user-supplied input is improperly validated.
This can be exploited by a remote attacker to cause a denial of service or to execute arbitrary code.
(CVE-2014-8626)
See Also
http://cxsecurity.com/issue/WLB-2008110041
https://seclists.org/fulldisclosure/2008/Jun/237
https://seclists.org/fulldisclosure/2008/Jun/238
https://www.openwall.com/lists/oss-security/2008/08/08/2
https://www.openwall.com/lists/oss-security/2008/08/13/8
https://seclists.org/fulldisclosure/2008/Nov/674
https://seclists.org/fulldisclosure/2008/Dec/90
https://bugs.php.net/bug.php?id=42862
http://www.php.net/releases/5_2_7.php
http://www.php.net/ChangeLog-5.php#5.2.7
Solution
Upgrade to PHP version 5.2.8 or later.
Note that version 5.2.7 has been removed from distribution because of a regression in that version that results in
the 'magic_quotes_gpc'
setting remaining off even if it was set to on.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
5.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 29796
10.120.120.209 8
BID 29797
BID 29829
BID 30087
BID 30649
BID 31612
BID 32383
BID 32625
BID 32688
BID 32948
BID 70928
CVE CVE-2008-2371
CVE CVE-2008-2665
CVE CVE-2008-2666
CVE CVE-2008-2829
CVE CVE-2008-3658
CVE CVE-2008-3659
CVE CVE-2008-3660
CVE CVE-2008-5557
CVE CVE-2008-5624
CVE CVE-2008-5625
CVE CVE-2008-5658
CVE CVE-2008-7068
CVE CVE-2014-8626
XREF CWE:20
XREF CWE:22
XREF CWE:119
XREF CWE:264
Plugin Information
Plugin Output
tcp/443
Version source : X-Powered-By: PHP/5.1.6

Fixed version : 5.2.7
10.120.120.209 9
31649 - PHP 5.x < 5.2 Multiple Vulnerabilities
Synopsis
The remote web server uses a version of PHP that is affected by multiple buffer overflows.
Description
According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may
be affected by several buffer overflows.
To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server
or to manipulate several variables processed by some PHP functions such as 'htmlentities().'
See Also
http://www.hardened-php.net/advisory_092006.133.html
Solution
Risk Factor
High
CVSS Base Score
CVSS Temporal Score
References
BID 20349
BID 20879
BID 49634
CVE CVE-2006-1015
CVE CVE-2006-1549
CVE CVE-2006-2660
CVE CVE-2006-4486
CVE CVE-2006-4625
CVE CVE-2006-4812
CVE CVE-2006-5465
10.120.120.209 10
CVE CVE-2006-5706
CVE CVE-2006-7205
CVE CVE-2007-0448
CVE CVE-2007-1381
CVE CVE-2007-1584
CVE CVE-2007-1888
CVE CVE-2007-2844
CVE CVE-2007-5424
XREF CWE:94
XREF CWE:119
XREF CWE:399
Plugin Information
Plugin Output
tcp/443

Fixed version : 5.2
10.120.120.209 11
17797 - PHP 5.x < 5.2.2 Multiple vulnerabilities
Synopsis
Description
According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2.2. It is, therefore,
affected by multiple vulnerabilities:
- A heap-based buffer overflow vulnerability was found in PHP's gd extension. A script that could be forced to
process WBMP images from an untrusted source could result in arbitrary code execution. (CVE-2007-1001)
- A vulnerability in the way the mbstring extension setglobal variables was discovered where a script using the
mb_parse_str() function to set global variables could be forced to to enable the register_globals configuration
option, possibly resulting in global variable injection. (CVE-2007-1583)
- A context-dependent attacker could read portions of heap memory by executing certain scripts with a serialized
data input string beginning with 'S:', which did not properly track the number of input bytes being processed.
(CVE-2007-1649)
- A vulnerability in how PHP's mail() function processed email messages, truncating potentially important
information after the first ASCIIZ (\0) byte.
(CVE-2007-1717)
- A vulnerability in how PHP's mail() function processed header data was discovered. If a script sent mail using
a subject header containing a string from an untrusted source, a remote attacker could send bulk email to
unintended recipients (CVE-2007-1718).
See Also
Solution
Risk Factor
High
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
6.7 (CVSS:3.0/E:P/RL:O/RC:C)
10.120.120.209 12
CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score
References
BID 23105
BID 23357
CVE CVE-2007-1001
CVE CVE-2007-1583
CVE CVE-2007-1649
CVE CVE-2007-1717
CVE CVE-2007-1718
Plugin Information
Plugin Output
tcp/443

10.120.120.209 13
24907 - PHP < 5.2.1 Multiple Vulnerabilities
Synopsis
The remote web server uses a version of PHP that is affected by multiple flaws.
Description
According to its banner, the version of PHP installed on the remote host is older than 5.2.1. Such versions may
be affected by several issues, including buffer overflows, format string vulnerabilities, arbitrary code execution,
'safe_mode' and 'open_basedir' bypasses, and clobbering of super-globals.
See Also
Solution
Risk Factor
High
CVSS Base Score
CVSS Temporal Score
References
BID 21508
BID 22496
BID 22805
BID 22806
BID 22862
BID 22922
BID 23119
BID 23120
BID 23219
BID 23233
BID 23234
BID 23235
BID 23236
10.120.120.209 14
BID 23237
BID 23238
CVE CVE-2006-6383
CVE CVE-2007-0905
CVE CVE-2007-0906
CVE CVE-2007-0907
CVE CVE-2007-0908
CVE CVE-2007-0909
CVE CVE-2007-0910
CVE CVE-2007-0988
CVE CVE-2007-1376
CVE CVE-2007-1380
CVE CVE-2007-1383
CVE CVE-2007-1452
CVE CVE-2007-1453
CVE CVE-2007-1454
CVE CVE-2007-1700
CVE CVE-2007-1701
CVE CVE-2007-1824
CVE CVE-2007-1825
CVE CVE-2007-1835
CVE CVE-2007-1884
CVE CVE-2007-1885
CVE CVE-2007-1886
CVE CVE-2007-1887
CVE CVE-2007-1889
CVE CVE-2007-1890
CVE CVE-2007-4441
CVE CVE-2007-4586
XREF CWE:20
XREF CWE:119
XREF CWE:189
XREF CWE:399
Plugin Information
Plugin Output
tcp/443

10.120.120.209 15
10.120.120.209 16
Synopsis
Description
be affected by several security issues :
- An unspecified error occurs in certificate validation inside 'php_openssl_apply_verification_policy'.
- An unspecified input validation vulnerability affects the color index in 'imagecolortransparent()'.
- An unspecified input validation vulnerability affects exif processing.
- Calling 'popen()' with an invalid mode can cause a crash under Windows. (Bug #44683)
- An integer overflow in 'xml_utf8_decode()' can make it easier to bypass cross-site scripting and SQL injection
protection mechanisms using a specially crafted string with a long UTF-8 encoding. (Bug #49687)
- 'proc_open()' can bypass 'safe_mode_protected_env_vars'.

(Bug #49026)
See Also
http://news.php.net/php.internals/45597
Solution
Risk Factor
High
CVSS Base Score
CVSS Temporal Score
References
10.120.120.209 17
BID 36449
BID 44889
CVE CVE-2009-3291
CVE CVE-2009-3292
CVE CVE-2009-3293
CVE CVE-2009-3294
CVE CVE-2009-4018
CVE CVE-2009-5016
XREF Secunia:36791
XREF CWE:20
XREF CWE:134
XREF CWE:264
Plugin Information
Plugin Output
tcp/443

10.120.120.209 18
Synopsis
Description
According to its banner, the version of PHP installed on the remote host is older than 5.2.3. It is, therefore,
affected by multiple vulnerabilities:
- A buffer overflow in the sqlite_decode_function() in the bundled sqlite library could allow context-dependent
attackers to execute arbitrary code. (CVE-2007-1887)
- A CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter could allow an attacker to inject arbitrary
email headers via a special email address. This only affects Mandriva Linux 2007.1.
(CVE-2007-1900)
- An infinite-loop flaw was discovered in the PHP gd extension. A script that could be forced to process PNG
images from an untrusted source could allow a remote attacker to cause a denial of service. (CVE-2007-2756)
- An integer overflow flaw was found in the chunk_split() function that ould possibly execute arbitrary code
as the apache user if a remote attacker was able to pass arbitrary data to the third argument of chunk_split()
(CVE-2007-2872).
- An open_basedir and safe_mode restriction bypass which could allow context-dependent attackers to
determine the existence of arbitrary files. (CVE-2007-3007)
See Also
Solution
Risk Factor
High
7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVSS Base Score
10.120.120.209 19
CVSS Temporal Score
References
BID 23235
BID 23359
BID 24089
BID 24259
BID 24261
CVE CVE-2007-1887
CVE CVE-2007-1900
CVE CVE-2007-2756
CVE CVE-2007-2872
CVE CVE-2007-3007
XREF CWE:189
XREF CWE:264
Plugin Information
Plugin Output
tcp/443

10.120.120.209 20
Synopsis
Description
be affected by the following issues :
- A stack-based buffer overflow in FastCGI SAPI.
- An integer overflow in printf().
- An security issue arising from improper calculation of the length of PATH_TRANSLATED in cgi_main.c.
- A safe_mode bypass in cURL.
- Incomplete handling of multibyte chars inside escapeshellcmd().
- Issues in the bundled PCRE fixed by version 7.6.
See Also
https://seclists.org/bugtraq/2008/Mar/285
https://seclists.org/fulldisclosure/2008/May/102
https://seclists.org/fulldisclosure/2008/May/106
Solution
Risk Factor
High
CVSS Base Score
CVSS Temporal Score
References
BID 27413
10.120.120.209 21
BID 28392
BID 29009
CVE CVE-2007-4850
CVE CVE-2007-6039
CVE CVE-2008-0599
CVE CVE-2008-1384
CVE CVE-2008-2050
CVE CVE-2008-2051
XREF Secunia:30048
XREF CWE:20
XREF CWE:119
XREF CWE:264
Plugin Information
Plugin Output
tcp/443

10.120.120.209 22
Synopsis
The remote web server uses a version of PHP that may be affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP installed on the remote host is earlier than 5.2.8. As such, it is
potentially affected by the following vulnerabilities :
- PHP fails to properly sanitize error messages of arbitrary HTML or script code, would code allow for cross-site
scripting attacks if PHP's 'display_errors' setting is enabled. (CVE-2008-5814)
- Version 5.2.7 introduced a regression with regard to 'magic_quotes' functionality due to an incorrect fix to the
filter extension. As a result, the 'magic_quotes_gpc' setting remains off even if it is set to on. (CVE-2008-5844)
See Also
Solution
Risk Factor
High
CVSS Base Score
CVSS Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
References
BID 32673
CVE CVE-2008-5814
CVE CVE-2008-5844
XREF CWE:16
XREF CWE:79
Plugin Information
10.120.120.209 23
Plugin Output
tcp/443

10.120.120.209 24
Synopsis
Description
According to its banner, the version of PHP installed on the remote host is earlier than 5.3.11, and as such is
potentially affected by multiple vulnerabilities :
- During the import of environment variables, temporary changes to the 'magic_quotes_gpc' directive are not
handled properly. This can lower the difficulty for SQL injection attacks. (CVE-2012-0831)
- The '$_FILES' variable can be corrupted because the names of uploaded files are not properly validated.
(CVE-2012-1172)
- The 'open_basedir' directive is not properly handled by the functions 'readline_write_history' and
'readline_read_history'.
- The 'header()' function does not detect multi-line headers with a CR. (Bug #60227 / CVE-2011-1398)
See Also
http://www.nessus.org/u?e81d4026
https://marc.info/?l=oss-security&m=134626481806571&w=2
http://www.php.net/archive/2012.php#id2012-04-26-1
Solution
Risk Factor
High
CVSS Base Score
CVSS Temporal Score
10.120.120.209 25
References
BID 51954
BID 53403
BID 55297
CVE CVE-2011-1398
CVE CVE-2012-0831
CVE CVE-2012-1172
Plugin Information
Plugin Output
tcp/443

