Report Date: 2014-12-21 Vulnerability Scan Report: Table of Contents Attestation of Compliance Table of Contents Executive Summary Part 1. Scan Information Part 2. Component Compliance Summary Part 3a. Vulnerabilities Noted for Each IP Address Part 3b. Special Notes by IP Address Vulnerability Details 1 2 3 3 3 4 9 11 Part 1. Scan Information Part 2. Scan Inventory (Accessible Systems and Services) 11 Part 3a. Previous Scan Targets (Not Scanned) Part 3b. Discovered Scan Targets (Not Scanned) Part 3c. Load Balancers Part 4. Vulnerabilities & Policy Violations 13 97.74.181.130 (www.seatsmarketplace.com) 14 11 13 13 14 Part 5a. Web Servers 52 Part 5b. SSL Certificate Information Part 6. Disputed Vulnerabilities & Policy Violations 53 ASV Feedback Form Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. 54 55 Copyright 2014 Trustwave, All Rights Reserved Report Date: 2014-12-21 Vulnerability Scan Report: Executive Summary Part 1. Scan Information Scan Customer Company SEATS MARKETPLACE ASV Company Trustwave Scan Compliance Status Fail Date Scan Completed 2014-12-13 Scan Expiration Date N/A Part 2. Component Compliance Summary # Compliance Status 1 Fail Name Type IP Address Source Critical High Medium Low Info www.seatsmarketplace.c om Web Site 97.74.181.130 Domain Name 0 0 5 5 27 Total Findings 0 0 5 5 27 Total PCI Vulnerabilities 0 0 5 0 0 Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 3 Report Date: 2014-12-21 Vulnerability Scan Report: Executive Summary Part 3a. Vulnerabilities Noted for Each IP Address Medium CVSS Score 6.20 Compliance Status Fail SSH Keyboard-Interactive Authentication Username Enumeration, CVE-2007-2243 CVE-2007-2768 CVE-2009-1273 Medium 5.00 Fail 97.74.181.130 (www.seatsmarket place.com) HTTP Server Username Probing, CVE-2001-1013 Medium 5.00 Fail 4 97.74.181.130 (www.seatsmarket place.com) HTTP Server Username Probing, CVE-2001-1013 Medium 5.00 Fail 5 97.74.181.130 (www.seatsmarket place.com) Web Application Transmits Login Credentials Without Encryption Medium 4.60 Fail Note to scan customer: This vulnerability is not recognized in the National Vulnerability Database. 6 97.74.181.130 (www.seatsmarket place.com) OpenSSH Resources Exhaustion Bug via GSSAPI, CVE-20115000 Low 3.50 Pass Note to scan customer: This vulnerability is purely a denial-of-service vulnerability and it is not considered a failing condition under the PCI DSS. 7 97.74.181.130 (www.seatsmarket place.com) OpenSSH CBC Mode Information Disclosure Vulnerability, CVE2008-5161 Low 2.60 Pass # IP Address Vulnerabilities Noted Severity 1 97.74.181.130 (www.seatsmarket place.com) Unencrypted Communication Channel Accessibility 2 97.74.181.130 (www.seatsmarket place.com) 3 Exceptions, False Positives, or Compensating Controls Noted by the ASV for this Vulnerability Note to scan customer: This vulnerability is not recognized in the National Vulnerability Database. Unencrypted communication channels violate Requirement 4 of the PCI DSS and are considered an automatic failing condition. Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 4 Report Date: 2014-12-21 Vulnerability Scan Report: Executive Summary Low CVSS Score 2.60 Compliance Status Pass Exceptions, False Positives, or Compensating Controls Noted by the ASV for this Vulnerability Note to scan customer: This vulnerability is not recognized in the National Vulnerability Database. SSL Weak Encryption Algorithms Low 1.80 Pass Note to scan customer: This vulnerability is not recognized in the National Vulnerability Database. 97.74.181.130 (www.seatsmarket place.com) SSL Anonymous Diffie-Hellman Ciphers Low 1.80 Pass Note to scan customer: This vulnerability is not recognized in the National Vulnerability Database. 11 97.74.181.130 (www.seatsmarket place.com) TCP Timestamp Options Enabled Info 0.00 Pass 12 97.74.181.130 (www.seatsmarket place.com) FTP Server Supports AUTH TLS (STARTTLS) Info 0.00 Pass 13 97.74.181.130 (www.seatsmarket place.com) SSL Certificate Common Name Does Not Validate Info 0.00 Pass 14 97.74.181.130 (www.seatsmarket place.com) SSL Certificate is Self-Signed Info 0.00 Pass 15 97.74.181.130 (www.seatsmarket place.com) SSL Certificate is Not Trusted Info 0.00 Pass 16 97.74.181.130 (www. SSL Perfect Forward Secrecy Supported Info 0.00 Pass # IP Address Vulnerabilities Noted Severity 8 97.74.181.130 (www.seatsmarket place.com) Indexable Web Directories 9 97.74.181.130 (www.seatsmarket place.com) 10 Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 5 Report Date: 2014-12-21 Vulnerability Scan Report: Executive Summary # IP Address 17 seatsmarketplace. com) 97.74.181.130 (www.seatsmarket place.com) Vulnerabilities Noted Severity CVSS Score Compliance Status Exceptions, False Positives, or Compensating Controls Noted by the ASV for this Vulnerability SSLv3 Supported, CVE-20143566 Info 0.00 Pass NVD CVSS Score: 4.30 Note to scan customer: The NVD entry for CVE-2014-3566 specifies a CVSSv2 vector of AV:N/AC:M/Au:N/C:P/I:N/A:N, with a base score of 4.3. Trustwave's assessment of the vulnerability differs since the flaw lies in the way web browsers communicate with this server and not in the server itself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0. 18 97.74.181.130 (www.seatsmarket place.com) Enumerated SSL/TLS Cipher Suites Info 0.00 Pass 19 97.74.181.130 (www.seatsmarket place.com) SSL RC4-based Ciphers Supported, CVE-2013-2566 Info 0.00 Pass 97.74.181.130 (www.seatsmarket place.com) SSL Vulnerable to CBC Attacks, CVE-2011-3389 Info 20 NVD CVSS Score: 2.60 Note to scan customer: The NVD entry for CVE-2013-2566 specifies a CVSSv2 vector of AV:N/AC:H/Au:N/C:P/I:N/A:N, with a base score of 2.6. Trustwave's assessment of the vulnerability differs since the flaw lies in the way web browsers communicate with this server and not in the server itself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0. 0.00 Pass NVD CVSS Score: 4.30 Note to scan customer: The NVD entry for CVE-2011-3389 specifies a CVSSv2 vector of AV:N/AC:M/Au:N/C:P/I:N/A:N, with a base score of 4.3. Trustwave's assessment of the vulnerability differs since the flaw lies in the way web browsers communicate with this server and not in the server itself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC: Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 6 Report Date: 2014-12-21 Vulnerability Scan Report: Executive Summary # IP Address Vulnerabilities Noted Severity CVSS Score Compliance Status 21 97.74.181.130 (www.seatsmarket place.com) Enumerated Applications Info 0.00 Pass 22 97.74.181.130 (www.seatsmarket place.com) SSHv2 Cipher Enumeration Info 0.00 Pass 23 97.74.181.130 (www.seatsmarket place.com) Enumerated Applications Info 0.00 Pass 24 97.74.181.130 (www.seatsmarket place.com) TCP Timestamp Options Enabled Info 0.00 Pass 25 97.74.181.130 (www.seatsmarket place.com) Enumerated Applications Info 0.00 Pass 26 97.74.181.130 (www.seatsmarket place.com) No X-FRAME-OPTIONS Header Info 0.00 Pass 27 97.74.181.130 (www.seatsmarket place.com) Discovered Web Directories Info 0.00 Pass 28 97.74.181.130 (www.seatsmarket place.com) Discovered HTTP Methods Info 0.00 Pass Exceptions, False Positives, or Compensating Controls Noted by the ASV for this Vulnerability L/Au:N/C:N/I:N/A:N, with a base score of 0.0. Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 7 Report Date: 2014-12-21 Vulnerability Scan Report: Executive Summary Info CVSS Score 0.00 Compliance Status Pass Enumerated SSL/TLS Cipher Suites Info 0.00 Pass 97.74.181.130 (www.seatsmarket place.com) SSL RC4-based Ciphers Supported, CVE-2013-2566 Info 0.00 Pass 97.74.181.130 (www.seatsmarket place.com) SSL Vulnerable to CBC Attacks, CVE-2011-3389 Info 33 97.74.181.130 (www.seatsmarket place.com) Enumerated Applications Info 0.00 Pass 34 97.74.181.130 (www. No X-FRAME-OPTIONS Header Info 0.00 Pass # IP Address Vulnerabilities Noted Severity 29 97.74.181.130 (www.seatsmarket place.com) Protected Web Page 30 97.74.181.130 (www.seatsmarket place.com) 31 32 Exceptions, False Positives, or Compensating Controls Noted by the ASV for this Vulnerability NVD CVSS Score: 2.60 Note to scan customer: The NVD entry for CVE-2013-2566 specifies a CVSSv2 vector of AV:N/AC:H/Au:N/C:P/I:N/A:N, with a base score of 2.6. Trustwave's assessment of the vulnerability differs since the flaw lies in the way web browsers communicate with this server and not in the server itself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0. 