Synopsis
The remote host allows resuming SSL sessions.
Description
This script detects whether a host allows resuming SSL sessions by performing a full SSL handshake to receive a session ID, and then reconnecting with the previously used session ID. If the server accepts the session ID in the second connection, the server maintains a cache of sessions that can be resumed.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2011/02/07, Modification date: 2013/10/18
Ports
tcp/443
This port supports resuming TLSv1 / SSLv3 sessions.
58768 - SSL Resume With Different Cipher Issue
Synopsis
The remote host allows resuming SSL sessions with a different cipher than the one originally negotiated.
Description
The SSL implementation on the remote host has been shown to allow a cipher other than the one originally negotiated when resuming a session. An attacker that sees (e.g. by sniffing) the start of an SSL connection may be able to manipulate session cache to cause subsequent resumptions of that session to use a cipher chosen by the attacker.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2012/04/17, Modification date: 2012/04/17
Ports
tcp/443
The server allowed the following session over SSLv3 to be resumed as follows : Session ID : cce215ab87816ab4a49e44f13c0e3758723bb4fb20519bf1d93c5b644c6108b0 Initial Cipher : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Resumed Cipher : SSL3_CK_RSA_RC4_40_MD5 (0x0003)
The server allowed the following session over TLSv1 to be resumed as follows : Session ID : e82e96b09a4c83455e4fb78e0f04fcf61d668c24053c9ebba4f87ea00d15bcbd Initial Cipher : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Resumed Cipher : TLS1_CK_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)
39521 - Backported Security Patch Detection (WWW)
Synopsis
Security patches are backported.
Description
Security patches may have been 'backported' to the remote HTTP server without changing its version number. Banner-based checks have been disabled to avoid false positives.
Note that this test is informational only and does not denote any security problem.
See Also
http://www.nessus.org/u?d636c8c7Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2009/06/25, Modification date: 2013/10/02
Ports
tcp/443
Give Nessus credentials to perform local checks.
631/tcp
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2014/01/23
Ports
tcp/631
Port 631/tcp was found to be open
22964 - Service Detection
Synopsis
The remote service could be identified.
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2007/08/19, Modification date: 2014/04/15
Ports
tcp/631
A web server is running on this port.
43111 - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2009/12/10, Modification date: 2013/05/09
Ports
tcp/631
Based on the response to an OPTIONS request :
- HTTP methods HEAD OPTIONS POST PUT GET are allowed on : /
10107 - HTTP Server Type and Version
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2000/01/04, Modification date: 2014/04/07
Ports
tcp/631
The remote web server type is : CUPS/1.1
735/udp
11111 - RPC Services Enumeration
Synopsis
An ONC RPC service is running on the remote host.
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2002/08/24, Modification date: 2011/05/24
Ports
udp/735
The following RPC services are available on UDP port 735 : - program: 100024 (status), version: 1
738/tcp
11111 - RPC Services Enumeration
Synopsis
An ONC RPC service is running on the remote host.
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
Publication date: 2002/08/24, Modification date: 2011/05/24
Ports
tcp/738
The following RPC services are available on TCP port 738 : - program: 100024 (status), version: 1
3306/tcp
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2014/01/23
Ports
tcp/3306
Port 3306/tcp was found to be open
22964 - Service Detection
Synopsis
The remote service could be identified.
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2007/08/19, Modification date: 2014/04/15
Ports
tcp/3306
192.168.222.59
Scan Information
Start time: Thu May 8 19:08:44 2014 End time: Thu May 8 19:14:32 2014
Host Information
DNS Name: kioptrix3lc.penlab.lan
IP: 192.168.222.59
MAC Address: 00:50:56:9d:0b:07
OS: Linux Kernel 2.6 on Ubuntu 8.04 (hardy)
Results Summary
Critical High Medium Low Info Total
1 0 2 2 24 29
Results Details
0/icmp
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
NoneReferences
CVE CVE-1999-0524 XREF OSVDB:94 XREF CWE:200Plugin Information:
Publication date: 1999/08/01, Modification date: 2012/06/18
Ports
icmp/0
The difference between the local and remote clocks is -7098 seconds.