10.120.120.209 26
58988 - PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution
Synopsis
The remote web server uses a version of PHP that is affected by a remote code execution vulnerability.
Description
According to its banner, the version of PHP installed on the remote host is earlier than 5.3.12 / 5.4.2, and as
such is potentially affected by a remote code execution and information disclosure vulnerability.
An error in the file 'sapi/cgi/cgi_main.c' can allow a remote attacker to obtain PHP source code from the web
server or to potentially execute arbitrary code. In vulnerable configurations, PHP treats certain query string
parameters as command line arguments including switches such as '-s', '-d', and '-c'.
Note that this vulnerability is exploitable only when PHP is used in CGI-based configurations. Apache with
'mod_php' is not an exploitable configuration.
See Also
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
Solution
Upgrade to PHP version 5.3.12 / 5.4.2 or later. A 'mod_rewrite'

workaround is available as well.
Risk Factor
High
CVSS Base Score
CVSS Temporal Score
6.5 (CVSS2#E:H/RL:OF/RC:C)
References
BID 53388
CVE CVE-2012-1823
XREF CERT:520827
10.120.120.209 27
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Plugin Output
tcp/443

Fixed version : 5.3.12 / 5.4.2
10.120.120.209 28
Synopsis
Description
According to its banner, the version of PHP installed on the remote host is older than 5.3.9. As such, it may be
affected by the following security issues :
- The 'is_a()' function in PHP 5.3.7 and 5.3.8 triggers a call to '__autoload()'. (CVE-2011-3379)
- It is possible to create a denial of service condition by sending multiple, specially crafted requests containing
parameter values that cause hash collisions when computing the hash values for storage in a hash table.
(CVE-2011-4885)
- An integer overflow exists in the exif_process_IFD_TAG function in exif.c that can allow a remote attacker
to read arbitrary memory locations or cause a denial of service condition. This vulnerability only affects PHP
5.4.0beta2 on 32-bit platforms. (CVE-2011-4566)
- Calls to libxslt are not restricted via xsltSetSecurityPrefs(), which could allow an attacker to create or overwrite
files, resulting in arbitrary code execution. (CVE-2012-0057)
- An error exists in the function 'tidy_diagnose' that can allow an attacker to cause the application to dereference
a NULL pointer. This causes the application to crash. (CVE-2012-0781)
- The 'PDORow' implementation contains an error that can cause application crashes when interacting with the
session feature. (CVE-2012-0788)
- An error exists in the timezone handling such that repeated calls to the function 'strtotime' can allow a denial of
service attack via memory consumption.
(CVE-2012-0789)
See Also
https://www.tenable.com/security/research/tra-2012-01
http://xhe.myxwiki.org/xwiki/bin/view/XSLT/Application_PHP5
https://seclists.org/bugtraq/2012/Jan/91
Solution
10.120.120.209 29
Risk Factor
High
CVSS Base Score
CVSS Temporal Score
6.5 (CVSS2#E:H/RL:OF/RC:C)
References
BID 49754
BID 50907
BID 51193
BID 51806
BID 51952
BID 51992
BID 52043
CVE CVE-2011-3379
CVE CVE-2011-4566
CVE CVE-2011-4885
CVE CVE-2012-0057
CVE CVE-2012-0781
CVE CVE-2012-0788
CVE CVE-2012-0789
XREF TRA:TRA-2012-01
Exploitable With
Core Impact (true)
Plugin Information
Plugin Output
tcp/443

10.120.120.209 30
20007 - SSL Version 2 and 3 Protocol Detection
Synopsis
The remote service encrypts traffic using a protocol with known weaknesses.
Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are
affected by several cryptographic flaws, including:
- An insecure padding scheme with CBC ciphers.
- Insecure session renegotiation and resumption schemes.
An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications between
the affected service and clients.
Although SSL/TLS has a secure means for choosing the highest supported version of the protocol (so that
these versions will be used only if the client or server support nothing better), many web browsers implement
this in an unsafe way that allows an attacker to downgrade a connection (such as in POODLE). Therefore, it is
recommended that these protocols be disabled entirely.
NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of
enforcement found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC's definition of 'strong
cryptography'.
See Also
https://www.schneier.com/academic/paperfiles/paper-ssl.pdf
http://www.nessus.org/u?b06c7e95
http://www.nessus.org/u?247c4540
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.nessus.org/u?5d15ba70
https://www.imperialviolet.org/2014/10/14/poodle.html
https://tools.ietf.org/html/rfc7507
Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.

Use TLS 1.1 (with approved cipher suites) or higher instead.
Risk Factor
High
10.120.120.209 31
CVSS Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N)
Plugin Information
Plugin Output
tcp/443
- SSLv3 is enabled and the server supports at least one cipher.

Explanation: TLS 1.0 and SSL 3.0 cipher suites may be used with SSLv3
Low Strength Ciphers (<= 64-bit key)
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES-CBC(56) Mac=SHA1

DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
High Strength Ciphers (>= 112-bit key)
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
10.120.120.209 32
Synopsis
Description
cryptography'.
See Also
Solution

Risk Factor
High
10.120.120.209 33
CVSS Base Score
Plugin Information
Plugin Output
tcp/993

EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES-CBC(40) Mac=SHA1

export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2-CBC(40) Mac=MD5
export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5
export

Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 34
Synopsis
Description
cryptography'.
See Also
Solution

Risk Factor
High
10.120.120.209 35
CVSS Base Score
Plugin Information
Plugin Output
tcp/995


export
export
export

Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 36
12085 - Apache Tomcat Default Files
Synopsis
The remote web server contains default files.
Description
The default error page, default index page, example JSPs and/or example servlets are installed on the remote
Apache Tomcat server. These files should be removed as they may help an attacker uncover information about
the remote Tomcat install or host itself.
See Also
http://www.nessus.org/u?4cb3b4dd
https://www.owasp.org/index.php/Securing_tomcat
Solution
Delete the default index page and remove the example JSP and servlets. Follow the Tomcat or OWASP
instructions to replace or modify the default error page.
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin Information
Plugin Output
tcp/8080
The following default files were found :
http://10.120.120.209:8080/docs/
http://10.120.120.209:8080/examples/servlets/index.html
http://10.120.120.209:8080/examples/jsp/index.html
The server is not configured to return a custom page in the event of a client requesting a non-
existent resource.
10.120.120.209 37
This may result in a potential disclosure of sensitive information about the server to attackers.
10.120.120.209 38
11213 - HTTP TRACE / TRACK Methods Allowed
Synopsis
Debugging functions are enabled on the remote web server.
Description
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods
that are used to debug web server connections.
See Also
https://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
http://www.apacheweek.com/issues/03-01-24
https://download.oracle.com/sunalerts/1000718.1.html
Solution
Disable these methods. Refer to the plugin output for more information.
Risk Factor
Medium
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
References
BID 9506
BID 9561
BID 11604
BID 33374
10.120.120.209 39
BID 37995
CVE CVE-2003-1567
CVE CVE-2004-2320
CVE CVE-2010-0386
XREF CERT:288308
XREF CERT:867593
XREF CWE:16
XREF CWE:200
Plugin Information
Plugin Output
tcp/80
To disable these methods, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2

support disabling the TRACE method natively via the 'TraceEnable'
directive.
Nessus sent the following TRACE request :
------------------------------ snip ------------------------------

TRACE /Nessus1026677602.html HTTP/1.1
Connection: Close
Host: 10.120.120.209
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8
------------------------------ snip ------------------------------
and received the following response from the remote server :
------------------------------ snip ------------------------------

HTTP/1.1 200 OK
Date: Fri, 06 Mar 2020 14:25:40 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Transfer-Encoding: chunked
Content-Type: message/http

Connection: Close
Host: 10.120.120.209
Pragma: no-cache
Accept-Language: en
10.120.120.209 40
------------------------------ snip ------------------------------
10.120.120.209 41
11213 - HTTP TRACE / TRACK Methods Allowed
Synopsis
Debugging functions are enabled on the remote web server.
Description
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods
that are used to debug web server connections.
See Also
https://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
http://www.apacheweek.com/issues/03-01-24
https://download.oracle.com/sunalerts/1000718.1.html
Solution
Disable these methods. Refer to the plugin output for more information.
Risk Factor
Medium
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
CVSS Temporal Score
References
BID 9506
BID 9561
BID 11604
BID 33374
10.120.120.209 42
BID 37995
CVE CVE-2003-1567
CVE CVE-2004-2320
CVE CVE-2010-0386
XREF CERT:288308
XREF CERT:867593
XREF CWE:16
XREF CWE:200
Plugin Information
Plugin Output
tcp/443
To disable these methods, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2

support disabling the TRACE method natively via the 'TraceEnable'
directive.
Nessus sent the following TRACE request :
------------------------------ snip ------------------------------

Connection: Close
Host: 10.120.120.209
Pragma: no-cache
Accept-Language: en
------------------------------ snip ------------------------------
and received the following response from the remote server :
------------------------------ snip ------------------------------

HTTP/1.1 200 OK
Date: Fri, 06 Mar 2020 14:25:40 GMT
Connection: close
Content-Type: message/http

Connection: Close
Host: 10.120.120.209
Pragma: no-cache
Accept-Language: en
10.120.120.209 43
------------------------------ snip ------------------------------
10.120.120.209 44
Synopsis
Description
According to its banner, the version of PHP installed on the remote host is older than 5.2.10. Such versions are
reportedly affected by multiple vulnerabilities :
- Sufficient checks are not performed on fields reserved for offsets in function 'exif_read_data()'. Successful
exploitation of this issue could result in a denial of service condition. (bug 48378)
- Provided 'safe_mode_exec_dir' is not set (not set by default), it may be possible to bypass 'safe_mode'
restrictions by preceding a backslash in functions such as 'exec()', 'system()', 'shell_exec()', 'passthru()' and
'popen()' on a system running PHP on Windows. (bug 45997)
See Also
Solution
Risk Factor
Medium
CVSS Base Score
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
References
BID 35440
BID 35435
CVE CVE-2009-2687
XREF Secunia:35441
XREF CWE:20
10.120.120.209 45
Plugin Information
Plugin Output
tcp/443

10.120.120.209 46
Synopsis
Description
- It is possible to bypass the 'safe_mode' configuration setting using 'tempnam()'. (CVE-2009-3557)
- It is possible to bypass the 'open_basedir' configuration setting using 'posix_mkfifo()'. (CVE-2009-3558)
- Provided file uploading is enabled (it is by default), an attacker can upload files using a POST request with
'multipart/form-data' content even if the target script doesn't actually support file uploads per se. By supplying a
large number (15,000+) of files, an attacker could cause the web server to stop responding while it processes
the file list. (CVE-2009-4017)
- Missing protection for '$_SESSION' from interrupt corruption and improved 'session.save_path' check.
(CVE-2009-4143)
- Insufficient input string validation in the 'htmlspecialchars()' function. (CVE-2009-4142)
See Also
http://www.nessus.org/u?57f2d08f
Solution
Risk Factor
Medium
CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
References
BID 37389
10.120.120.209 47
BID 37390
CVE CVE-2009-3557
CVE CVE-2009-3558
CVE CVE-2009-4017
CVE CVE-2009-4142
CVE CVE-2009-4143
XREF Secunia:37821
XREF CWE:79
XREF CWE:264
Plugin Information
Plugin Output
tcp/443