0.00 Pass NVD CVSS Score: 4.30 Note to scan customer: The NVD entry for CVE-2011-3389 specifies a CVSSv2 vector of AV:N/AC:M/Au:N/C:P/I:N/A:N, with a base score of 4.3. Trustwave's assessment of the vulnerability differs since the flaw lies in the way web browsers communicate with this server and not in the server itself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0. Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 8 Report Date: 2014-12-21 Vulnerability Scan Report: Executive Summary # IP Address Vulnerabilities Noted Severity CVSS Score Compliance Status 35 seatsmarketplace. com) 97.74.181.130 (www.seatsmarket place.com) Robots.txt Info 0.00 Pass 36 97.74.181.130 (www.seatsmarket place.com) Enumerated Hostnames Info 0.00 Pass 37 97.74.181.130 (www.seatsmarket place.com) Remote Access Service Detected Info 0.00 Pass Exceptions, False Positives, or Compensating Controls Noted by the ASV for this Vulnerability Note to scan customer: This vulnerability is not recognized in the National Vulnerability Database. Consolidated Solution/Correction Plan for the above IP Address: • Configure the HTTP service(s) running on this host to adhere to information security best practices. • Ensure that all applications and services running on this host are configured to appropriately restrict access to sensitive information. This includes account information and configuration settings. • Configure the SSH service(s) running on this host to adhere to information security best practices. • Configure the SSL service(s) running on this host to adhere to information security best practices. • Configure the service(s) running on this host to use encrypted communication channels. • Upgrade and/or install security updates for OpenSSH. • Ensure that any web applications running on this host properly validate and transmit user input in a secure manner. Part 3b. Special Notes by IP Address # IP Address Note Item Noted (remote access software, POS software, etc.) Scan customer's declaration that software is implemented securely (see next column if not implemented securely) Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Scan customer's description of actions taken to either: 1) remove the software or 2) implement security controls to secure the software Copyright 2014 Trustwave, All Rights Reserved Page 9 Report Date: 2014-12-21 Vulnerability Scan Report: Executive Summary # IP Address Note 1 97.74.181.130 (www.seatsmarke tplace.com) Remote Access Detected 97.74.181.130 (www.seatsmarke tplace.com) Directory Browsing Enabled 2 Note to scan customer: Due to increased risk to the cardholder data environment when remote access software is present, please 1) justify the business need for this software to the ASV and 2) confirm it is either implemented securely per Appendix C or disabled/ removed. Please consult your ASV if you have questions about this Special Note. Note to scan customer: Browsing of directories on web servers can lead to information disclosure or potential exploit. Due to increased risk to the cardholder data environment, please 1) justify the business need for this configuration to the ASV, or 2) confirm that it is disabled. Please consult your ASV if you have questions about this Special Note. Item Noted (remote access software, POS software, etc.) Scan customer's declaration that software is implemented securely (see next column if not implemented securely) Scan customer's description of actions taken to either: 1) remove the software or 2) implement security controls to secure the software tcp/22 ssh (openssh:openss h) tcp/80 http (apache:http_ser ver) Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 10 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details Part 1. Scan Information Scan Customer Company SEATS MARKETPLACE Data Scan Completed 2014-12-13 ASV Company Trustwave Scan Expiration Date N/A Part 2. Scan Inventory (Accessible Systems and Services) The following systems and network services were detected during this scan. This information is provided for your information. Please refer to "Part 4. Vulnerabilities & Policy Violations" for all PCI compliance-related issues. Reading Your Scan Inventory The vulnerability scan reveals Internet-accessible computers and network services available on your network. The following systems (e.g., computers, servers, routers, etc.) and network services (e.g., Web and mail servers) were discovered during the vulnerability scan. As a general rule, all unnecessary network services should be disabled, and all other services should be protected by a firewall or similar device. Only those services which must be available to the public should be visible from the Internet. • Names - A system may be known by many names. For example, a server that offers Web and mail services may be known as both www.mycompany.com and mail.mycompany.com. This report includes as many names as could be identified, including public domain names, Windows domain/workgroups, Windows name, and the "real" name assigned in your DNS server. • Ping - One technique TrustKeeper uses is to try to "ping" systems in your network. It is generally considered to be good practice to block inbound pings as it can give attackers information about your network. However, this decision may be affected by network monitoring needs and other considerations. • Service Information - A large number of services (e.g., TCP and UDP ports) are probed during the scan. Any that appear to be active on the device are listed in the table. You should review this list to ensure that only those services you intend to offer to the public are accessible. All other internal services should be protected by your firewall or similar device. Service Information # Device Names OS Ping Port 1 97.74.181.130 (www.seatsmarket place.com) ip-97-74-181130.ip.secureserver.net FreeBSD FreeBSD 2.6 Protocol Application Detail true Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 11 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details Service Information # Device Names OS Ping Port Protocol Application Detail tcp/21 ftp pureftpd:pure-ftpd 220---------Welcome to PureFTPd [privsep] [TLS] ---------\x0d\x0a220-You are user number 14 of 500 allowed.\x0d\x0a22 0-Local time is now 07:42. Server port: 21.\x0d\x0a220This is a private system - No anonymous login\x0d\x0a220 You will be disconnected after 3 minutes of inactivity. tcp/22 ssh openssh:openssh OpenSSH_5.1 tcp/80 http apache:http_serv er Apache tcp/443 http apache:http_serv er Apache All other scanned ports were filtered. Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 12 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details Part 3a. Previous Scan Targets (Not Scanned) The following locations were removed from your scan setup at your request and have not been included in this scan. You confirmed that these locations or domain names do not store, process, or transmit cardholder data and therefore not required to be scanned for PCI DSS compliance. # Name Type IP Address Date Removed No such scan locations have been removed by this customer. Part 3b. Discovered Scan Targets (Not Scanned) The following systems were discovered to be related to your network during this scan. TrustKeeper only scans those systems which are explicitly identified by you; however, the following systems were identified using reconnaissance techniques based on the information you provided. While not scanned for this assessment, you should be aware that an attacker could identify the same information. Please review this information and update your TrustKeeper Scan Setup if any of the following systems are relevant to the assessment being performed. In many cases, some of these systems will not be relevant to the assessment. Common examples include domain name servers (DNS) and mail servers maintained by your ISP. The scanner may also identify internal systems that are not directly accessible from the Internet. # IP Address Domain Name Comments 1 68.178.213.37 mailstore1.secureserver.net Discovered hosts using second-level domain name(s): seatsmarketplace.com 2 72.167.238.29 smtp.secureserver.net Discovered hosts using second-level domain name(s): seatsmarketplace.com 3 208.109.255.50 pdns02.domaincontrol.com Discovered hosts using second-level domain name(s): seatsmarketplace.com 4 216.69.185.50 pdns01.domaincontrol.com Discovered hosts using second-level domain name(s): seatsmarketplace.com Part 3c. Load Balancers If you are using load balancers for your web sites to spread the web traffic across multiple servers, it is your responsibility to ensure that the configuration of the environment behind your load balancers is synchronized, or to ensure that the environment is scanned as part of the internal vulnerability scans required by PCI DSS. Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 13 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details Part 4. Vulnerabilities & Policy Violations The following issues were identified during this scan. Please review all items and address all that items that affect compliance or the security of your system. In the tables below you can find the following information about each TrustKeeper finding. • CVE Number - The Common Vulnerabilities and Exposure number(s) for the detected vulnerability - an industry standard for cataloging vulnerabilities. A comprehensive list of CVEs can be found at nvd.nist.gov or cve.mitre.org. • Vulnerability - This describes the name of the finding, which usually includes the name of the application or operating system that is vulnerable. • CVSS Score - The Common Vulnerability Scoring System is an open framework for communicating the characteristics and impacts of IT vulnerabilities. Further information can be found at www.first.org/cvss or nvd.nist.gov/cvss.cfm. • Severity - This identifies the risk of the vulnerability. It is closely associated with the CVSS score. • Compliance Status - Findings that are PCI compliance violations are indicated with a Fail status. In order to pass a vulnerability scan, these findings must be addressed. Most findings with a CVSS score of 4 or more, or a Severity of Medium or higher, will have a Fail status. Some exceptions exist, such as DoS vulnerabilities, which are not included in PCI compliance. • Details - TrustKeeper provides the port on which the vulnerability is detected, details about the vulnerability, links to available patches and other specific guidance on actions you can take to address each vulnerability. For more information on how to read this section and the scoring methodology used, please refer to the appendix. 97.74.181.130 (www.seatsmarketplace.com) # 1 CVE Number Vulnerability Unencrypted Communication Channel Accessibility CVSS Score Severity Compliance Status 6.20 Medium Fail Details Policy Violation Port: tcp/21 The service running on this port appears to make use of a plaintext (unencrypted) communication channel. The PCI DSS forbids the use of such insecure services/protocols. Unencrypted communication channels are vulnerable to the disclosure and/or modification of any data transiting through them (including usernames and passwords), and as such the confidentially and integrity of the data in transit cannot be ensured with any level of certainty. Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 14 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details CVSSv2: Service: AV:A/AC:H/Au:N/C:C/I:C/A:N pureftpd:pure-ftpd Evidence: Details: Unencrypted authentication is allowed prior to TLS negotiation AUTH TLS Supported: true AUTH TLS Required: false Command Sent: USER trustkeeper Response Received: 331 User trustkeeper OK. Password required Remediation: Transition to using more secure alternatives such as SSH instead of Telnet and SFTP in favor of FTP, or consider wrapping less secure services within more secure technologies by utilizing the benefits offered by VPN, SSL/TLS, or IPSec for example. Also, limit access to management protocols/services to specific IP addresses (usually accomplished via a "whitelist") whenever possible. 2 CVE-2007-2243 CVE-2007-2768 CVE-2009-1273 SSH Keyboard-Interactive Authentication Username Enumeration 5.00 Medium Fail Port: tcp/22 The remote host is running the secure-shell (SSH) service, and allows for authentication via the "keyboard-interactive" method. This method passes authentication off to a third party, who will provide a prompt (often "Password:") that is sent back to the SSH client. The remote SSH service varies its response dependent on the username that is provided, making it possible to enumerate usernames on the remote host. This variance is often due to the use of one-time password (OTP) authentication mechanisms such Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 15 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details as S/Key and OPIE, which require a random challenge to be presented to those authenticating. Often in these setups, only those users that are configured to use one-time passwords will be prompted with a random challenge. Thus, it is possible to positively identify those usernames that are configured to use one-time password authentication. A known vulnerability in pam_ssh (CVE-2009-1273) 1.92 and earlier may trigger this finding, as pam_ssh would report a different prompt depending on if the username was valid or not. CVE: NVD: Bugtraq: CVSSv2: Service: CVE-2007-2243, CVE-2007-2768, CVE-2009-1273 CVE-2007-2243, CVE-2007-2768, CVE-2009-1273 23601 AV:N/AC:L/Au:N/C:P/I:N/A:N openssh:openssh Reference: http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html http://www.openssh.com http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/one-timepasswords.html http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5 Evidence: Info: Identified presence of 'root' user account by attempting keyboardinteractive authentication for 'root'. Probe for non-existent user 'trustkeeper25774' gave a response of message type 51, while probe for 'root' gave a response message type of 60. Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 16 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details Remediation: It is recommended that the challenge authentication mechanism be replaced with something that does not reveal the presence of user accounts. Two-factor authentication mechanisms using security tokens, for example, do not require a revealing challenge. Consult your documentation for the affected SSH service for more information on modifying its authentication mechanisms. If pam_ssh is the culprit, then check with your vendor for a patch for CVE-2009-1273. 3 CVE-2001-1013 HTTP Server Username Probing 5.00 Medium Fail Port: tcp/80 The web server running on this host allows attackers to probe for user names via requests for user home pages (e.g., http://host/~username). Many different types of web servers exhibit this behavior, but it is most commonly associated with Apache HTTP Server. CVE: NVD: Bugtraq: CVSSv2: Service: CVE-2001-1013 CVE-2001-1013 3335 AV:N/AC:L/Au:N/C:P/I:N/A:N apache:http_server Evidence: Discovered username: root Discovered path: /~root HTTP status code: 301 Non-existent user path: /~non_existant_user HTTP status code for non-existent user: 302 Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 17 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details Remediation: Configure the HTTP server to specify the same error documents for both 403 (Forbidden) and 404 (Page Not Found) responses. Additionally, if Apache is being used, the UserDir directive should be disabled in the Apache configuration file (httpd.conf). 4 CVE-2001-1013 HTTP Server Username Probing 5.00 Medium Fail Port: tcp/443 The web server running on this host allows attackers to probe for user names via requests for user home pages (e.g., http://host/~username). Many different types of web servers exhibit this behavior, but it is most commonly associated with Apache HTTP Server. CVE: NVD: Bugtraq: CVSSv2: Service: CVE-2001-1013 CVE-2001-1013 3335 AV:N/AC:L/Au:N/C:P/I:N/A:N apache:http_server Evidence: Discovered username: root Discovered path: /~root HTTP status code: 301 Non-existent user path: /~non_existant_user HTTP status code for non-existent user: 404 Remediation: Configure the HTTP server to specify the same error documents Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 18 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details for both 403 (Forbidden) and 404 (Page Not Found) responses. Additionally, if Apache is being used, the UserDir directive should be disabled in the Apache configuration file (httpd.conf). 