0/tcp
33850 - Unsupported Unix Operating System
Synopsis
The remote host is running an obsolete operating system.
Description
According to its version, the remote Unix operating system is obsolete and is no longer maintained by its vendor or provider.
Solution
Upgrade to a newer version.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information:
Publication date: 2008/08/08, Modification date: 2014/05/07
Ports
tcp/0
Ubuntu 8.04 support ended on 2011-05-12 (Desktop) / 2013-05-09 (Server). Upgrade to Ubuntu 14.04.
For more information, see : https://wiki.ubuntu.com/Releases
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the FQDN of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2004/02/11, Modification date: 2012/09/28
Ports
tcp/0
192.168.222.59 resolves as kioptrix3lc.penlab.lan.
25220 - TCP/IP Timestamps Supported
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txtSolution
n/aRisk Factor
NonePlugin Information:
Publication date: 2007/05/16, Modification date: 2011/03/20
Ports
tcp/0
20094 - VMware Virtual Machine Detection
The remote host seems to be a VMware virtual machine.
Description
According to the MAC address of its network adapter, the remote host is a VMware virtual machine.
Since it is physically accessible through the network, ensure that its configuration matches your organization's security policy.
Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2005/10/27, Modification date: 2011/03/27
Ports
tcp/0
35716 - Ethernet Card Manufacturer Detection
Synopsis
The manufacturer can be deduced from the Ethernet OUI.
Description
Each ethernet MAC address starts with a 24-bit 'Organizationally Unique Identifier'. These OUI are registered by IEEE.
See Also
http://standards.ieee.org/faqs/OUI.html http://standards.ieee.org/regauth/oui/index.shtmlSolution
n/aRisk Factor
NonePlugin Information:
Publication date: 2009/02/19, Modification date: 2011/03/27
Ports
tcp/0
The following card manufacturers were identified : 00:50:56:9d:0b:07 : VMware, Inc.
18261 - Apache Banner Linux Distribution Disclosure
Synopsis
The name of the Linux distribution running on the remote host was found in the banner of the web server.
Description
This script extracts the banner of the Apache web server and attempts to determine which Linux distribution the remote host is running.
Solution
If you do not wish to display this information, edit httpd.conf and set the directive 'ServerTokens Prod' and restart Apache.
Risk Factor
None
Plugin Information:
Publication date: 2005/05/15, Modification date: 2014/03/17
tcp/0
The linux distribution detected was : - Ubuntu 8.04 (gutsy)
11936 - OS Identification
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...), it is possible to guess the name of the remote operating system in use. It is also sometimes possible to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2003/12/09, Modification date: 2014/02/19
Ports
tcp/0
Remote operating system : Linux Kernel 2.6 on Ubuntu 8.04 (hardy) Confidence Level : 95
Method : SSH
The remote host is running Linux Kernel 2.6 on Ubuntu 8.04 (hardy)
45590 - Common Platform Enumeration (CPE)
Synopsis
It is possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
http://cpe.mitre.org/Solution
n/aRisk Factor
NonePlugin Information:
Publication date: 2010/04/21, Modification date: 2014/04/18
Ports
tcp/0
The remote operating system matched the following CPE : cpe:/o:canonical:ubuntu_linux:8.04
Following application CPE's matched on the remote system : cpe:/a:php:php:5.2.4 -> PHP 5.2.4
cpe:/a:openbsd:openssh:4.7 -> OpenBSD OpenSSH 4.7
cpe:/a:apache:http_server:2.2.8 -> Apache Software Foundation Apache HTTP Server 2.2.8
54615 - Device Type
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2011/05/23, Modification date: 2011/05/23
Ports
tcp/0
Remote device type : general-purpose Confidence level : 95