10.120.120.209 48
Synopsis
Description
be affected by various issues, including but not limited to several overflows.
See Also
Solution
Risk Factor
Medium
CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
References
BID 24661
BID 24261
BID 24922
BID 25498
CVE CVE-2007-1413
CVE CVE-2007-2872
CVE CVE-2007-3294
CVE CVE-2007-3378
CVE CVE-2007-3790
CVE CVE-2007-3799
CVE CVE-2007-3806
CVE CVE-2007-4010
CVE CVE-2007-4033
10.120.120.209 49
CVE CVE-2007-4255
CVE CVE-2007-4507
CVE CVE-2007-4652
CVE CVE-2007-4658
CVE CVE-2007-4659
CVE CVE-2007-4660
CVE CVE-2007-4661
CVE CVE-2007-4662
CVE CVE-2007-4663
XREF CWE:20
XREF CWE:22
XREF CWE:119
XREF CWE:189
XREF CWE:362
XREF CWE:399
Plugin Information
Plugin Output
tcp/443

10.120.120.209 50
Synopsis
Description
be affected by various issues, including but not limited to several buffer overflows.
See Also
Solution
Risk Factor
Medium
CVSS Base Score
4.4 (CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
References
BID 26403
BID 69246
CVE CVE-2007-3996
CVE CVE-2007-4782
CVE CVE-2007-4783
CVE CVE-2007-4784
CVE CVE-2007-4825
CVE CVE-2007-4840
CVE CVE-2007-4887
CVE CVE-2007-4889
CVE CVE-2007-5447
CVE CVE-2007-5653
CVE CVE-2007-5898
10.120.120.209 51
CVE CVE-2007-5899
CVE CVE-2007-5900
CVE CVE-2008-2107
CVE CVE-2008-2108
CVE CVE-2008-4107
XREF CWE:20
XREF CWE:22
XREF CWE:78
XREF CWE:94
XREF CWE:189
XREF CWE:200
XREF CWE:264
Plugin Information
Plugin Output
tcp/443

10.120.120.209 52
Synopsis
Description
- Background color is not correctly validated with a non true color image in function 'imagerotate()'.
(CVE-2008-5498)
- A denial of service condition can be triggered by trying to extract zip files that contain files with relative paths in
file or directory names.
- Function 'explode()' is affected by an unspecified vulnerability.
- It may be possible to trigger a segfault by passing a specially crafted string to function 'json_decode()'.
- Function 'xml_error_string()' is affected by a flaw which results in messages being off by one.
See Also
http://news.php.net/php.internals/42762
Solution
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
References
BID 33002
BID 33927
10.120.120.209 53
CVE CVE-2008-5498
CVE CVE-2009-1271
CVE CVE-2009-1272
XREF Secunia:34081
XREF CWE:20
XREF CWE:200
Plugin Information
Plugin Output
tcp/443

10.120.120.209 54
44921 - PHP < 5.3.2 / 5.2.13 Multiple Vulnerabilities
Synopsis
Description
According to its banner, the version of PHP installed on the remote host is older than 5.3.2 / 5.2.13. Such
versions may be affected by several security issues :
- Directory paths not ending with '/' may not be correctly validated inside 'tempnam()' in 'safe_mode'
configuration.
- It may be possible to bypass the 'open_basedir'/ 'safe_mode' configuration restrictions due to an error in
session extensions.
- An unspecified vulnerability affects the LCG entropy.
See Also
http://securityreason.com/achievement_securityalert/82
http://securityreason.com/securityalert/7008
https://seclists.org/fulldisclosure/2010/Feb/208
Solution
Upgrade to PHP version 5.3.2 / 5.2.13 or later.
Risk Factor
Medium
CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score
References
BID 38182
10.120.120.209 55
BID 38430
BID 38431
CVE CVE-2010-1128
CVE CVE-2010-1129
CVE CVE-2010-1130
XREF Secunia:38708
Plugin Information
Plugin Output
tcp/443

10.120.120.209 56
73289 - PHP PHP_RSHUTDOWN_FUNCTION Security Bypass
Synopsis
The remote web server uses a version of PHP that is potentially affected by a security bypass vulnerability.
Description
According to its banner, the version of PHP 5.x installed on the remote host is 5.x prior to 5.3.11 or 5.4.x prior to
5.4.1 and thus, is potentially affected by a security bypass vulnerability.
An error exists related to the function 'PHP_RSHUTDOWN_FUNCTION' in the libxml extension and the
'stream_close' method that could allow a remote attacker to bypass 'open_basedir' protections and obtain
sensitive information.
Note that this plugin has not attempted to exploit this issue, but has instead relied only on PHP's self-reported
version number.
See Also
http://www.nessus.org/u?bcc428c2
Solution
Upgrade to PHP version 5.3.11 / 5.4.1 or later.
Risk Factor
Medium
CVSS Base Score
CVSS Temporal Score
References
BID 65673
CVE CVE-2012-1171
Plugin Information
10.120.120.209 57
Plugin Output
tcp/443

10.120.120.209 58
90317 - SSH Weak Algorithms Supported
Synopsis
The remote SSH server is configured to allow weak encryption algorithms or no algorithm at all.
Description
Nessus has detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at
all. RFC 4253 advises against using Arcfour due to an issue with weak keys.
See Also
https://tools.ietf.org/html/rfc4253#section-6.3
Solution
Contact the vendor or consult product documentation to remove the weak ciphers.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information
Plugin Output
tcp/22
The following weak server-to-client encryption algorithms are supported :
arcfour
arcfour128
arcfour256
The following weak client-to-server encryption algorithms are supported :
arcfour
arcfour128
arcfour256
10.120.120.209 59
51192 - SSL Certificate Cannot Be Trusted
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the
chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate
authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when
intermediate certificates are missing that would connect the top of the certificate chain to a known public
certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur
either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's
'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could
not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its
issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that
Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify
the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks
against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Purchase or generate a proper certificate for this service.
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS Base Score
10.120.120.209 60
Plugin Information
Plugin Output
tcp/110
The following certificate was part of the certificate chain

sent by the remote host, but it has expired :
|-Subject : C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/
CN=localhost.localdomain/[email protected]
|-Not After : Oct 18 14:51:55 2019 GMT
The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Issuer : C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/
10.120.120.209 61
Synopsis
Description
'notAfter' dates.
See Also
Solution
Risk Factor
Medium
CVSS Base Score
10.120.120.209 62
Plugin Information
Plugin Output
tcp/143

|-Not After : Oct 18 14:51:55 2019 GMT

10.120.120.209 63
Synopsis
Description
'notAfter' dates.
See Also
Solution
Risk Factor
Medium
CVSS Base Score
10.120.120.209 64
Plugin Information
Plugin Output
tcp/443

|-Not After : Oct 18 14:52:14 2019 GMT

10.120.120.209 65
Synopsis
Description
'notAfter' dates.
See Also
Solution
Risk Factor
Medium
CVSS Base Score
10.120.120.209 66
Plugin Information
Plugin Output
tcp/993

|-Not After : Oct 18 14:51:55 2019 GMT

10.120.120.209 67
Synopsis
Description
'notAfter' dates.
See Also
Solution
Risk Factor
Medium
CVSS Base Score
10.120.120.209 68
Plugin Information
Plugin Output
tcp/995

|-Not After : Oct 18 14:51:55 2019 GMT

10.120.120.209 69
Synopsis
Description
'notAfter' dates.
See Also
Solution
Risk Factor
Medium
CVSS Base Score
10.120.120.209 70
Plugin Information
Plugin Output
tcp/10000

|-Subject : O=Webmin Webserver on voipcall/CN=*/E=root@voipcall

|-Issuer : O=Webmin Webserver on voipcall/CN=*/E=root@voipcall
10.120.120.209 71
15901 - SSL Certificate Expiry
Synopsis
The remote server's SSL certificate has already expired.
Description
This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and reports
whether any have already expired.
Solution
Purchase or generate a new SSL certificate to replace the existing one.
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Plugin Output
tcp/110
The SSL certificate has already expired :
Subject : C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit,

CN=localhost.localdomain, [email protected]
Issuer : C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit,
Not valid before : Oct 18 14:51:55 2018 GMT
Not valid after : Oct 18 14:51:55 2019 GMT
10.120.120.209 72
Synopsis
Description
Solution
Risk Factor
Medium
CVSS Base Score
Plugin Information
Plugin Output
tcp/143

10.120.120.209 73
Synopsis
Description
Solution
Risk Factor
Medium
CVSS Base Score
Plugin Information
Plugin Output
tcp/443

10.120.120.209 74
Synopsis
Description
Solution
Risk Factor
Medium
CVSS Base Score
Plugin Information
Plugin Output
tcp/993

10.120.120.209 75
Synopsis
Description
Solution
Risk Factor
Medium
CVSS Base Score
Plugin Information
Plugin Output
tcp/995

10.120.120.209 76
35291 - SSL Certificate Signed Using Weak Hashing Algorithm
Synopsis
An SSL certificate in the certificate chain has been signed using a weak hash algorithm.
Description
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing
algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision
attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an
attacker to masquerade as the affected service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as
vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.
Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been
ignored.
See Also
http://www.nessus.org/u?9bb87bf2
http://www.nessus.org/u?e120eea1
http://www.nessus.org/u?5d894816
http://www.nessus.org/u?51db68aa
http://www.nessus.org/u?9dc7bfba
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
Medium
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVSS Base Score
10.120.120.209 77
CVSS Temporal Score
References
BID 11849
BID 33065
CVE CVE-2004-2761
XREF CERT:836068
XREF CWE:310
Plugin Information
Plugin Output
tcp/110
The following certificates were part of the certificate chain sent by

the remote host, but contain hashes that are considered to be weak.
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Oct 18 14:51:55 2018 GMT
|-Valid To : Oct 18 14:51:55 2019 GMT
10.120.120.209 78
Synopsis
Description
ignored.
See Also
Solution
Risk Factor
Medium
CVSS Base Score
10.120.120.209 79
CVSS Temporal Score
References
BID 11849
BID 33065
CVE CVE-2004-2761
XREF CERT:836068
XREF CWE:310
Plugin Information
Plugin Output
tcp/143

|-Valid To : Oct 18 14:51:55 2019 GMT
10.120.120.209 80
Synopsis
Description
ignored.
See Also
Solution
Risk Factor
Medium
CVSS Base Score
10.120.120.209 81
CVSS Temporal Score
References
BID 11849
BID 33065
CVE CVE-2004-2761
XREF CERT:836068
XREF CWE:310
Plugin Information
Plugin Output
tcp/443

|-Valid To : Oct 18 14:52:14 2019 GMT
10.120.120.209 82
Synopsis
Description
ignored.
See Also
Solution
Risk Factor
Medium
CVSS Base Score
10.120.120.209 83
CVSS Temporal Score
References
BID 11849
BID 33065
CVE CVE-2004-2761
XREF CERT:836068
XREF CWE:310
Plugin Information
Plugin Output
tcp/993

|-Valid To : Oct 18 14:51:55 2019 GMT
10.120.120.209 84
Synopsis
Description
ignored.
See Also
Solution
Risk Factor
Medium
CVSS Base Score
10.120.120.209 85
CVSS Temporal Score
References
BID 11849
BID 33065
CVE CVE-2004-2761
XREF CERT:836068
XREF CWE:310
Plugin Information
Plugin Output
tcp/995

|-Valid To : Oct 18 14:51:55 2019 GMT
10.120.120.209 86
Synopsis
Description
ignored.
See Also
Solution
Risk Factor
Medium
CVSS Base Score
10.120.120.209 87
CVSS Temporal Score
References
BID 11849
BID 33065
CVE CVE-2004-2761
XREF CERT:836068
XREF CWE:310
Plugin Information
Plugin Output
tcp/10000


|-Valid To : Oct 17 16:17:13 2023 GMT
10.120.120.209 88
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards
medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses
the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same
physical network.
See Also
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://sweet32.info
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS Base Score
References
CVE CVE-2016-2183
Plugin Information
Plugin Output
tcp/110
10.120.120.209 89
Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 90
Synopsis
Description
physical network.
See Also
Solution
Risk Factor
Medium
CVSS Base Score
References
CVE CVE-2016-2183
Plugin Information
Plugin Output
tcp/443
10.120.120.209 91

Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 92
Synopsis
Description
physical network.
See Also
Solution
Risk Factor
Medium
CVSS Base Score
References
CVE CVE-2016-2183
Plugin Information
Plugin Output
tcp/993
10.120.120.209 93
Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 94
Synopsis
Description
physical network.
See Also
Solution
Risk Factor
Medium
CVSS Base Score
References
CVE CVE-2016-2183
Plugin Information
Plugin Output
tcp/995
10.120.120.209 95
Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 96
65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
Synopsis
The remote service supports the use of the RC4 cipher.
Description
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small
biases are introduced into the stream, decreasing its randomness.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of
millions) ciphertexts, the attacker may be able to derive the plaintext.
See Also
https://www.rc4nomore.com/
http://www.nessus.org/u?ac7327a0
http://cr.yp.to/talks/2013.03.12/slides.pdf
http://www.isg.rhul.ac.uk/tls/
https://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf
Solution
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-
GCM suites subject to browser and web server support.
Risk Factor
Medium
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.4 (CVSS:3.0/E:U/RL:X/RC:C)
CVSS Base Score
CVSS Temporal Score
3.7 (CVSS2#E:U/RL:ND/RC:C)
10.120.120.209 97
References
BID 58796
BID 73684
CVE CVE-2013-2566
CVE CVE-2015-2808
Plugin Information
Plugin Output
tcp/110
List of RC4 cipher suites supported by the remote server :

export

Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 98
Synopsis
Description
See Also
Solution
Risk Factor
Medium
CVSS Base Score
CVSS Temporal Score
10.120.120.209 99
References
BID 58796
BID 73684
CVE CVE-2013-2566
CVE CVE-2015-2808
Plugin Information
Plugin Output
tcp/443

Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 100
Synopsis
Description
See Also
Solution
Risk Factor
Medium
CVSS Base Score
CVSS Temporal Score
10.120.120.209 101
References
BID 58796
BID 73684
CVE CVE-2013-2566
CVE CVE-2015-2808
Plugin Information
Plugin Output
tcp/993

export

Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 102
Synopsis
Description
See Also
Solution
Risk Factor
Medium
CVSS Base Score
CVSS Temporal Score
10.120.120.209 103
References
BID 58796
BID 73684
CVE CVE-2013-2566
CVE CVE-2015-2808
Plugin Information
Plugin Output
tcp/995

export

Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 104
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host
is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is
signed by an unrecognized certificate authority.
Solution
Risk Factor
Medium
CVSS Base Score
Plugin Information
Plugin Output
tcp/110
The following certificate was found at the top of the certificate

chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
10.120.120.209 105
Synopsis
Description
Solution
Risk Factor
Medium
CVSS Base Score
Plugin Information
Plugin Output
tcp/143

10.120.120.209 106
Synopsis
Description
Solution
Risk Factor
Medium
CVSS Base Score
Plugin Information
Plugin Output
tcp/443

10.120.120.209 107
Synopsis
Description
Solution
Risk Factor
Medium
CVSS Base Score
Plugin Information
Plugin Output
tcp/993

10.120.120.209 108
Synopsis
Description
Solution
Risk Factor
Medium
CVSS Base Score
Plugin Information
Plugin Output
tcp/995

10.120.120.209 109
Synopsis
Description
Solution
Risk Factor
Medium
CVSS Base Score
Plugin Information
Plugin Output
tcp/10000

10.120.120.209 110
26928 - SSL Weak Cipher Suites Supported
Synopsis
The remote service supports the use of weak SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer weak encryption.
Note: This is considerably easier to exploit if the attacker is on the same physical network.
See Also
http://www.nessus.org/u?6527892d
Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.
Risk Factor
Medium
CVSS Base Score
References
XREF CWE:326
XREF CWE:327
XREF CWE:720
XREF CWE:753
XREF CWE:803
XREF CWE:928
XREF CWE:934
Plugin Information
Plugin Output
10.120.120.209 111
tcp/110
Here is the list of weak SSL ciphers supported by the remote server :

export
export
export
Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 112
Synopsis
Description
See Also
Solution
Risk Factor
Medium
CVSS Base Score
References
XREF CWE:326
XREF CWE:327
XREF CWE:720
XREF CWE:753
XREF CWE:803
XREF CWE:928
XREF CWE:934
Plugin Information
Plugin Output
10.120.120.209 113
tcp/443

Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 114
Synopsis
Description
See Also
Solution
Risk Factor
Medium
CVSS Base Score
References
XREF CWE:326
XREF CWE:327
XREF CWE:720
XREF CWE:753
XREF CWE:803
XREF CWE:928
XREF CWE:934
Plugin Information
Plugin Output
10.120.120.209 115
tcp/993

export
export
export
Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 116
Synopsis
Description
See Also
Solution
Risk Factor
Medium
CVSS Base Score
References
XREF CWE:326
XREF CWE:327
XREF CWE:720
XREF CWE:753
XREF CWE:803
XREF CWE:928
XREF CWE:934
Plugin Information
Plugin Output
10.120.120.209 117
tcp/995

export
export
export
Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 118
81606 - SSL/TLS EXPORT_RSA <= 512-bit Cipher Suites Supported (FREAK)
Synopsis
The remote host supports a set of weak ciphers.
Description
The remote host supports EXPORT_RSA cipher suites with keys less than or equal to 512 bits. An attacker can
factor a 512-bit RSA modulus in a short amount of time.
A man-in-the middle attacker may be able to downgrade the session to use EXPORT_RSA cipher suites (e.g.
CVE-2015-0204). Thus, it is recommended to remove support for weak cipher suites.
See Also
https://www.smacktls.com/#freak
https://www.openssl.org/news/secadv/20150108.txt
http://www.nessus.org/u?b78da2c4
Solution
Reconfigure the service to remove support for EXPORT_RSA cipher suites.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
References
BID 71936
CVE CVE-2015-0204
XREF CERT:243585
Plugin Information
Plugin Output
10.120.120.209 119
tcp/110
EXPORT_RSA cipher suites supported by the remote server :

export
export
export
Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 120
Synopsis
Description
See Also
Solution
Risk Factor
Medium
CVSS Base Score
CVSS Temporal Score
References
BID 71936
CVE CVE-2015-0204
XREF CERT:243585
Plugin Information
Plugin Output
10.120.120.209 121
tcp/993

export
export
export
Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 122
Synopsis
Description
See Also
Solution
Risk Factor
Medium
CVSS Base Score
CVSS Temporal Score
References
BID 71936
CVE CVE-2015-0204
XREF CERT:243585
Plugin Information
Plugin Output
10.120.120.209 123
tcp/995

export
export
export
Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 124
15855 - POP3 Cleartext Logins Permitted
Synopsis
The remote POP3 daemon allows credentials to be transmitted in cleartext.
Description
The remote host is running a POP3 daemon that allows cleartext logins over unencrypted connections. An
attacker can uncover user names and passwords by sniffing traffic to the POP3 daemon if a less secure
authentication mechanism (eg, USER command, AUTH PLAIN, AUTH LOGIN) is used.
See Also
Solution
Contact your vendor for a fix or encrypt traffic with SSL / TLS using stunnel.
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information
Plugin Output
tcp/110
The following cleartext methods are supported :

USER
10.120.120.209 125
70658 - SSH Server CBC Mode Ciphers Enabled
Synopsis
The SSH server is configured to use Cipher Block Chaining.
Description
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to
recover the plaintext message from the ciphertext.
Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software
versions.
Solution
Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR
or GCM cipher mode encryption.
Risk Factor
Low
CVSS Base Score
CVSS Temporal Score
References
BID 32319
CVE CVE-2008-5161
XREF CERT:958563
XREF CWE:200
Plugin Information
Plugin Output
tcp/22
The following client-to-server Cipher Block Chaining (CBC) algorithms

are supported :
10.120.120.209 126
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
[email protected]
The following server-to-client Cipher Block Chaining (CBC) algorithms

are supported :
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
[email protected]
10.120.120.209 127
71049 - SSH Weak MAC Algorithms Enabled
Synopsis
The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms.
Description
The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are
considered weak.
Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software
versions.
Solution
Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.
Risk Factor
Low
CVSS Base Score
Plugin Information
Plugin Output
tcp/22
The following client-to-server Message Authentication Code (MAC) algorithms

are supported :
hmac-md5
hmac-md5-96
hmac-sha1-96
The following server-to-client Message Authentication Code (MAC) algorithms

are supported :
hmac-md5
hmac-md5-96
hmac-sha1-96
10.120.120.209 128
69551 - SSL Certificate Chain Contains RSA Keys Less Than 2048 bits
Synopsis
The X.509 certificate chain used by this service contains certificates with RSA keys shorter than 2048 bits.
Description
At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According
to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued after January 1,
2014 must be at least 2048 bits.
Some browser SSL implementations may reject keys less than 2048 bits after January 1, 2014. Additionally,
some SSL certificate vendors may revoke certificates less than 2048 bits before January 1, 2014.
Note that Nessus will not flag root certificates with RSA keys less than 2048 bits if they were issued prior to
December 31, 2010, as the standard considers them exempt.
See Also
https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf
Solution
Replace the certificate in the chain with the RSA key less than 2048 bits in length with a longer key, and reissue
any certificates signed by the old certificate.
Risk Factor
Low
Plugin Information
Plugin Output
tcp/443
The following certificates were part of the certificate chain

sent by the remote host, but contain RSA keys that are considered
to be weak :
|-RSA Key Length : 1024 bits
10.120.120.209 129
21186 - AJP Connector Detection
Synopsis
There is an AJP connector listening on the remote host.
Description
The remote host is running an AJP (Apache JServ Protocol) connector, a service by which a standalone web
server such as Apache communicates over TCP with a Java servlet container such as Tomcat.
See Also
http://tomcat.apache.org/connectors-doc/
http://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8009
The connector listing on this port supports the ajp13 protocol.
10.120.120.209 130
18261 - Apache Banner Linux Distribution Disclosure
Synopsis
The name of the Linux distribution running on the remote host was found in the banner of the web server.
Description
Nessus was able to extract the banner of the Apache web server and determine which Linux distribution the
remote host is running.
Solution
If you do not wish to display this information, edit 'httpd.conf' and set the directive 'ServerTokens Prod' and
restart Apache.
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
The Linux distribution detected was :

- CentOS 5
10.120.120.209 131
48204 - Apache HTTP Server Version
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the
version number from the banner.
See Also
https://httpd.apache.org/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80
URL : http://10.120.120.209/
Version : 2.2.99
backported : 1
os : ConvertedCentOS
10.120.120.209 132
48204 - Apache HTTP Server Version
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the
version number from the banner.
See Also
https://httpd.apache.org/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443
URL : https://10.120.120.209/
Version : 2.2.99
backported : 1
os : ConvertedCentOS
10.120.120.209 133
39446 - Apache Tomcat Detection
Synopsis
The remote web server is an Apache Tomcat server.
Description
Nessus was able to detect a remote Apache Tomcat web server.
See Also
https://tomcat.apache.org/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8080
URL : http://10.120.120.209:8080/
Version : 7.0.35
backported : 1
source : Apache Tomcat/7.0.35
10.120.120.209 134
63202 - Asterisk Detection
Synopsis
The remote host is running a PBX.
Description
One or more Asterisk SIP services are listening on the remote host.
This is an indication that Asterisk PBX is running on the remote host.
See Also
https://www.asterisk.org/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/5060
Nessus found the following Asterisk SIP service :
SIP banner : FPBX-2.11.0(11.25.0)