5 Web Application Transmits Login Credentials Without Encryption 4.60 Medium Fail Port: tcp/80 There is a web application running on this host that transmits login credentials over HTTP, which is a clear-text protocol. As such, if an attacker was able to intercept traffic containing login credentials, it would be trivial to view user account and password information. CVSSv2: Service: AV:A/AC:H/Au:N/C:C/I:N/A:N apache:http_server Evidence: Protected Webpage: http://www.seatsmarketplace.com:80/stats/ Authentication Type: basic Remediation: All web application communications containing sensitive information should be transmitted using SSL/TLS (HTTPS). If re-direction from HTTP to HTTPS is utilized in an attempt to remediate this finding, please ensure that such redirection occurs on the server side of the system (for example via the use of the HTTP "Location" header element) and that redirection is not reliant upon the client (browser) side. 6 CVE-2011-5000 OpenSSH Resources Exhaustion Bug via 3.50 Low Pass Port: tcp/22 Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 19 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability GSSAPI CVSS Score Severity Compliance Status Details The version of OpenSSH running on this host, when gssapi-with-mic authentication is enabled, is prone to a vulnerability which allows remote authenticated users to cause a denial of service (memory consumption) condition by supplying large value to a certain length field. Vulnerabilities which result only in denial of service do not affect PCI compliance; however, they may still be critical to your systems. This finding is based on version information which may not have been updated by previously installed patches (e.g., Red Hat "back ports"). Please submit a "Patched Service" dispute in TrustKeeper if this vulnerability has already been patched. CVE: NVD: CVSSv2: Service: CVE-2011-5000 CVE-2011-5000 AV:N/AC:M/Au:S/C:N/I:N/A:P openssh:openssh Reference: http://site.pi3.com.pl/adv/ssh_1.txt Evidence: Match: '5.1' is greater than or equal to '5.0' Match: '5.1' is less than '5.8' Remediation: This issue was fixed with the release of version 5.8 of OpenSSH. However, it is strongly recommended that the latest stable version with all of the appropriate patches be installed. Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 20 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability 7 CVE-2008-5161 OpenSSH CBC Mode Information Disclosure Vulnerability CVSS Score Severity Compliance Status Details 2.60 Low Pass Port: tcp/22 The detected version of OpenSSH is prone to an information-disclosure vulnerability. Successful exploits could allow attackers to obtain up to four bytes of plaintext data from an encrypted session. Versions prior to OpenSSH 5.2 are reported to be vulnerable as well as various versions of SSH Tectia. This finding is based on version information which may not have been updated by previously installed patches (e.g., Red Hat "back ports"). Please submit a "Patched Service" dispute in TrustKeeper if this vulnerability has already been patched. CVE: NVD: Bugtraq: CVSSv2: Service: CVE-2008-5161 CVE-2008-5161 32319 AV:N/AC:H/Au:N/C:P/I:N/A:N openssh:openssh Evidence: Match: '5.1' is greater than or equal to '4.0' Match: '5.1' is less than or equal to '5.1' Remediation: The Vendor has released updates that address this issue. Upgrade to the most recent current version. 8 Indexable Web Directories 2.60 Low Pass Port: tcp/80 Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 21 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details One or more directories on this web server appear to allow remote users to view the directory structure and potentially navigate to sensitive data. CVSSv2: Service: AV:N/AC:H/Au:N/C:P/I:N/A:N apache:http_server Evidence: URL: URL: http://www.seatsmarketplace.com:80/icons/ http://www.seatsmarketplace.com/icons/?C=N;O=D URL: http://www.seatsmarketplace.com/icons/?C=M;O=A URL: http://www.seatsmarketplace.com/icons/?C=S;O=A URL: http://www.seatsmarketplace.com/icons/?C=D;O=A URL: URL: http://www.seatsmarketplace.com/icons/small/ http://www.seatsmarketplace.com/icons/?C=M;O=D URL: http://www.seatsmarketplace.com/icons/?C=N;O=A URL: http://www.seatsmarketplace.com/icons/?C=S;O=D URL: http://www.seatsmarketplace.com/icons/small/?C=N;O= D http://www.seatsmarketplace.com/icons/?C=D;O=D URL: URL: URL: Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. http://www.seatsmarketplace.com/icons/small/?C=M;O= A http://www.seatsmarketplace.com/icons/small/? Copyright 2014 Trustwave, All Rights Reserved Page 22 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details URL: URL: C=D;O=A http://www.seatsmarketplace.com/icons/small/?C=S;O= A http://www.seatsmarketplace.com/icons/small/?C=N;O= A http://www.seatsmarketplace.com/icons/small/?C=M;O= D http://www.seatsmarketplace.com/icons/small/?C=D;O= D http://www.seatsmarketplace.com/icons/small/?C=S;O= D URL: URL: URL: URL: Remediation: Ensure that directory indexing is not enabled on this web server. 9 SSL Weak Encryption Algorithms 1.80 Low Pass Port: tcp/21 The SSL-based service running on this host appears to support the use of "weak" ciphers, which are those that have key-lengths of less than 128 bits. CVSSv2: Service: AV:A/AC:H/Au:N/C:P/I:N/A:N pureftpd:pure-ftpd Reference: http://www.schneier.com/paper-ssl.pdf Evidence: Cipher Suite: SSLv3 : ADH-AES256-SHA Cipher Suite: SSLv3 : ADH-DES-CBC3-SHA Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 23 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details Cipher Suite: SSLv3 : ADH-AES128-SHA Cipher Suite: SSLv3 : ADH-RC4-MD5 Cipher Suite: TLSv1 : ADH-AES256-SHA Cipher Suite: TLSv1 : ADH-DES-CBC3-SHA Cipher Suite: TLSv1 : ADH-AES128-SHA Cipher Suite: TLSv1 : ADH-RC4-MD5 Remediation: Configure your SSL server to only use higher-grade encryption. OpenSSL servers classify encryption algorithms as HIGH, MEDIUM, LOW, and EXPORT strength. Algorithms classified as HIGH all use 128-bit encryption or higher, as do several that are classified as MEDIUM. The "SSLCipherSuite" configuration item for mod_ssl and Apache2 can be used to control encryption algorithms for web servers that use OpenSSL. Since the definition of HIGH, MEDIUM, LOW, and EXPORT can vary between each version of OpenSSL, it is recommended that the following be used to give the best guarantee for strong encryption: SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL For Windows systems running Internet Information Server (IIS), refer to the following Knowledge Base article for disabling certain cryptographic algorithms and protocols: http://support.microsoft.com/kb/245030. Patches: Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 24 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details http://support.microsoft.com/kb/245030 http://httpd.apache.org/docs/2.2/ssl/ 10 SSL Anonymous DiffieHellman Ciphers 1.80 Low Pass Port: tcp/21 Anonymous Diffie-Hellman ciphers do not authenticate the server during the key exchange. This approach is vulnerable to man-in-the-middle attacks, in which the attacker conducts anonymous Diffie-Hellman exchanges with both parties. CVSSv2: Service: AV:A/AC:H/Au:N/C:P/I:N/A:N pureftpd:pure-ftpd Reference: http://www.schneier.com/paper-ssl.pdf Evidence: Cipher Suite: SSLv3 : ADH-AES256-SHA Cipher Suite: SSLv3 : ADH-DES-CBC3-SHA Cipher Suite: SSLv3 : ADH-AES128-SHA Cipher Suite: SSLv3 : ADH-RC4-MD5 Cipher Suite: TLSv1 : ADH-AES256-SHA Cipher Suite: TLSv1 : ADH-DES-CBC3-SHA Cipher Suite: TLSv1 : ADH-AES128-SHA Cipher Suite: TLSv1 : ADH-RC4-MD5 Remediation: Configure your SSL server to only use higher-grade encryption. OpenSSL servers classify encryption algorithms as HIGH, MEDIUM, LOW and EXPORT strength. Algorithms classified as HIGH all use Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 25 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details 128-bit encryption or higher, as do several that are classified as MEDIUM. The "SSLCipherSuite" configuration item for mod_ssl and Apache2 can be used to control encryption algorithms for web servers that use OpenSSL. Since the definition of HIGH, MEDIUM, LOW, and EXPORT can vary between each version of OpenSSL, it is recommended that the following be used to give the best guarantee for strong encryption: SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL For Windows systems running Internet Information Server (IIS), refer to the following Knowledge Base article for disabling certain cryptographic algorithms and protocols: http://support.microsoft.com/kb/245030. Patches: http://support.microsoft.com/kb/245030 http://httpd.apache.org/docs/2.2/ssl/ 11 TCP Timestamp Options Enabled 0.00 Info Pass Port: tcp/21 The remote service supports TCP Timestamps, which are detailed in RFC1323. This information can potentially be used to discover the uptime of the remote system. CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N pureftpd:pure-ftpd Reference: http://www.ietf.org/rfc/rfc1323.txt Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 26 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details Evidence: Timestamp: 1045232544 Remediation: If you are concerned about the exposure of uptime of your systems, disable support for TCP Timestamps, if possible. This would be vendor specific. 