Vulnerability Scan Report: Table of Contents

Report Date: 2014-12-21
Vulnerability Scan Report: Table of Contents
Attestation of Compliance
Table of Contents
Executive Summary
Part 1. Scan Information
Part 2. Component Compliance Summary
Part 3a. Vulnerabilities Noted for Each IP Address
Part 3b. Special Notes by IP Address
Vulnerability Details
1
2
3
3
3
4
9
11
Part 1. Scan Information
Part 2. Scan Inventory (Accessible Systems and Services)
11
Part 3a. Previous Scan Targets (Not Scanned)
Part 3b. Discovered Scan Targets (Not Scanned)
Part 3c. Load Balancers
Part 4. Vulnerabilities & Policy Violations
13
97.74.181.130 (www.seatsmarketplace.com)
14
11
13
13
14
Part 5a. Web Servers
52
Part 5b. SSL Certificate Information
Part 6. Disputed Vulnerabilities & Policy Violations
53
ASV Feedback Form
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS
MARKETPLACE.
54
55
Copyright 2014 Trustwave, All Rights Reserved
Report Date: 2014-12-21
Vulnerability Scan Report: Executive Summary
Part 1. Scan Information
Scan Customer Company
SEATS MARKETPLACE
ASV Company
Trustwave
Scan Compliance Status
Fail
Date Scan Completed
2014-12-13
Scan Expiration Date
N/A
Part 2. Component Compliance Summary
#
Compliance
Status
1
Fail
Name
Type
IP Address
Source
Critical
High
Medium
Low
Info
www.seatsmarketplace.c
om
Web Site
97.74.181.130
Domain Name
0
0
5
5
27
Total Findings 0
0
5
5
27
Total PCI Vulnerabilities 0
0
5
0
0
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 3
Report Date: 2014-12-21
Vulnerability Scan Report: Executive Summary
Part 3a. Vulnerabilities Noted for Each IP Address
Medium
CVSS
Score
6.20
Compliance
Status
Fail
SSH Keyboard-Interactive
Authentication Username
Enumeration, CVE-2007-2243
CVE-2007-2768 CVE-2009-1273
Medium
5.00
Fail
97.74.181.130
(www.seatsmarket
place.com)
HTTP Server Username Probing,
CVE-2001-1013
Medium
5.00
Fail
4
97.74.181.130
(www.seatsmarket
place.com)
HTTP Server Username Probing,
CVE-2001-1013
Medium
5.00
Fail
5
97.74.181.130
(www.seatsmarket
place.com)
Web Application Transmits Login
Credentials Without Encryption
Medium
4.60
Fail
Note to scan customer: This vulnerability is not recognized in the
National Vulnerability Database.
6
97.74.181.130
(www.seatsmarket
place.com)
OpenSSH Resources Exhaustion
Bug via GSSAPI, CVE-20115000
Low
3.50
Pass
Note to scan customer: This vulnerability is purely a denial-of-service
vulnerability and it is not considered a failing condition under the PCI
DSS.
7
97.74.181.130
(www.seatsmarket
place.com)
OpenSSH CBC Mode Information
Disclosure Vulnerability, CVE2008-5161
Low
2.60
Pass
#
IP Address
Vulnerabilities Noted
Severity
1
97.74.181.130
(www.seatsmarket
place.com)
Unencrypted Communication
Channel Accessibility
2
97.74.181.130
(www.seatsmarket
place.com)
3
Exceptions, False Positives, or Compensating Controls Noted by the
ASV for this Vulnerability
Note to scan customer: This vulnerability is not recognized in the
National Vulnerability Database. Unencrypted communication
channels violate Requirement 4 of the PCI DSS and are considered
an automatic failing condition.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 4
Report Date: 2014-12-21
Vulnerability Scan Report: Executive Summary
Low
CVSS
Score
2.60
Compliance
Status
Pass
Exceptions, False Positives, or Compensating Controls Noted by the
ASV for this Vulnerability
Note to scan customer: This vulnerability is not recognized in the
National Vulnerability Database.
SSL Weak Encryption Algorithms
Low
1.80
Pass
Note to scan customer: This vulnerability is not recognized in the
National Vulnerability Database.
97.74.181.130
(www.seatsmarket
place.com)
SSL Anonymous Diffie-Hellman
Ciphers
Low
1.80
Pass
Note to scan customer: This vulnerability is not recognized in the
National Vulnerability Database.
11
97.74.181.130
(www.seatsmarket
place.com)
TCP Timestamp Options Enabled
Info
0.00
Pass
12
97.74.181.130
(www.seatsmarket
place.com)
FTP Server Supports AUTH TLS
(STARTTLS)
Info
0.00
Pass
13
97.74.181.130
(www.seatsmarket
place.com)
SSL Certificate Common Name
Does Not Validate
Info
0.00
Pass
14
97.74.181.130
(www.seatsmarket
place.com)
SSL Certificate is Self-Signed
Info
0.00
Pass
15
97.74.181.130
(www.seatsmarket
place.com)
SSL Certificate is Not Trusted
Info
0.00
Pass
16
97.74.181.130
(www.