Version : 11.25.0
10.120.120.209 135
39520 - Backported Security Patch Detection (SSH)
Synopsis
Security patches are backported.
Description
Security patches may have been 'backported' to the remote SSH server without changing its version number.
Banner-based checks have been disabled to avoid false positives.
Note that this test is informational only and does not denote any security problem.
See Also
https://access.redhat.com/security/updates/backporting/?sc_cid=3093
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22
Give Nessus credentials to perform local checks.
10.120.120.209 136
39521 - Backported Security Patch Detection (WWW)
Synopsis
Description
Security patches may have been 'backported' to the remote HTTP server without changing its version number.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80
10.120.120.209 137
Synopsis
Description
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443
10.120.120.209 138
Synopsis
Description
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8080
10.120.120.209 139
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration)
matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on
the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21
Plugin Output
tcp/0
The remote operating system matched the following CPE :
cpe:/o:centos:centos:5 -> CentOS-5
Following application CPE's matched on the remote system :
cpe:/a:apache:http_server:2.2.3 -> Apache Software Foundation Apache HTTP Server 2.2.3

cpe:/a:apache:http_server:2.2.99
cpe:/a:apache:tomcat:7.0.35 -> Apache Software Foundation Tomcat 7.0.35
cpe:/a:jquery:jquery:1.11.2
cpe:/a:mysql:mysql:5.0.95 -> MySQL5.0.95
cpe:/a:openbsd:openssh:4.3 -> OpenBSD OpenSSH 4.3
cpe:/a:php:php:5.1.6 -> PHP PHP 5.1.6
cpe:/a:webmin:webmin:1.740 -> Webmin 1.740
10.120.120.209 140
54615 - Device Type
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,
router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
Remote device type : general-purpose

Confidence level : 95
10.120.120.209 141
19689 - Embedded Web Server Detection
Synopsis
The remote web server is embedded.
Description
The remote web server cannot host user-supplied CGIs. CGI scanning will be disabled on this server.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/10000
10.120.120.209 142
117530 - Errors in nessusd.dump
Synopsis
This plugin parses information from the nessusd.dump log file and reports on errors.
Description
This plugin parses information from the nessusd.dump log file and reports on errors.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
The nessusd.dump log file contained errors from the following plugins:
- ssl_deprecated_ciphers_89.nasl reported 2 errors

- ssl_deprecated_ciphers.nasl reported 2 errors
- sip_enumeration.nasl reported 1 error
10.120.120.209 143
84502 - HSTS Missing From HTTPS Server
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). The lack of HSTS allows
downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443
The remote HTTPS server does not send the HTTP

"Strict-Transport-Security" header.
10.120.120.209 144
10107 - HTTP Server Type and Version
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80
The remote web server type is :
Apache/2.2.3 (CentOS)
10.120.120.209 145
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443
Apache/2.2.3 (CentOS)
10.120.120.209 146
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8080
Apache-Coyote/1.1
10.120.120.209 147
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/10000
MiniServ/1.740
10.120.120.209 148
76347 - HylaFAX Installed
Synopsis
A fax utility is installed on the remote host.
Description
HylaFAX, an application for sending and receiving facsimiles and alpha-numeric pages, is installed on the
remote host.
See Also
http://www.hylafax.org/content/Main_Page
http://hylafax.sourceforge.net/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/4559
Source : 220 localhost server (HylaFAX (tm) Version 4.3.11) ready.

Version : 4.3.11
10.120.120.209 149
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive
and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80
Response Code : HTTP/1.1 302 Found
Protocol version : HTTP/1.1

SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Date: Fri, 06 Mar 2020 14:25:18 GMT

Location: https://10.120.120.209/
Content-Length: 286
Connection: close
Content-Type: text/html; charset=iso-8859-1
Response Body :
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://10.120.120.209/">here</a>.</p>
<hr>
<address>Apache/2.2.3 (CentOS) Server at 10.120.120.209 Port 80</address>
</body></html>
10.120.120.209 150
10.120.120.209 151
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443
Response Code : HTTP/1.1 200 OK

SSL : yes
Keep-Alive : no
Options allowed : GET,HEAD,POST,OPTIONS,TRACE
Headers :
Date: Fri, 06 Mar 2020 14:25:18 GMT

X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 5408
Connection: close
Content-Type: text/html; charset=UTF-8
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
10.120.120.209 152
<meta name="description" content="Neon Admin Panel" />
<meta name="author" content="" />
<title>Elastix - PÃ¡gina de Ingreso</title>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Noto+Sans:400,700,400italic">

<link rel="stylesheet" href="themes/tenant/css/bootstrap.css">
<link rel="stylesheet" href="themes/tenant/css/neon-core.css">
<link rel="stylesheet" href="themes/tenant/css/neon-theme.css">
<link rel="stylesheet" href="themes/tenant/css/neon-forms.css">
<link rel="stylesheet" href="themes/tenant/css/custom.css">



<script type='text/javascript' src='libs/js/jquery/jquery-1.11.2.min.js'></script>

<script type='text/javascript' src='libs/js/jquery/jquery-edwidgets.js'></script>
<script type='text/javascript' src='libs/js/jquery/jquery-migrate-1.2.1.js'></script>
<script type='text/javascript' src='libs/js/jquery/jquery-ui-1.11.4.min.js'></script>
<script type='text/javascript' src='libs/js/jquery/jquery-ui-timepicker-addon [...]
10.120.120.209 153
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8080
Response Code : HTTP/1.1 200 OK

SSL : no
Keep-Alive : no
Options allowed : GET, HEAD, POST, PUT, DELETE, OPTIONS
Headers :
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Date: Fri, 06 Mar 2020 14:25:18 GMT
Connection: close
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
<title>Apache Tomcat/7.0.35</title>
<link href="favicon.ico" rel="icon" type="image/x-icon" />
<link href="favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="tomcat.css" rel="stylesheet" type="text/css" />
</head>
10.120.120.209 154
<body>
<div id="wrapper">
<div id="navigation" class="curved container">
<span id="nav-home"><a href="http://tomcat.apache.org/">Home</a></span>
<span id="nav-hosts"><a href="/docs/">Documentation</a></span>
<span id="nav-config"><a href="/docs/config/">Configuration</a></span>
<span id="nav-examples"><a href="/examples/">Examples</a></span>
<span id="nav-wiki"><a href="http://wiki.apache.org/tomcat/FrontPage">Wiki</a></
span>
<span id="nav-lists"><a href="http://tomcat.apache.org/lists.html">Mailing Lists</
a></span>
<span id="nav-help"><a href="http://tomcat.apache.org/findhelp.html">Find Help</a></
span>
<br class="separator" />
</div>
<div id="asf-box">
<h1>Apache Tomcat/7.0.35</h1>
</div>
<div id="upper" class="curved container">
<div id="congrats" class="curved container">
<h2>If you're seeing this, you've successfully installed Tomcat.
Congratulations!</h2>
</div>
<div id="notice">
<img src="tomcat.png" alt="[tomcat logo]" />
<div id="tasks">
<h3>Recommended Reading:</h3>
<h4><a href="/docs/security-howto.ht [...]
10.120.120.209 155
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is
set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based
authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but
usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
CVSS Base Score
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0524
XREF CWE:200
Plugin Information
Plugin Output
icmp/0
The difference between the local and remote clocks is -169 seconds.
10.120.120.209 156
11414 - IMAP Service Banner Retrieval
Synopsis
An IMAP server is running on the remote host.
Description
An IMAP (Internet Message Access Protocol) server is installed and running on the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/143
The remote imap server banner is :
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS] example.com Cyrus IMAP4 v2.3.7-Invoca-

RPM-2.3.7-16.el5_11 server ready
10.120.120.209 157
11414 - IMAP Service Banner Retrieval
Synopsis
An IMAP server is running on the remote host.
Description
An IMAP (Internet Message Access Protocol) server is installed and running on the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/993
The remote imap server banner is :
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR] example.com Cyrus IMAP4 v2.3.7-
Invoca-RPM-2.3.7-16.el5_11 server ready
10.120.120.209 158
42085 - IMAP Service STARTTLS Command Support
Synopsis
The remote mail service supports encrypting traffic.
Description
The remote IMAP service supports the use of the 'STARTTLS' command to switch from a cleartext to an
encrypted communications channel.
See Also
https://en.wikipedia.org/wiki/STARTTLS
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/143
Here is the IMAP server's SSL certificate that Nessus was able to
collect after sending a 'STARTTLS' command :
------------------------------ snip ------------------------------

Subject Name:
Country: --
State/Province: SomeState
Locality: SomeCity
Organization: SomeOrganization
Organization Unit: SomeOrganizationalUnit
Common Name: localhost.localdomain
Email Address: [email protected]
Issuer Name:
Country: --
Locality: SomeCity
10.120.120.209 159
Serial Number: 00
Version: 3
Signature Algorithm: SHA-1 With RSA Encryption
Not Valid Before: Oct 18 14:51:55 2018 GMT

Not Valid After: Oct 18 14:51:55 2019 GMT
Public Key Info:
Algorithm: RSA Encryption

Key Length: 2048 bits
Public Key: 00 D8 45 24 36 5B 6F D4 EE 64 57 F3 E7 6A EF 2A 10 8D C5 BA
51 8C FB 2E 55 0A EE 9F AA 0E 53 1F 8C 2A 7A 80 DE AF 85 C0
76 6A 1F 17 99 DC 23 16 AF 98 DF C5 EA FB 2B BC 3A BC A2 85
F1 99 40 D5 C0 D2 87 F2 7E 00 BB AF 14 39 DF 12 A5 8D 86 B2
EA 6B 4A E8 D3 14 DC DB C7 55 5F B8 22 5E B4 C7 A6 13 4F BD
61 B7 37 BF 83 5F B2 A9 02 37 60 92 F0 E3 F7 BC E9 D2 14 80
FE CD 8F 8D 66 C5 68 B8 09 26 BE 4A 93 61 8C A8 05 83 88 97
C7 99 BD 3B D7 AD EB AA 1A 8B 10 79 5B 56 F1 5B 9B FD 40 4E
7F C1 97 01 5B E9 F0 40 5F 98 AB 4C 49 10 75 81 00 01 86 5F
D2 7A 43 7D 36 18 A9 D4 BC 1C 31 AD BD DC 20 40 63 D8 1A 1A
01 2A EA D4 B8 00 DC 6D 8F 42 2A ED 22 8F 81 A5 67 D7 CF 7B
FF 30 20 80 9F E5 5B D6 5B 12 A1 8A C4 E2 A7 94 99 47 FB E6
3B 25 28 C5 45 A3 95 A9 14 77 E5 FE EA 3B E3 86 7F
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits

Signature: 00 99 BC B0 1E 2B 92 7A E7 5A 28 2D 62 19 1F 93 56 32 BB 3B
9E 94 C5 84 11 F6 B3 CB D7 5B 94 48 68 F9 36 34 31 D5 35 DF
9C 5E D4 70 03 79 31 BB D2 A6 E9 [...]
10.120.120.209 160
20834 - Inter-Asterisk eXchange Protocol Detection
Synopsis
The remote system is running a server that speaks the Inter-Asterisk eXchange Protocol.
Description
The Inter-Asterisk eXchange protocol (IAX2) is used by the Asterisk PBX Server and other IP telephony clients/
servers to enable voice communication between them.
See Also
https://en.wikipedia.org/wiki/IAX
Solution
If possible, filter incoming connections to the port so that it is used by trusted sources only.
Risk Factor
None
Plugin Information
Plugin Output
udp/4569
10.120.120.209 161
106658 - JQuery Detection
Synopsis
The web server on the remote host uses JQuery.
Description
Nessus was able to detect JQuery on the remote host.
See Also
https://jquery.com/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443
URL : https://10.120.120.209/libs/js/jquery/jquery-1.11.2.min.js
Version : 1.11.2
10.120.120.209 162
117886 - Local Checks Not Enabled (info)
Synopsis
Local checks were not enabled.
Description
Nessus did not enable local checks on the remote host. This does not necessarily indicate a problem with the
scan. Credentials may not have been provided, local checks may not be available for the target, the target may
not have been identified, or another issue may have occurred that prevented local checks from being enabled.
See plugin output for details.
This plugin reports informational findings related to local checks not being enabled. For failure information, see
plugin 21745 :
'Authentication Failure - Local Checks Not Run'.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
The following issues were reported :
- Plugin : no_local_checks_credentials.nasl
Plugin ID : 110723
Plugin Name : No Credentials Provided
Message :
Credentials were not provided for detected SSH service.
10.120.120.209 163
10719 - MySQL Server Detection
Synopsis
A database server is listening on the remote port.
Description
The remote host is running MySQL, an open source database server.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3306
Version : 5.0.95
Protocol : 10
Server Status : SERVER_STATUS_AUTOCOMMIT
Server Capabilities :
CLIENT_LONG_FLAG (Get all column flags)
CLIENT_CONNECT_WITH_DB (One can specify db on connect)
CLIENT_COMPRESS (Can use compression protocol)
CLIENT_PROTOCOL_41 (New 4.1 protocol)
CLIENT_TRANSACTIONS (Client knows about transactions)
CLIENT_SECURE_CONNECTION (New 4.1 authentication)
10.120.120.209 164
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Plugin Output
tcp/22
Port 22/tcp was found to be open
10.120.120.209 165
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/25
10.120.120.209 166
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/80
10.120.120.209 167
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/110
10.120.120.209 168
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/111
10.120.120.209 169
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/143
10.120.120.209 170
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443
10.120.120.209 171
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/993
10.120.120.209 172
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/995
10.120.120.209 173
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/3306
10.120.120.209 174
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/4445
10.120.120.209 175
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/4559
10.120.120.209 176
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8009
10.120.120.209 177
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8080
10.120.120.209 178
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8081
10.120.120.209 179
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/10000
10.120.120.209 180
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/20005
10.120.120.209 181
19506 - Nessus Scan Information
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.

- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- Whether credentialed or third-party patch management checks are possible.
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
Information about this scan :
Nessus version : 8.9.1

Plugin feed version : 202003060110
Scanner edition used : Nessus Home
Scan type : Normal
Scan policy used : Advanced Scan
Scanner IP : 10.120.10.48
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
10.120.120.209 182
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : Detected
Allow post-scan editing: Yes
Scan Start Date : 2020/3/6 9:19 SA Pacific Standard Time
Scan duration : 886 sec
10.120.120.209 183
10884 - Network Time Protocol (NTP) Server Detection
Synopsis
An NTP server is listening on the remote host.
Description
An NTP server is listening on port 123. If not securely configured, it may provide information about its version,
current date, current time, and possibly system information.
See Also
http://www.ntp.org
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/123
An NTP service has been discovered, listening on port 123.
No sensitive information has been disclosed.
Version : unknown
10.120.120.209 184
110723 - No Credentials Provided
Synopsis
Nessus was able to find common ports used for local checks, however, no credentials were provided in the scan
policy.
Description
Nessus was unable to execute credentialed checks because no credentials were provided.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
SSH was detected on port 22 but no credentials were provided.

SSH local checks were not enabled.
10.120.120.209 185
11936 - OS Identification
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the
name of the remote operating system in use. It is also possible sometimes to guess the version of the operating
system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
Remote operating system : Linux Kernel 2.6 on CentOS release 5

Confidence level : 95
Method : HTTP
Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to [email protected]. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.
SSH:!:SSH-2.0-OpenSSH_4.3
SIP:FPBX-2.11.0(11.25.0)
NTP:!:unknown
SinFP:
P1:B10113:F0x12:W5840:O0204ffff:M1460:
P2:B10113:F0x12:W5792:O0204ffff0402080affffffff4445414401030307:M1460:
P3:B00000:F0x00:W0:O0:M0
P4:80901_7_p=443R
SMTP:!:220 voip.callcenter.local ESMTP Postfix
SSLcert:!:i/CN:*i/O:Webmin Webserver on voipcalls/CN:*s/O:Webmin Webserver on voipcall
a0666da8c0b003e4b84db4be0833d59e2eea1fda
i/CN:localhost.localdomaini/O:SomeOrganizationi/OU:SomeOrganizationalUnits/
CN:localhost.localdomains/O:SomeOrganizations/OU:SomeOrganizationalUnit
88181870eb1a2c92994db9d0855e7a04997b3d11
10.120.120.209 186
The remote host is running Linux Kernel 2.6 on CentOS release 5
10.120.120.209 187
10919 - Open Port Re-check
Synopsis
Previously open ports are now closed.
Description
One of several ports that were previously open are now closed or unresponsive.
There are several possible reasons for this :
- The scan may have caused a service to freeze or stop running.
- An administrator may have stopped a particular service during the scanning process.
This might be an availability problem related to the following :
- A network outage has been experienced during the scan, and the remote network cannot be reached anymore
by the scanner.
- This scanner may has been blacklisted by the system administrator or by an automatic intrusion detection /
prevention system that detected the scan.
- The remote host is now down, either because a user turned it off during the scan or because a select denial of
service was effective.
In any case, the audit of the remote host might be incomplete and may need to be done again.
Solution
- Increase checks_read_timeout and/or reduce max_checks.
- Disable any IPS during the Nessus scan
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
Port 10000 was detected as being open but is now unresponsive

10.120.120.209 188
10.120.120.209 189
48243 - PHP Version Detection
Synopsis
It was possible to obtain the version number of the remote PHP installation.
Description
Nessus was able to determine the version of PHP available on the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443
Nessus was able to identify the following PHP version information :
Version : 5.1.6
Source : X-Powered-By: PHP/5.1.6
10.120.120.209 190
10185 - POP Server Detection
Synopsis
A POP server is listening on the remote port.
Description
The remote host is running a server that understands the Post Office Protocol (POP), used by email clients to
retrieve messages from a server, possibly across a network link.
See Also
https://en.wikipedia.org/wiki/Post_Office_Protocol
Solution
Disable this service if you do not use it.
Risk Factor
None
Plugin Information
Plugin Output
tcp/110
Remote POP server banner :
+OK example.com Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-16.el5_11 server ready

<[email protected]>
10.120.120.209 191
10185 - POP Server Detection
Synopsis
A POP server is listening on the remote port.
Description
The remote host is running a server that understands the Post Office Protocol (POP), used by email clients to
retrieve messages from a server, possibly across a network link.
See Also
https://en.wikipedia.org/wiki/Post_Office_Protocol
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/995
Remote POP server banner :
+OK example.com Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-16.el5_11 server ready

<[email protected]>
10.120.120.209 192
42087 - POP3 Service STLS Command Support
Synopsis
The remote mail service supports encrypting traffic.
Description
The remote POP3 service supports the use of the 'STLS' command to switch from a cleartext to an encrypted
communications channel.
See Also
https://en.wikipedia.org/wiki/STARTTLS
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/110
Here is the POP3 server's SSL certificate that Nessus was able to
collect after sending a 'STLS' command :
------------------------------ snip ------------------------------

Subject Name:
Country: --
Locality: SomeCity
Issuer Name:
Country: --
Locality: SomeCity
10.120.120.209 193
Serial Number: 00
Version: 3

Public Key Info:

61 B7 37 BF 83 5F B2 A9 02 37 60 92 F0 E3 F7 BC E9 D2 14 80
FE CD 8F 8D 66 C5 68 B8 09 26 BE 4A 93 61 8C A8 05 83 88 97
7F C1 97 01 5B E9 F0 40 5F 98 AB 4C 49 10 75 81 00 01 86 5F
3B 25 28 C5 45 A3 95 A9 14 77 E5 FE EA 3B E3 86 7F
Exponent: 01 00 01

9E 94 C5 84 11 F6 B3 CB D7 5B 94 48 68 F9 36 34 31 D5 35 DF
9C 5E D4 70 03 79 31 BB D2 A6 E9 D9 F [...]
10.120.120.209 194
66334 - Patch Report
Synopsis
The remote host is missing several patches.
Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to
install to make sure the remote host is up-to-date.
Solution
Install the patches listed below.
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
. You need to take the following action :
[ PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution (58988) ]
+ Action to take : Upgrade to PHP version 5.3.12 / 5.4.2 or later. A 'mod_rewrite' workaround is
available as well.
+Impact : Taking this action will resolve 110 different vulnerabilities (CVEs).
10.120.120.209 195
11111 - RPC Services Enumeration
Synopsis
An ONC RPC service is running on the remote host.
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running
on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC
request to the remote port.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/111
The following RPC services are available on TCP port 111 :
- program: 100000 (portmapper), version: 2
10.120.120.209 196
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/111
The following RPC services are available on UDP port 111 :
- program: 100000 (portmapper), version: 2
10.120.120.209 197
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/888
The following RPC services are available on UDP port 888 :
- program: 100024 (status), version: 1
10.120.120.209 198
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/891
The following RPC services are available on TCP port 891 :
- program: 100024 (status), version: 1
10.120.120.209 199
53335 - RPC portmapper (TCP)
Synopsis
An ONC RPC portmapper is running on the remote host.
Description
The RPC portmapper is running on this port.
The portmapper allows someone to get the port number of each RPC service running on the remote host by
sending either multiple lookup requests or a DUMP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/111
10.120.120.209 200
10223 - RPC portmapper Service Detection
Synopsis
An ONC RPC portmapper is running on the remote host.
Description
The RPC portmapper is running on this port.
The portmapper allows someone to get the port number of each RPC service running on the remote host by
sending either multiple lookup requests or a DUMP request.
Solution
n/a
Risk Factor
None
0.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
CVSS Base Score
0.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:N)
References
CVE CVE-1999-0632
Plugin Information
Plugin Output
udp/111
10.120.120.209 201
10263 - SMTP Server Detection
Synopsis
An SMTP server is listening on the remote port.
Description
The remote host is running a mail (SMTP) server on this port.
Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it.
Solution
Disable this service if you do not use it, or filter incoming traffic to this port.
Risk Factor
None
Plugin Information
Plugin Output
tcp/25
Remote SMTP server banner :
220 voip.callcenter.local ESMTP Postfix
10.120.120.209 202
70657 - SSH Algorithms and Languages Supported
Synopsis
An SSH server is listening on this port.
Description
This script detects which algorithms and languages are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22
Nessus negotiated the following encryption algorithm with the server :
The server supports the following options for kex_algorithms :
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
The server supports the following options for server_host_key_algorithms :
ssh-dss
ssh-rsa
The server supports the following options for encryption_algorithms_client_to_server :
3des-cbc
aes128-cbc
aes128-ctr
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
[email protected]
10.120.120.209 203
The server supports the following options for encryption_algorithms_server_to_client :
3des-cbc
aes128-cbc
aes128-ctr
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
[email protected]
The server supports the following options for mac_algorithms_client_to_server :
hmac-md5
hmac-md5-96
hmac-ripemd160
[email protected]
hmac-sha1
hmac-sha1-96
The server supports the following options for mac_algorithms_server_to_client :
hmac-md5
hmac-md5-96
hmac-ripemd160
[email protected]
hmac-sha1
hmac-sha1-96
The server supports the following options for compression_algorithms_client_to_server :
none
[email protected]
The server supports the following options for compression_algorithms_server_to_client :
none
[email protected]
10.120.120.209 204
10881 - SSH Protocol Versions Supported
Synopsis
A SSH server is running on the remote host.
Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22
The remote SSH daemon supports the following versions of the

SSH protocol :
- 1.99
- 2.0
10.120.120.209 205
10267 - SSH Server Type and Version Information
Synopsis
An SSH server is listening on this port.
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22
SSH version : SSH-2.0-OpenSSH_4.3

SSH supported authentication : publickey,gssapi-with-mic,password
10.120.120.209 206
56984 - SSL / TLS Versions Supported
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/110
This port supports TLSv1.0.
10.120.120.209 207
Synopsis
Description
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443
This port supports SSLv3/TLSv1.0.
10.120.120.209 208
Synopsis
Description
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/993
10.120.120.209 209
Synopsis
Description
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/995
10.120.120.209 210
10863 - SSL Certificate Information
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/110
Subject Name:
Country: --
Locality: SomeCity
Issuer Name:
Country: --
Locality: SomeCity
Serial Number: 00
Version: 3