12 FTP Server Supports AUTH TLS (STARTTLS) 0.00 Info Pass Port: tcp/21 The FTP service running on this host supports encryption using the AUTH TLS command. CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N pureftpd:pure-ftpd Reference: http://en.wikipedia.org/wiki/STARTTLS Evidence: Message: 234 AUTH TLS OK. Remediation: No remediation necessary. This is identified for informational purposes. 13 SSL Certificate Common Name Does Not Validate 0.00 Info Pass Port: tcp/21 This SSL certificate has a common name (CN) that does not appear to match the identity of the server. Modern browsers may Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 27 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details present a warning to users who attempt to browse this service as it is currently configured. Note that in some networks in which load balancers are used, it may not be possible for the scanner to perform this test correctly. CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N pureftpd:pure-ftpd Evidence: Subject: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy Software Inc./OU=Hosting/CN=p3nlhftpg008.shr.prod.phx3.secureserver.net Issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy Software Inc./OU=Hosting/CN=p3nlhftpg008.shr.prod.phx3.secureserver.net Certificate Chain Depth: 0 Hostnames provided to scanner: www.seatsmarketplace.com, 97.74.181.130 Subject CN: p3nlhftpg008.shr.prod.phx3.secureserver.net Remediation: Check your certificate to ensure it is installed on the correct service. Verify that you have added the domain name or fully qualified virtual host name of the system to your Network Questionnaire. Additionally, check your DNS servers to ensure that the domain name is properly mapped to the correct IP address. 14 SSL Certificate is SelfSigned 0.00 Info Pass Port: tcp/21 This SSL certificate appears to be issued by a private Certificate Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 28 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details Authority (CA). Users will likely receive a security warning if their client software (e.g., web browser) does not trust the issuer of the certificate. CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N pureftpd:pure-ftpd Evidence: Subject: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy Software Inc./OU=Hosting/CN=p3nlhftpg008.shr.prod.phx3.secureserver.net Issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy Software Inc./OU=Hosting/CN=p3nlhftpg008.shr.prod.phx3.secureserver.net Certificate Chain Depth: 0 Remediation: If this certificate is associated with a service accessible to the general public, you may want to consider acquiring a certificate from a well-known CA. 15 SSL Certificate is Not Trusted 0.00 Info Pass Port: tcp/21 It was not possible to validate the SSL certificate, and thus it could not be trusted. Users may receive a security warning when using this service. This occurs because either the certificate or a certificate in its chain has issues that prevent validation. Some examples of these issues are, but not limited to, a certificate having expired, the hostname does not have match the name on the certificate, or the certificate is not signed by a well-known Certificate Authority (CA). Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 29 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N pureftpd:pure-ftpd Evidence: Subject: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy Software Inc./OU=Hosting/CN=p3nlhftpg008.shr.prod.phx3.secureserver.net Issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy Software Inc./OU=Hosting/CN=p3nlhftpg008.shr.prod.phx3.secureserver.net Certificate Chain Depth: 0 Reason: The hostname on the certificate does not match any of the hostnames provided to the scanner. Reason: The leaf certificate is self-signed but is not trusted. Remediation: If this certificate is associated with a service accessible to the general public, you may want to consider acquiring a certificate from a well-known CA, and that it is not expired. 16 SSL Perfect Forward Secrecy Supported 0.00 Info Pass Port: tcp/21 The server supports Ephemeral Diffie-Hellman ciphers for the SSL/TLS key exchange phase. Using this algorithm enforces Forward Secrecy for secure communications with the server. CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N pureftpd:pure-ftpd Evidence: Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 30 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details Cipher Suite: SSLv3 : DHE-RSA-AES256-SHA Cipher Suite: SSLv3 : ADH-AES256-SHA Cipher Suite: SSLv3 : EDH-RSA-DES-CBC3-SHA Cipher Suite: SSLv3 : ADH-DES-CBC3-SHA Cipher Suite: SSLv3 : DHE-RSA-AES128-SHA Cipher Suite: SSLv3 : ADH-AES128-SHA Cipher Suite: SSLv3 : ADH-RC4-MD5 Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA Cipher Suite: TLSv1 : ADH-AES256-SHA Cipher Suite: TLSv1 : EDH-RSA-DES-CBC3-SHA Cipher Suite: TLSv1 : ADH-DES-CBC3-SHA Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA Cipher Suite: TLSv1 : ADH-AES128-SHA Cipher Suite: TLSv1 : ADH-RC4-MD5 Remediation: No remediation is necessary. 17 CVE-2014-3566 SSLv3 Supported 0.00 Info Pass Port: tcp/21 This server supports a version of SSL vulnerable to a padding-oracle attack. An attack, commonly known as "Padding Oracle On Downgraded Legacy Encryption" ("POODLE"), takes advantage of this vulnerability to gain access to sensitive information. Because SSLv3 CBC padding is not deterministic, an attacker performing a man-in-the-middle attack could be able to retrieve clear-text data by exploiting this flaw. CVE: Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. CVE-2014-3566 Copyright 2014 Trustwave, All Rights Reserved Page 31 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details NVD: CVSSv2: Service: CVE-2014-3566 AV:N/AC:L/Au:N/C:N/I:N/A:N pureftpd:pure-ftpd Reference: https://www.openssl.org/~bodo/ssl-poodle.pdf Evidence: Cipher Suite: SSLv3 : DHE-RSA-AES256-SHA Cipher Suite: SSLv3 : ADH-AES256-SHA Cipher Suite: SSLv3 : AES256-SHA Cipher Suite: SSLv3 : EDH-RSA-DES-CBC3-SHA Cipher Suite: SSLv3 : ADH-DES-CBC3-SHA Cipher Suite: SSLv3 : DES-CBC3-SHA Cipher Suite: SSLv3 : DHE-RSA-AES128-SHA Cipher Suite: SSLv3 : ADH-AES128-SHA Cipher Suite: SSLv3 : AES128-SHA Cipher Suite: SSLv3 : ADH-RC4-MD5 Cipher Suite: SSLv3 : RC4-SHA Cipher Suite: SSLv3 : RC4-MD5 Remediation: The server should be configured to disable SSLv3. Although the latest versions of all major web browsers support newer versions than SSLv3 by default, disabling it may prevent old services from connecting to the server if they only support SSLv3. 