SSL Perfect Forward Secrecy
Supported
Info
0.00
Pass
#
IP Address
Vulnerabilities Noted
Severity
8
97.74.181.130
(www.seatsmarket
place.com)
Indexable Web Directories
9
97.74.181.130
(www.seatsmarket
place.com)
10
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 5
Report Date: 2014-12-21
Vulnerability Scan Report: Executive Summary
#
IP Address
17
seatsmarketplace.
com)
97.74.181.130
(www.seatsmarket
place.com)
Vulnerabilities Noted
Severity
CVSS
Score
Compliance
Status
Exceptions, False Positives, or Compensating Controls Noted by the
ASV for this Vulnerability
SSLv3 Supported, CVE-20143566
Info
0.00
Pass
NVD CVSS Score: 4.30
Note to scan customer: The NVD entry for CVE-2014-3566 specifies
a CVSSv2 vector of AV:N/AC:M/Au:N/C:P/I:N/A:N, with a base score
of 4.3. Trustwave's assessment of the vulnerability differs since the
flaw lies in the way web browsers communicate with this server and
not in the server itself. As such, Trustwave uses a CVSSv2 vector of
AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.
18
97.74.181.130
(www.seatsmarket
place.com)
Enumerated SSL/TLS Cipher
Suites
Info
0.00
Pass
19
97.74.181.130
(www.seatsmarket
place.com)
SSL RC4-based Ciphers
Supported, CVE-2013-2566
Info
0.00
Pass
97.74.181.130
(www.seatsmarket
place.com)
SSL Vulnerable to CBC Attacks,
CVE-2011-3389
Info
20
NVD CVSS Score: 2.60
Note to scan customer: The NVD entry for CVE-2013-2566 specifies
a CVSSv2 vector of AV:N/AC:H/Au:N/C:P/I:N/A:N, with a base score
of 2.6. Trustwave's assessment of the vulnerability differs since the
flaw lies in the way web browsers communicate with this server and
not in the server itself. As such, Trustwave uses a CVSSv2 vector of
AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.
0.00
Pass
NVD CVSS Score: 4.30
Note to scan customer: The NVD entry for CVE-2011-3389 specifies
a CVSSv2 vector of AV:N/AC:M/Au:N/C:P/I:N/A:N, with a base score
of 4.3. Trustwave's assessment of the vulnerability differs since the
flaw lies in the way web browsers communicate with this server and
not in the server itself. As such, Trustwave uses a CVSSv2 vector of
AV:N/AC:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 6
Report Date: 2014-12-21
Vulnerability Scan Report: Executive Summary
#
IP Address
Vulnerabilities Noted
Severity
CVSS
Score
Compliance
Status
21
97.74.181.130
(www.seatsmarket
place.com)
Enumerated Applications
Info
0.00
Pass
22
97.74.181.130
(www.seatsmarket
place.com)
SSHv2 Cipher Enumeration
Info
0.00
Pass
23
97.74.181.130
(www.seatsmarket
place.com)
Enumerated Applications
Info
0.00
Pass
24
97.74.181.130
(www.seatsmarket
place.com)
TCP Timestamp Options Enabled
Info
0.00
Pass
25
97.74.181.130
(www.seatsmarket
place.com)
Enumerated Applications
Info
0.00
Pass
26
97.74.181.130
(www.seatsmarket
place.com)
No X-FRAME-OPTIONS Header
Info
0.00
Pass
27
97.74.181.130
(www.seatsmarket
place.com)
Discovered Web Directories
Info
0.00
Pass
28
97.74.181.130
(www.seatsmarket
place.com)
Discovered HTTP Methods
Info
0.00
Pass
Exceptions, False Positives, or Compensating Controls Noted by the
ASV for this Vulnerability
L/Au:N/C:N/I:N/A:N, with a base score of 0.0.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 7
Report Date: 2014-12-21
Vulnerability Scan Report: Executive Summary
Info
CVSS
Score
0.00
Compliance
Status
Pass
Enumerated SSL/TLS Cipher
Suites
Info
0.00
Pass
97.74.181.130
(www.seatsmarket
place.com)
SSL RC4-based Ciphers
Supported, CVE-2013-2566
Info
0.00
Pass
97.74.181.130
(www.seatsmarket
place.com)
SSL Vulnerable to CBC Attacks,
CVE-2011-3389
Info
33
97.74.181.130
(www.seatsmarket
place.com)
Enumerated Applications
Info
0.00
Pass
34
97.74.181.130
(www.
No X-FRAME-OPTIONS Header
Info
0.00
Pass
#
IP Address
Vulnerabilities Noted
Severity
29
97.74.181.130
(www.seatsmarket
place.com)
Protected Web Page
30
97.74.181.130
(www.seatsmarket
place.com)
31
32
Exceptions, False Positives, or Compensating Controls Noted by the
ASV for this Vulnerability
NVD CVSS Score: 2.60
Note to scan customer: The NVD entry for CVE-2013-2566 specifies
a CVSSv2 vector of AV:N/AC:H/Au:N/C:P/I:N/A:N, with a base score
of 2.6. Trustwave's assessment of the vulnerability differs since the
flaw lies in the way web browsers communicate with this server and
not in the server itself. As such, Trustwave uses a CVSSv2 vector of
AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.