Public Key Info:
10.120.120.209 211
61 B7 37 BF 83 5F B2 A9 02 37 60 92 F0 E3 F7 BC E9 D2 14 80
FE CD 8F 8D 66 C5 68 B8 09 26 BE 4A 93 61 8C A8 05 83 88 97
7F C1 97 01 5B E9 F0 40 5F 98 AB 4C 49 10 75 81 00 01 86 5F
3B 25 28 C5 45 A3 95 A9 14 77 E5 FE EA 3B E3 86 7F
Exponent: 01 00 01

9E 94 C5 84 11 F6 B3 CB D7 5B 94 48 68 F9 36 34 31 D5 35 DF
9C 5E D4 70 03 79 31 BB D2 A6 E9 D9 FF 5C 73 6A 54 42 03 78
78 10 C2 66 78 83 FB 51 8E 0D 77 04 6E 91 0F A2 1B DA 8B E2
F2 3C 47 87 32 45 4D 63 10 75 72 D6 BA 5A 22 18 C8 00 77 4B
[...]
10.120.120.209 212
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/143
Subject Name:
Country: --
Locality: SomeCity
Issuer Name:
Country: --
Locality: SomeCity
Serial Number: 00
Version: 3

Public Key Info:
10.120.120.209 213
61 B7 37 BF 83 5F B2 A9 02 37 60 92 F0 E3 F7 BC E9 D2 14 80
FE CD 8F 8D 66 C5 68 B8 09 26 BE 4A 93 61 8C A8 05 83 88 97
7F C1 97 01 5B E9 F0 40 5F 98 AB 4C 49 10 75 81 00 01 86 5F
3B 25 28 C5 45 A3 95 A9 14 77 E5 FE EA 3B E3 86 7F
Exponent: 01 00 01

9E 94 C5 84 11 F6 B3 CB D7 5B 94 48 68 F9 36 34 31 D5 35 DF
9C 5E D4 70 03 79 31 BB D2 A6 E9 D9 FF 5C 73 6A 54 42 03 78
78 10 C2 66 78 83 FB 51 8E 0D 77 04 6E 91 0F A2 1B DA 8B E2
F2 3C 47 87 32 45 4D 63 10 75 72 D6 BA 5A 22 18 C8 00 77 4B
[...]
10.120.120.209 214
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443
Subject Name:
Country: --
Locality: SomeCity
Issuer Name:
Country: --
Locality: SomeCity
Serial Number: 55 F8
Version: 3

Public Key Info:
10.120.120.209 215
Public Key: 00 D8 81 FC B6 87 CE AC 33 ED 89 DC B6 D0 64 28 78 D0 D6 F4
16 6C 54 71 13 6F 8B 02 A4 28 65 5A 2A 1A 3B 9E EF 47 4A 38
C3 8E DA A0 21 57 46 BD 43 49 A0 83 FE F5 DC AB 9E C6 16 AE
88 8F 9F 0A C3 E1 95 81 29 B2 53 7B 8E B9 76 50 B2 99 EB 09
56 DE 67 CC 62 7D F3 18 41 F6 A0 3D 34 D5 A7 38 92 1A 0C 6F
42 C9 90 9A 93 A8 C7 84 84 EB F8 73 26 AA AD A2 51 35 73 12
0E BE FA 41 07 C0 99 21 87
Exponent: 01 00 01

Signature: 00 81 61 58 D1 9E C6 38 1B D1 75 42 07 B5 D4 9B 90 6C C1 25
72 47 71 B8 D1 09 F5 9D 21 03 5B 85 6D 60 A8 2C 6A 69 99 77
56 68 1C 68 3C D3 35 D0 40 8C 29 5E 67 D0 75 B3 21 DF 81 6B
AD 46 AB FC 1C 69 11 96 41 AE A3 C2 A3 2A 13 BF 43 D8 40 BD
6D A7 81 68 79 61 CC 9B A7 AF B1 33 D2 EF 16 6A DF FE 2C EB
8D B0 93 EC DD D1 CB 4C FB E9 8C 47 C7 0C 21 E4 CF 24 F7 2C
D6 B1 43 9C 13 A1 14 9B D8
Extension: Subject Key Identifier (2.5.29.14)

Critical: 0
Subject Key Identifier: 4F 10 91 1C 34 AD 1B 66 AF FD 70 BF CA E5 8A 69 2A 80 BD F5
Extension: Authority Key Identifier (2.5.29.35)

Critical: 0
Key Identifier: 4F 10 91 1C 34 AD 1B 66 AF FD 70 BF CA E5 8A 69 2A 80 BD F5
Country: --
Locality: SomeCity
Organization: So [...]
10.120.120.209 216
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/993
Subject Name:
Country: --
Locality: SomeCity
Issuer Name:
Country: --
Locality: SomeCity
Serial Number: 00
Version: 3

Public Key Info:
10.120.120.209 217
61 B7 37 BF 83 5F B2 A9 02 37 60 92 F0 E3 F7 BC E9 D2 14 80
FE CD 8F 8D 66 C5 68 B8 09 26 BE 4A 93 61 8C A8 05 83 88 97
7F C1 97 01 5B E9 F0 40 5F 98 AB 4C 49 10 75 81 00 01 86 5F
3B 25 28 C5 45 A3 95 A9 14 77 E5 FE EA 3B E3 86 7F
Exponent: 01 00 01

9E 94 C5 84 11 F6 B3 CB D7 5B 94 48 68 F9 36 34 31 D5 35 DF
9C 5E D4 70 03 79 31 BB D2 A6 E9 D9 FF 5C 73 6A 54 42 03 78
78 10 C2 66 78 83 FB 51 8E 0D 77 04 6E 91 0F A2 1B DA 8B E2
F2 3C 47 87 32 45 4D 63 10 75 72 D6 BA 5A 22 18 C8 00 77 4B
[...]
10.120.120.209 218
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/995
Subject Name:
Country: --
Locality: SomeCity
Issuer Name:
Country: --
Locality: SomeCity
Serial Number: 00
Version: 3

Public Key Info:
10.120.120.209 219
61 B7 37 BF 83 5F B2 A9 02 37 60 92 F0 E3 F7 BC E9 D2 14 80
FE CD 8F 8D 66 C5 68 B8 09 26 BE 4A 93 61 8C A8 05 83 88 97
7F C1 97 01 5B E9 F0 40 5F 98 AB 4C 49 10 75 81 00 01 86 5F
3B 25 28 C5 45 A3 95 A9 14 77 E5 FE EA 3B E3 86 7F
Exponent: 01 00 01

9E 94 C5 84 11 F6 B3 CB D7 5B 94 48 68 F9 36 34 31 D5 35 DF
9C 5E D4 70 03 79 31 BB D2 A6 E9 D9 FF 5C 73 6A 54 42 03 78
78 10 C2 66 78 83 FB 51 8E 0D 77 04 6E 91 0F A2 1B DA 8B E2
F2 3C 47 87 32 45 4D 63 10 75 72 D6 BA 5A 22 18 C8 00 77 4B
[...]
10.120.120.209 220
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/10000
Subject Name:
Organization: Webmin Webserver on voipcall

Common Name: *
Email Address: root@voipcall
Issuer Name:
Organization: Webmin Webserver on voipcall

Common Name: *
Email Address: root@voipcall
Serial Number: 00 D4 53 E8 42 43 95 3C 3F
Version: 3

Public Key Info:

Public Key: 00 BD 88 76 EA 84 5B 25 53 81 22 A8 59 CF AF AE E1 4D 76 1E
13 F7 48 4B 2B 6B A3 5E 04 9A 40 0A BD 1E F5 90 C8 52 FA DA
52 66 86 81 50 5C EA A7 F6 AE 8D DD 24 E2 0B 92 11 0B A5 8B
09 B4 20 4B B3 91 56 37 D7 7D C2 E2 10 FC FE B0 1D 97 16 8D
73 91 05 F4 FE 66 05 37 BE A2 07 F9 5C DE D6 50 AC AD D6 BF
54 61 86 20 D6 37 21 5A D2 6E 36 69 F1 54 29 9C 33 27 06 B4
41 BB 54 9D F3 11 7D 59 D4 A3 76 31 A9 88 F8 4B A1 22 EC 3C
10.120.120.209 221
63 A7 21 55 62 22 4E E8 17 06 F4 69 BD 95 C5 B5 BC 05 F9 00
52 B8 BA 62 66 56 B3 91 18 70 41 DB 15 C5 AD 4B 4F 4E 6F 73
4B A7 71 54 0F 68 8B 8C 77 4A DD 5C 52 E1 41 5C 1F 8F 64 89
37 F1 F2 A4 AD 14 F8 93 7B 63 CB DE 54 0F 27 78 F1 C4 E9 AD
76 16 D0 D9 3A 38 4B A0 FB 25 CE E3 38 77 28 32 24 D8 4A 7A
96 F6 A0 4F 8E 8D 5D FA A4 05 DE F9 AB 66 18 98 B9
Exponent: 01 00 01

Signature: 00 AB 8D 0B 35 9C 87 12 11 1A 1B 01 DB CB 79 6A BC 7B FB 07
3A 47 93 2A DB 5C 12 52 B9 40 2D CF D1 91 E0 98 43 16 D1 B1
63 3E 5E E5 E8 0F 2F D5 4C 05 2D 47 5F 84 53 F9 61 E4 7B A0
E4 4F A1 61 53 07 B4 18 87 27 D8 7A 33 3D 13 CE AA 65 1D 3D
AD CE CE D8 06 DE E9 FA 6C 1E 27 BC 1A 34 C9 F9 51 4C 48 FA
10 3F AD 75 6C E0 D9 11 EE 5D E4 DD AC 6A 99 0F 58 41 93 8D
9A 2E F2 C1 69 4E 2D 5D 8A 49 AB ED C8 F1 2A 83 4E 57 97 74
57 26 0D 81 CF 7E EA 3A 1B 64 C1 9C 2C A9 8B 43 22 6B EF 00
[...]
10.120.120.209 222
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with
subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These
cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak
information if used improperly.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
http://www.nessus.org/u?cc4a822a
https://www.openssl.org/~bodo/tls-cbc.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/110
Here is the list of SSL CBC ciphers supported by the remote server :

export
export
10.120.120.209 223
Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 224
Synopsis
subsequent ones.
Description
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443



10.120.120.209 225
Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 226
Synopsis
subsequent ones.
Description
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/993

export
export
10.120.120.209 227
Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 228
Synopsis
subsequent ones.
Description
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/995

export
export
10.120.120.209 229
Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 230
21643 - SSL Cipher Suites Supported
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
http://www.nessus.org/u?3a040ada
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/110
Here is the list of SSL ciphers supported by the remote server :

Each group is reported per SSL Version.
SSL Version : TLSv1


export
export
export

10.120.120.209 231
Kx={key exchange}
Au={authentication}
{export flag}
Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.
10.120.120.209 232
Synopsis
Description
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443

SSL Version : TLSv1




10.120.120.209 233
SSL Version : SSLv3



AES128-SHA Kx=RSA Au [...]
10.120.120.209 234
Synopsis
Description
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/993

SSL Version : TLSv1


export
export
export

10.120.120.209 235
SSL Version : SSLv3


export
export
export

AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) [...]
10.120.120.209 236
Synopsis
Description
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/995

SSL Version : TLSv1


export
export
export

10.120.120.209 237
SSL Version : SSLv3


export
export
export

AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) [...]
10.120.120.209 238
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443
Here is the list of SSL PFS ciphers supported by the remote server :