18 Enumerated SSL/TLS Cipher Suites 0.00 Info Pass Port: tcp/21 The finding reports the SSL cipher suites for each SSL/TLS service Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 32 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details version provided by the remote service. This finding does not represent a vulnerability, but is only meant to provide visibility into the behavior and configuration of the remote SSL/TLS service. The information provided as part of this finding includes the SSL version (ex: TLSv1) as well as the name of the cipher suite (ex: RC4-SHA). A cipher suite is a set of cryptographic algorithms that provide authentication, encryption, and message authentication code (MAC) as part of an SSL/TLS negotiation and through the lifetime of the SSL session. It is typical that an SSL service would support multiple cipher suites. A cipher suite can be supported by across multiple SSL/TLS versions, so you should be of no concern to see the same cipher name reported for multiple CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N pureftpd:pure-ftpd Reference: http://www.openssl.org/docs/apps/ciphers.html Evidence: Cipher Suite: SSLv3 : DHE-RSA-AES256-SHA Cipher Suite: SSLv3 : ADH-AES256-SHA Cipher Suite: SSLv3 : AES256-SHA Cipher Suite: SSLv3 : EDH-RSA-DES-CBC3-SHA Cipher Suite: SSLv3 : ADH-DES-CBC3-SHA Cipher Suite: SSLv3 : DES-CBC3-SHA Cipher Suite: SSLv3 : DHE-RSA-AES128-SHA Cipher Suite: SSLv3 : ADH-AES128-SHA Cipher Suite: SSLv3 : AES128-SHA Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 33 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details Cipher Suite: SSLv3 : ADH-RC4-MD5 Cipher Suite: SSLv3 : RC4-SHA Cipher Suite: SSLv3 : RC4-MD5 Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA Cipher Suite: TLSv1 : ADH-AES256-SHA Cipher Suite: TLSv1 : AES256-SHA Cipher Suite: TLSv1 : EDH-RSA-DES-CBC3-SHA Cipher Suite: TLSv1 : ADH-DES-CBC3-SHA Cipher Suite: TLSv1 : DES-CBC3-SHA Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA Cipher Suite: TLSv1 : ADH-AES128-SHA Cipher Suite: TLSv1 : AES128-SHA Cipher Suite: TLSv1 : ADH-RC4-MD5 Cipher Suite: TLSv1 : RC4-SHA Cipher Suite: TLSv1 : RC4-MD5 Remediation: No remediation is necessary. 19 CVE-2013-2566 SSL RC4-based Ciphers Supported 0.00 Info Pass Port: tcp/21 An attack is possible when using RC4-based ciphers that takes advantage of single-byte biases within the RC4 algorithm, that could make it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of cipher text in a larger number of sessions (i.e. millions of sessions) that use the same plain text. CVE: NVD: Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. CVE-2013-2566 CVE-2013-2566 Copyright 2014 Trustwave, All Rights Reserved Page 34 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details CVSSv2: Service: AV:N/AC:H/Au:N/C:P/I:N/A:N pureftpd:pure-ftpd Evidence: Cipher Suite: SSLv3 : ADH-RC4-MD5 Cipher Suite: SSLv3 : RC4-SHA Cipher Suite: SSLv3 : RC4-MD5 Cipher Suite: TLSv1 : ADH-RC4-MD5 Cipher Suite: TLSv1 : RC4-SHA Cipher Suite: TLSv1 : RC4-MD5 Remediation: As the attack exploits RC4-based ciphers, SSL may be configured on servers to disable RC4 ciphers. 20 CVE-2011-3389 SSL Vulnerable to CBC Attacks 0.00 Info Pass Port: tcp/21 This server supports a version of SSL vulnerable to a Cipher Block Chaining (CBC) attack. When using a block-based cipher with SSLv2, SSLv3 or TLS v1.0, it is possible to perform a cryptographic attack called a chosen-plaintext attack. An attack, commonly known as "Browser Exploit Against SSL/TLS" ("BEAST") takes advantage of this vulnerability in how the browser sets up SSL/TLS connections (e.g. for HTTPS), and may allow an attacker to decrypt the SSL/TLS connection to gain access to sensitive information. Although, the BEAST attack is the only known exploit, other services not related to web servers (e.g. IMAP) may also be vulnerable to such attack. CVE: NVD: Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. CVE-2011-3389 CVE-2011-3389 Copyright 2014 Trustwave, All Rights Reserved Page 35 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details Bugtraq: CVSSv2: Service: 49778 AV:N/AC:L/Au:N/C:N/I:N/A:N pureftpd:pure-ftpd Reference: http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslciphersuite http://support.microsoft.com/kb/2643584 http://technet.microsoft.com/en-us/security/advisory/2588513 Evidence: Cipher Suite: SSLv3 : DHE-RSA-AES256-SHA Cipher Suite: SSLv3 : ADH-AES256-SHA Cipher Suite: SSLv3 : AES256-SHA Cipher Suite: SSLv3 : EDH-RSA-DES-CBC3-SHA Cipher Suite: SSLv3 : ADH-DES-CBC3-SHA Cipher Suite: SSLv3 : DES-CBC3-SHA Cipher Suite: SSLv3 : DHE-RSA-AES128-SHA Cipher Suite: SSLv3 : ADH-AES128-SHA Cipher Suite: SSLv3 : AES128-SHA Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA Cipher Suite: TLSv1 : ADH-AES256-SHA Cipher Suite: TLSv1 : AES256-SHA Cipher Suite: TLSv1 : EDH-RSA-DES-CBC3-SHA Cipher Suite: TLSv1 : ADH-DES-CBC3-SHA Cipher Suite: TLSv1 : DES-CBC3-SHA Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA Cipher Suite: TLSv1 : ADH-AES128-SHA Cipher Suite: TLSv1 : AES128-SHA Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 36 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details Remediation: The server should be configured to allow only TLS versions 1.1 and 1.2, which are not vulnerable to this CBC attack. Although the latest versions of all major web browsers support TLS 1.1 and 1.2 enabled by default, disabling previous versions may prevent other services than HTTP from connecting to the server if they do not support these versions of TLS. 21 Enumerated Applications 0.00 Info Pass Port: tcp/21 The following applications have been enumerated on this device. CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N pureftpd:pure-ftpd Evidence: CPE: pureftpd:pure-ftpd Version: unknown Remediation: No remediation is required. 22 SSHv2 Cipher Enumeration 0.00 Info Pass Port: tcp/22 Trustkeeper was able to enumerate encryption ciphers available on an SSHv2 server. This is expected functionality of an SSH server and only represents an informational finding. CVSSv2: Service: Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. AV:N/AC:L/Au:N/C:N/I:N/A:N openssh:openssh Copyright 2014 Trustwave, All Rights Reserved Page 37 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details Evidence: SSHv2 Key Exchange Algorithms: diffie-hellman-group-exchangesha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14sha1,diffie-hellman-group1-sha1 SSHv2 Server Host Key Exchange Algorithms: ssh-dss SSHv2 Encryption Algorithms Client to Server: aes128-cbc,3descbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256ctr SSHv2 Encryption Algorithms Server to Client: aes128-cbc,3descbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256ctr SSHv2 MAC Algorithms Client to Server: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 SSHv2 MAC Algorithms Server to Client: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 SSHv2 Compression Algorithms Client to Server: none,[email protected] SSHv2 Compression Algorithms Server to Client: none,[email protected] SSHv2 Languages Client to Server: SSHv2 Languages Server to Client: Remediation: No remediation in necessary for this finding. Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 38 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # 23 CVE Number Vulnerability CVSS Score Severity Compliance Status Details Enumerated Applications 0.00 Info Pass Port: tcp/22 The following applications have been enumerated on this device. CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N openssh:openssh Evidence: CPE: openssh:openssh Version: 5.1 Remediation: No remediation is required. 24 TCP Timestamp Options Enabled 0.00 Info Pass Port: tcp/80 The remote service supports TCP Timestamps, which are detailed in RFC1323. This information can potentially be used to discover the uptime of the remote system. CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N apache:http_server Reference: http://www.ietf.org/rfc/rfc1323.txt Evidence: Timestamp: 838964397 Remediation: Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 39 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details If you are concerned about the exposure of uptime of your systems, disable support for TCP Timestamps, if possible. This would be vendor specific. 25 Enumerated Applications 0.00 Info Pass Port: tcp/80 The following applications have been enumerated on this device. CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N apache:http_server Evidence: CPE: apache:http_server Version: unknown Remediation: No remediation is required. 26 No X-FRAME-OPTIONS Header 0.00 Info Pass Port: tcp/80 This host does not appear to utilize the benefits that the X-FRAMEOPTIONS HTTP header element offers. This header may be implemented to prevent pages on this system from being used in part of a click-jacking scenario. The X-FRAME-OPTIONS header specifies what systems (if any) are allowed to refer to pages on this system (when the page is to appear within a HTML frame type of object). CVSSv2: Service: Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. AV:N/AC:L/Au:N/C:N/I:N/A:N apache:http_server Copyright 2014 Trustwave, All Rights Reserved Page 40 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details Reference: https://www.owasp.org/index.php/Clickjacking#X-FRAME-OPTIONS Remediation: Consider utilizing the X-FRAME-OPTIONS header option to prevent clickjacking type of attacks. 27 Discovered Web Directories 0.00 Info Pass Port: tcp/80 It was possible to guess one or more directories contained in the publicly accessible path of this web server. CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N apache:http_server Evidence: URL: http://www.seatsmarketplace.com:80/stats/ HTTP Response Code: 401 URL: http://www.seatsmarketplace.com:80/icons/ HTTP Response Code: 200 Remediation: Review these directories and verify that there is no unintentional content made available to remote users. 28 Discovered HTTP Methods 0.00 Info Pass Port: tcp/80 Requesting the allowed HTTP OPTIONS from this host shows which HTTP protocol methods are supported by its web server. Note Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 41 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details that, in some cases, this information is not reported by the web server accurately. CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N apache:http_server Evidence: URL: http://www.seatsmarketplace.com/icons/ Methods: GET, HEAD, POST, OPTIONS Remediation: Review your web server configuration and ensure that only those HTTP methods required for your business operations are enabled. 29 Protected Web Page 0.00 Info Pass Port: tcp/80 The web server requires authentication for some resources. Several authentication types are available such as: 1) Basic is the most simplistic and sends credentials in clear text 2) NTLM can be used for single sign on in a Microsoft environment, but it cannot be used on both a proxy and the web server 3) Digest is a cryptographically strong scheme but credentials can still be brute forced or discovered through dictionary attacks. Note that this list is limited to ten instances of this finding. CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N apache:http_server Evidence: Protected Webpage: http://www.seatsmarketplace.com:80/stats/ Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 42 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details Authentication Type: basic Authentication Realm: realm="seatsmarketplace.com Statistics" Remediation: Confirm that the authentication in use is appropriate. 30 Enumerated SSL/TLS Cipher Suites 0.00 Info Pass Port: tcp/443 The finding reports the SSL cipher suites for each SSL/TLS service version provided by the remote service. This finding does not represent a vulnerability, but is only meant to provide visibility into the behavior and configuration of the remote SSL/TLS service. The information provided as part of this finding includes the SSL version (ex: TLSv1) as well as the name of the cipher suite (ex: RC4-SHA). A cipher suite is a set of cryptographic algorithms that provide authentication, encryption, and message authentication code (MAC) as part of an SSL/TLS negotiation and through the lifetime of the SSL session. It is typical that an SSL service would support multiple cipher suites. A cipher suite can be supported by across multiple SSL/TLS versions, so you should be of no concern to see the same cipher name reported for multiple CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N apache:http_server Reference: http://www.openssl.org/docs/apps/ciphers.html Evidence: Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 43 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA Cipher Suite: TLSv1 : AES256-SHA Cipher Suite: TLSv1 : CAMELLIA256-SHA Cipher Suite: TLSv1 : ECDHE-RSA-DES-CBC3-SHA Cipher Suite: TLSv1 : DES-CBC3-SHA Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA Cipher Suite: TLSv1 : AES128-SHA Cipher Suite: TLSv1 : SEED-SHA Cipher Suite: TLSv1 : CAMELLIA128-SHA Cipher Suite: TLSv1 : IDEA-CBC-SHA Cipher Suite: TLSv1 : ECDHE-RSA-RC4-SHA Cipher Suite: TLSv1 : RC4-SHA Cipher Suite: TLSv1_1 : ECDHE-RSA-AES256-SHA Cipher Suite: TLSv1_1 : AES256-SHA Cipher Suite: TLSv1_1 : CAMELLIA256-SHA Cipher Suite: TLSv1_1 : ECDHE-RSA-DES-CBC3-SHA Cipher Suite: TLSv1_1 : DES-CBC3-SHA Cipher Suite: TLSv1_1 : ECDHE-RSA-AES128-SHA Cipher Suite: TLSv1_1 : AES128-SHA Cipher Suite: TLSv1_1 : SEED-SHA Cipher Suite: TLSv1_1 : CAMELLIA128-SHA Cipher Suite: TLSv1_1 : IDEA-CBC-SHA Cipher Suite: TLSv1_1 : ECDHE-RSA-RC4-SHA Cipher Suite: TLSv1_1 : RC4-SHA Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-GCM-SHA384 Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-SHA384 Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-SHA Cipher Suite: TLSv1_2 : AES256-GCM-SHA384 Cipher Suite: TLSv1_2 : AES256-SHA256 Cipher Suite: TLSv1_2 : AES256-SHA Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 44 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details Cipher Suite: TLSv1_2 : CAMELLIA256-SHA Cipher Suite: TLSv1_2 : ECDHE-RSA-DES-CBC3-SHA Cipher Suite: TLSv1_2 : DES-CBC3-SHA Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-GCM-SHA256 Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-SHA256 Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-SHA Cipher Suite: TLSv1_2 : AES128-GCM-SHA256 Cipher Suite: TLSv1_2 : AES128-SHA256 Cipher Suite: TLSv1_2 : AES128-SHA Cipher Suite: TLSv1_2 : SEED-SHA Cipher Suite: TLSv1_2 : CAMELLIA128-SHA Cipher Suite: TLSv1_2 : IDEA-CBC-SHA Cipher Suite: TLSv1_2 : ECDHE-RSA-RC4-SHA Cipher Suite: TLSv1_2 : RC4-SHA Remediation: No remediation is necessary. 31 CVE-2013-2566 SSL RC4-based Ciphers Supported 0.00 Info Pass Port: tcp/443 An attack is possible when using RC4-based ciphers that takes advantage of single-byte biases within the RC4 algorithm, that could make it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of cipher text in a larger number of sessions (i.e. millions of sessions) that use the same plain text. CVE: NVD: CVSSv2: Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. CVE-2013-2566 CVE-2013-2566 AV:N/AC:H/Au:N/C:P/I:N/A:N Copyright 2014 Trustwave, All Rights Reserved Page 45 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details Service: apache:http_server Evidence: Cipher Suite: TLSv1 : ECDHE-RSA-RC4-SHA Cipher Suite: TLSv1 : RC4-SHA Cipher Suite: TLSv1_1 : ECDHE-RSA-RC4-SHA Cipher Suite: TLSv1_1 : RC4-SHA Cipher Suite: TLSv1_2 : ECDHE-RSA-RC4-SHA Cipher Suite: TLSv1_2 : RC4-SHA Remediation: As the attack exploits RC4-based ciphers, SSL may be configured on servers to disable RC4 ciphers. 32 CVE-2011-3389 SSL Vulnerable to CBC Attacks 0.00 Info Pass Port: tcp/443 This server supports a version of SSL vulnerable to a Cipher Block Chaining (CBC) attack. When using a block-based cipher with SSLv2, SSLv3 or TLS v1.0, it is possible to perform a cryptographic attack called a chosen-plaintext attack. An attack, commonly known as "Browser Exploit Against SSL/TLS" ("BEAST") takes advantage of this vulnerability in how the browser sets up SSL/TLS connections (e.g. for HTTPS), and may allow an attacker to decrypt the SSL/TLS connection to gain access to sensitive information. Although, the BEAST attack is the only known exploit, other services not related to web servers (e.g. IMAP) may also be vulnerable to such attack. CVE: NVD: Bugtraq: Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. CVE-2011-3389 CVE-2011-3389 49778 Copyright 2014 Trustwave, All Rights Reserved Page 46 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N apache:http_server Reference: http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslciphersuite http://support.microsoft.com/kb/2643584 http://technet.microsoft.com/en-us/security/advisory/2588513 Evidence: Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA Cipher Suite: TLSv1 : AES256-SHA Cipher Suite: TLSv1 : ECDHE-RSA-DES-CBC3-SHA Cipher Suite: TLSv1 : DES-CBC3-SHA Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA Cipher Suite: TLSv1 : AES128-SHA Cipher Suite: TLSv1 : IDEA-CBC-SHA Remediation: The server should be configured to allow only TLS versions 1.1 and 1.2, which are not vulnerable to this CBC attack. Although the latest versions of all major web browsers support TLS 1.1 and 1.2 enabled by default, disabling previous versions may prevent other services than HTTP from connecting to the server if they do not support these versions of TLS. 33 Enumerated Applications 0.00 Info Pass Port: tcp/443 The following applications have been enumerated on this device. Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 47 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N apache:http_server Evidence: CPE: apache:http_server Version: unknown Remediation: No remediation is required. 34 No X-FRAME-OPTIONS Header 0.00 Info Pass Port: tcp/443 This host does not appear to utilize the benefits that the X-FRAMEOPTIONS HTTP header element offers. This header may be implemented to prevent pages on this system from being used in part of a click-jacking scenario. The X-FRAME-OPTIONS header specifies what systems (if any) are allowed to refer to pages on this system (when the page is to appear within a HTML frame type of object). CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N apache:http_server Reference: https://www.owasp.org/index.php/Clickjacking#X-FRAME-OPTIONS Remediation: Consider utilizing the X-FRAME-OPTIONS header option to prevent clickjacking type of attacks. Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 48 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # 35 CVE Number Vulnerability CVSS Score Severity Compliance Status Details Robots.txt 0.00 Info Pass Port: tcp/443 Some Web Servers use a file called /robot(s).txt to make search engines and any other indexing tools visit their WebPages more frequently and more efficiently. By connecting to the server and requesting the /robot(s).txt file, an attacker may gain additional information about the system they are attacking. Such information as, restricted directories, hidden directories, cgi script directories and etc. CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N apache:http_server Evidence: Request: GET /robots.txt HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Host: 97.74.181.130 Content-Type: text/html Content-Length: 0 Response: HTTP/1.1 200 OK Date: Sat, 13 Dec 2014 14:56:31 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, precheck=0 Pragma: no-cache X-Pingback: https://seatsmarketplace.com/xmlrpc.php Set-Cookie: PHPSESSID=e9ujd29n3eup495c3r2lt0l5r1; path=/ Set-Cookie: wfvt_-2124291146=548c53a36d70d; expires=Sat, Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 49 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # CVE Number Vulnerability CVSS Score Severity Compliance Status Details 13-Dec-2014 15:26:35 GMT; path=/; httponly Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Status code: equals '200' Body: matched "Disallow:" Remediation: Take special care not to tell the robots not to index sensitive directories, since this tells attackers exactly which of your directories are sensitive. 36 Enumerated Hostnames 0.00 Info Pass This list contains all hostnames discovered during the scan that are believed to belong to this host. CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N Evidence: Hostname: seatsmarketplace.com, Source: SSL Certificate Subject Common Name Hostname: seatsmarketplace.com, Source: SSL Certificate Subject subjectAltName DNS Hostname: www.seatsmarketplace.com, Source: SSL Certificate Subject subjectAltName DNS Hostname: p3nlhftpg008.shr.prod.phx3.secureserver.net, Source: SSL Certificate Subject Common Name Remediation: No action is required. Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 50 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details 97.74.181.130 (www.seatsmarketplace.com) # 37 CVE Number Vulnerability Remote Access Service Detected CVSS Score Severity Compliance Status 0.00 Info Pass Details Policy Violation Port: tcp/22 One or more remote access services were detected on the remote host. As defined by the PCI ASV Program Guide: "remote access software includes, but is not limited to: VPN (IPSec, PPTP, SSL), pcAnywhere, VNC, Microsoft Terminal Server, remote web-based administration, ssh, Telnet." CVSSv2: Service: AV:N/AC:L/Au:N/C:N/I:N/A:N openssh:openssh Remediation: Note to scan customer: Due to increased risk to the cardholder data environment when remote access software is present, please 1) justify the business need for this software to the ASV and 2) confirm it is either implemented securely per Appendix C or disabled/ removed. Please consult your ASV if you have questions about this Special Note. Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 51 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details Part 5a. Web Servers It is important to pay special attention to the security of your Web servers. This section provides a convenient list of all of the Web servers found in the course of the network scan based on the locations you specified in your scan setup. Information profiled includes the server type (e.g., Microsoft IIS or Apache) and the title of the default Web page. Some tips for using this information are below. • You should ensure that all Web servers listed in this section are authorized and intended to be running in your network since many systems will inadvertently be configured with some type of Web server when they are installed. • In addition, many network devices (e.g., routers, switches and print servers) may have Web-based management interfaces of which you may not have been aware. Whenever possible, unused Web interfaces should be disabled or, at a minimum, password protected. • Review the "Port" column and make sure that any sites that should be secure are using port 443 (HTTPS, or "Secure Web") to encrypt the web sessions. Special Note: If you are using load balancers for your web sites to spread the web traffic across multiple servers, it is your responsibility to ensure that the configuration of the environment behind your load balancers is synchronized, or to ensure that the environment is scanned as part of the internal vulnerability scans required by PCI DSS. # 1 2 System IP Address 97.74.181.130 (www.seatsmarke tplace.com) 97.74.181.130 (www.seatsmarke tplace.com) Domain Name Port Server Type ip-97-74-181-130.ip.secureserver.net tcp / 80 apache:http_server ip-97-74-181-130.ip.secureserver.net tcp / 443 apache:http_server Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Default Status and Title/Redirect Copyright 2014 Trustwave, All Rights Reserved Page 52 Report Date: 2014-12-21 Vulnerability Scan Report: Vulnerability Details Part 5b. SSL Certificate Information Several network services, most notably HTTPS ("Secure Web"), employ certificates which contain information about the service which can be used by connecting clients to authenticate the identity of the server. For Web servers, the certificate is intended to authenticate the domain name (e.g., www.yoursite.com) of a web site. For example, a home banking application should be run on a web server which provides a certificate to its clients' Web browsers proving that the web server they are connected to is actually the one they intended to use. In order to provide users with confidence in the site they are visiting, the certificate should be issued by a well-known certificate authority instead of self-generated. In some cases, such as in a private network, self-generated certificates may be used; however, those users should have confidence in the internal issuing authority. This table provides a summary of the certificates found in your network, including expiration date and issuer of each certificate. # Service Common Name Expires Details 1 97.74.181.130 : 21 (ftp) (www.seatsmarketplace.co m) p3nlhftpg008.shr.prod.phx3.secureserver.net 1/28/28 2:56 PM Issued to: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy Software Inc./OU=Hosting/CN=p3nlhftpg008.shr.prod.phx3.secureserver.n et Issued by: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy Software Inc./OU=Hosting/CN=p3nlhftpg008.shr.prod.phx3.secureserver.n et 2 97.74.181.130 : 443 (http) (www.seatsmarketplace.co m) seatsmarketplace.com 3/7/16 1:49 PM Issued to: /OU=Domain Control Validated/CN=seatsmarketplace.com Issued by: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2 Fingerprint:F5:4D:FF:31:5D:E2:3C:D0:CA:4F:94:1E:0A:BF:29:0C Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE. Copyright 2014 Trustwave, All Rights Reserved Page 53
© Copyright 2024