10.120.120.209 239
Kx={key exchange}
Au={authentication}
{export flag}
10.120.120.209 240
94761 - SSL Root Certification Authority Certificate Information
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority
certificate at the top of the chain.
See Also
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc778623(v=ws.10)
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use
and security policies.
Risk Factor
None
Plugin Information
Plugin Output
tcp/110
The following root Certification Authority certificate was found :
|-Valid To : Oct 18 14:51:55 2019 GMT
10.120.120.209 241
Synopsis
Description
See Also
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/143
|-Valid To : Oct 18 14:51:55 2019 GMT
10.120.120.209 242
Synopsis
Description
See Also
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443
|-Valid To : Oct 18 14:52:14 2019 GMT
10.120.120.209 243
Synopsis
Description
See Also
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/993
|-Valid To : Oct 18 14:51:55 2019 GMT
10.120.120.209 244
Synopsis
Description
See Also
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/995
|-Valid To : Oct 18 14:51:55 2019 GMT
10.120.120.209 245
Synopsis
Description
See Also
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/10000

|-Issuer : O=Webmin Webserver on voipcall/CN=*/E=root@voipcall
|-Valid To : Oct 17 16:17:13 2023 GMT
10.120.120.209 246
35297 - SSL Service Requests Client Certificate
Synopsis
The remote service requests an SSL client certificate.
Description
The remote service encrypts communications using SSL/TLS, requests a client certificate, and may require a
valid certificate in order to establish a connection to the underlying service.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/110
A TLSv1 server is listening on this port that requests a client certificate.
10.120.120.209 247
35297 - SSL Service Requests Client Certificate
Synopsis
The remote service requests an SSL client certificate.
Description
The remote service encrypts communications using SSL/TLS, requests a client certificate, and may require a
valid certificate in order to establish a connection to the underlying service.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/143
A TLSv1/TLSv11/TLSv12 server is listening on this port that requests a client certificate.
10.120.120.209 248
51891 - SSL Session Resume Supported
Synopsis
The remote host allows resuming SSL sessions.
Description
This script detects whether a host allows resuming SSL sessions by performing a full SSL handshake to receive
a session ID, and then reconnecting with the previously used session ID. If the server accepts the session ID in
the second connection, the server maintains a cache of sessions that can be resumed.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/110
This port supports resuming TLSv1 sessions.
10.120.120.209 249
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443
This port supports resuming SSLv3 / TLSv1 sessions.
10.120.120.209 250
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/993
10.120.120.209 251
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/995
10.120.120.209 252
22964 - Service Detection
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/22
An SSH server is running on this port.
10.120.120.209 253
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/25
An SMTP server is running on this port.
10.120.120.209 254
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80
A web server is running on this port.
10.120.120.209 255
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/110
A POP3 server is running on this port.
10.120.120.209 256
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/143
An IMAP server is running on this port.
10.120.120.209 257
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443
A TLSv1 server answered on this port.
tcp/443
A web server is running on this port through TLSv1.
10.120.120.209 258
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/993
tcp/993
An IMAP server is running on this port through TLSv1.
10.120.120.209 259
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/995
A POP3 server is running on this port through TLSv1.
tcp/995
10.120.120.209 260
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/8080
A web server is running on this port.
10.120.120.209 261
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/10000
tcp/10000
A web server is running on this port through TLSv1.
10.120.120.209 262
11153 - Service Detection (HELP Request)
Synopsis
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it
receives a 'HELP'
request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/3306
A MySQL server is running on this port.
10.120.120.209 263
21642 - Session Initiation Protocol Detection
Synopsis
The remote system is a SIP signaling device.
Description
The remote system is running software that speaks the Session Initiation Protocol (SIP).
SIP is a messaging protocol to initiate communication sessions between systems. It is a protocol used mostly in
IP Telephony networks / systems to setup, control, and teardown sessions between two or more systems.
See Also
https://en.wikipedia.org/wiki/Session_Initiation_Protocol
Solution
If possible, filter incoming connections to the port so that it is used only by trusted sources.
Risk Factor
None
Plugin Information
Plugin Output
udp/5060
The remote service was identified as :
FPBX-2.11.0(11.25.0)
It supports the following options :
INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
10.120.120.209 264
25220 - TCP/IP Timestamps Supported
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the
uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
10.120.120.209 265
11819 - TFTP Daemon Detection
Synopsis
A TFTP server is listening on the remote port.
Description
The remote host is running a TFTP (Trivial File Transfer Protocol) daemon. TFTP is often used by routers and
diskless hosts to retrieve their configuration. It can also be used by worms to propagate.
Solution
Risk Factor
None
Plugin Information
Plugin Output
udp/69
10.120.120.209 266
104743 - TLS Version 1.0 Protocol Detection
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic
design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.1
and 1.2 are designed against these flaws and should be used whenever possible.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and
the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any
known exploits.
Solution
Enable support for TLS 1.1 and 1.2, and disable support for TLS 1.0.
Risk Factor
None
Plugin Information
Plugin Output
tcp/110
TLSv1 is enabled and the server supports at least one cipher.
10.120.120.209 267
Synopsis
Description
known exploits.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443
10.120.120.209 268
Synopsis
Description
known exploits.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/993
10.120.120.209 269
Synopsis
Description
known exploits.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/995
10.120.120.209 270
10287 - Traceroute Information
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
For your information, here is the traceroute from 10.120.10.48 to 10.120.120.209 :

10.120.10.48
10.120.10.254
10.120.120.209
Hop Count: 2
10.120.120.209 271
11154 - Unknown Service Detection: Banner Retrieval
Synopsis
There is an unknown service running on the remote host.
Description
Nessus was unable to identify a service on the remote host even though it returned a banner of some type.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/20005
If you know what this service is and think the banner could be used to
identify it, please send a description of the service along with the
following output to [email protected] :
Port : 20005
Type : get_http
Banner :
0x00: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 <?xml version="1
0x10: 2E 30 22 3F 3E 0A 3C 72 65 73 70 6F 6E 73 65 3E .0"?>.<response>
0x20: 3C 66 61 69 6C 75 72 65 3E 3C 63 6F 64 65 3E 34 <failure><code>4
0x30: 30 30 3C 2F 63 6F 64 65 3E 3C 6D 65 73 73 61 67 00</code><messag
0x40: 65 3E 42 61 64 20 72 65 71 75 65 73 74 3C 2F 6D e>Bad request</m
0x50: 65 73 73 61 67 65 3E 3C 2F 66 61 69 6C 75 72 65 essage></failure
0x60: 3E 3C 2F 72 65 73 70 6F 6E 73 65 3E 0A ></response>.
10.120.120.209 272
20108 - Web Server / Application favicon.ico Vendor Fingerprinting
Synopsis
The remote web server contains a graphic image that is prone to information disclosure.
Description
The 'favicon.ico' file found on the remote web server belongs to a popular web server. This may be used to
fingerprint the web server.
Solution
Remove the 'favicon.ico' file or create a custom one for your site.
Risk Factor
None
Plugin Information
Plugin Output
tcp/8080
MD5 fingerprint : 4644f2d45601037b8423d45e13194c93

Web server : Apache Tomcat or Alfresco Community
10.120.120.209 273
10386 - Web Server No 404 Error Code Check
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent
file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of
security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80
CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 302
rather than 404. The requested URL was :
http://10.120.120.209/tJRaJpLNP3_m.html
10.120.120.209 274
11422 - Web Server Unconfigured - Default Install Page Present
Synopsis
The remote web server is not configured or is improperly configured.
Description
The remote web server uses its default welcome page. Therefore, it's probable that this server is not used at all
or is serving content that is meant to be hidden.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/8080
The default welcome page is from Tomcat.
10.120.120.209 275
10302 - Web Server robots.txt Information Disclosure
Synopsis
The remote web server contains a 'robots.txt' file.
Description
The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting certain
directories in a website for maintenance or indexing purposes. A malicious user may also be able to use the
contents of this file to learn of sensitive documents or directories on the affected site and either retrieve them
directly or target them for other attacks.
See Also
http://www.robotstxt.org/orig.html
Solution
Review the contents of the site's robots.txt file, use Robots META tags instead of entries in the robots.txt file,
and/or adjust the web server's access controls to limit access to sensitive material.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443
Contents of robots.txt :
# This robots.txt file requests that search engines and other

# automated web-agents don't try to index the files in this
# directory (/www/images/).
#
# This file is included in the event that an installation has in-appropriately
# exposed their GUI to the outside internet as it will help to stop
# the indexing of their system.
#
User-agent: *
Disallow: /
10.120.120.209 276
10757 - Webmin Detection
Synopsis
An administration application is running on the remote host.
Description
The remote web server is running Webmin, a web-based interface for system administration for Unix.
See Also
http://www.webmin.com/
Solution
Stop the Webmin service if not needed or ensure access is limited to authorized hosts. See the menu items
'[Webmin Configuration][IP Access Control]' and/or '[Webmin Configuration][Port and Address]'.
Risk Factor
None
Plugin Information
Plugin Output
tcp/10000
URL : https://10.120.120.209:10000/
Source : Server: MiniServ/1.740
Webmin version : 1.740
10.120.120.209 277
Remediations
Suggested Remediations
Taking the following actions across 1 hosts would resolve 65% of the vulnerabilities on the network.
ACTION TO TAKE VULNS HOSTS
PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution: Upgrade to PHP version 5.3.12 / 110 1
5.4.2 or later. A 'mod_rewrite' workaround is available as well.
Suggested Remediations 279

PBX Elastix 2pu361

Uploaded by

Copyright:

Available Formats

PBX Elastix 2pu361

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PBX Elastix 2pu361

Uploaded by

Copyright:

Available Formats

What vulnerabilities were found on the server?

What vulnerabilities were found on the server?

What operating system and software versions are running on the server?

What operating system and software versions are running on the server?

PBX Elastix

Start time: Fri Mar 6 09:19:23 2020

Upgrade to a version of PHP that is currently supported.

CVSS Base Score

Published: 2012/05/04, Modified: 2019/05/21

Source : X-Powered-By: PHP/5.1.6

The operating system running on the remote host is no longer supported.

Upgrade to a version of the Unix operating system that is currently supported.

CVSS v3.0 Base Score

CVSS Base Score

Published: 2008/08/08, Modified: 2020/02/10

CentOS release 5 support ended on 2017-03-31.

For more information, see : http://www.nessus.org/u?b549f616

- Improper initialization of global variables 'page_uid'

Upgrade to PHP version 5.2.8 or later.

CVSS Base Score

CVSS Temporal Score

Published: 2008/12/05, Modified: 2018/11/15

Version source : X-Powered-By: PHP/5.1.6

Upgrade to PHP version 5.2.0 or later.

CVSS Base Score

CVSS Temporal Score

Published: 2008/03/25, Modified: 2018/07/24

Version source : X-Powered-By: PHP/5.1.6

Upgrade to PHP version 5.2.2 or later.

CVSS v3.0 Base Score

CVSS v3.0 Temporal Score

CVSS Temporal Score

Published: 2012/01/11, Modified: 2019/03/27

Version source : X-Powered-By: PHP/5.1.6

Upgrade to PHP version 5.2.1 or later.

CVSS Base Score

CVSS Temporal Score

Published: 2007/04/02, Modified: 2018/07/24

Version source : X-Powered-By: PHP/5.1.6

- An unspecified error occurs in certificate validation inside 'php_openssl_apply_verification_policy'.

- An unspecified input validation vulnerability affects the color index in 'imagecolortransparent()'.

- An unspecified input validation vulnerability affects exif processing.

- 'proc_open()' can bypass 'safe_mode_protected_env_vars'.

Upgrade to PHP version 5.2.11 or later.

CVSS Base Score

CVSS Temporal Score

Published: 2009/09/18, Modified: 2018/07/24

Version source : X-Powered-By: PHP/5.1.6

Upgrade to PHP version 5.2.3 or later.

CVSS v3.0 Base Score

CVSS v3.0 Temporal Score

CVSS Base Score

Published: 2007/06/02, Modified: 2019/03/27

Version source : X-Powered-By: PHP/5.1.6

- A stack-based buffer overflow in FastCGI SAPI.

- An integer overflow in printf().

- A safe_mode bypass in cURL.

- Incomplete handling of multibyte chars inside escapeshellcmd().

- Issues in the bundled PCRE fixed by version 7.6.