0.00
Pass
NVD CVSS Score: 4.30
Note to scan customer: The NVD entry for CVE-2011-3389 specifies
a CVSSv2 vector of AV:N/AC:M/Au:N/C:P/I:N/A:N, with a base score
of 4.3. Trustwave's assessment of the vulnerability differs since the
flaw lies in the way web browsers communicate with this server and
not in the server itself. As such, Trustwave uses a CVSSv2 vector of
AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 8
Report Date: 2014-12-21
Vulnerability Scan Report: Executive Summary
#
IP Address
Vulnerabilities Noted
Severity
CVSS
Score
Compliance
Status
35
seatsmarketplace.
com)
97.74.181.130
(www.seatsmarket
place.com)
Robots.txt
Info
0.00
Pass
36
97.74.181.130
(www.seatsmarket
place.com)
Enumerated Hostnames
Info
0.00
Pass
37
97.74.181.130
(www.seatsmarket
place.com)
Remote Access Service Detected
Info
0.00
Pass
Exceptions, False Positives, or Compensating Controls Noted by the
ASV for this Vulnerability
Note to scan customer: This vulnerability is not recognized in the
National Vulnerability Database.
Consolidated Solution/Correction Plan for the above IP Address:
• Configure the HTTP service(s) running on this host to adhere to information security best practices.
• Ensure that all applications and services running on this host are configured to appropriately restrict access to sensitive information. This includes account information and
configuration settings.
• Configure the SSH service(s) running on this host to adhere to information security best practices.
• Configure the SSL service(s) running on this host to adhere to information security best practices.
• Configure the service(s) running on this host to use encrypted communication channels.
• Upgrade and/or install security updates for OpenSSH.
• Ensure that any web applications running on this host properly validate and transmit user input in a secure manner.
Part 3b. Special Notes by IP Address
#
IP Address
Note
Item Noted
(remote access
software, POS
software, etc.)
Scan customer's declaration that
software is implemented securely
(see next column if not
implemented securely)
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Scan customer's description of
actions taken to either: 1) remove
the software or 2) implement
security controls to secure the
software
Copyright 2014 Trustwave, All Rights Reserved
Page 9
Report Date: 2014-12-21
Vulnerability Scan Report: Executive Summary
#
IP Address
Note
1
97.74.181.130
(www.seatsmarke
tplace.com)
Remote Access Detected
97.74.181.130
(www.seatsmarke
tplace.com)
Directory Browsing Enabled
2
Note to scan customer: Due to increased risk to the
cardholder data environment when remote access
software is present, please 1) justify the business
need for this software to the ASV and 2) confirm it is
either implemented securely per Appendix C or
disabled/ removed. Please consult your ASV if you
have questions about this Special Note.
Note to scan customer: Browsing of directories on
web servers can lead to information disclosure or
potential exploit. Due to increased risk to the
cardholder data environment, please 1) justify the
business need for this configuration to the ASV, or 2)
confirm that it is disabled. Please consult your ASV if
you have questions about this Special Note.
Item Noted
(remote access
software, POS
software, etc.)
Scan customer's declaration that
software is implemented securely
(see next column if not
implemented securely)
Scan customer's description of
actions taken to either: 1) remove
the software or 2) implement
security controls to secure the
software
tcp/22 ssh
(openssh:openss
h)
tcp/80 http
(apache:http_ser
ver)
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS
MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 10
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
Part 1. Scan Information
Scan Customer Company
SEATS MARKETPLACE
Data Scan Completed
2014-12-13
ASV Company
Trustwave
Scan Expiration Date
N/A
Part 2. Scan Inventory (Accessible Systems and Services)
The following systems and network services were detected during this scan. This information is provided for your information. Please refer to "Part 4. Vulnerabilities & Policy
Violations" for all PCI compliance-related issues.
Reading Your Scan Inventory
The vulnerability scan reveals Internet-accessible computers and network services available on your network. The following systems (e.g., computers, servers, routers, etc.) and
network services (e.g., Web and mail servers) were discovered during the vulnerability scan. As a general rule, all unnecessary network services should be disabled, and all
other services should be protected by a firewall or similar device. Only those services which must be available to the public should be visible from the Internet.
• Names - A system may be known by many names. For example, a server that offers Web and mail services may be known as both www.mycompany.com and
mail.mycompany.com. This report includes as many names as could be identified, including public domain names, Windows domain/workgroups, Windows name, and the
"real" name assigned in your DNS server.
• Ping - One technique TrustKeeper uses is to try to "ping" systems in your network. It is generally considered to be good practice to block inbound pings as it can give
attackers information about your network. However, this decision may be affected by network monitoring needs and other considerations.
• Service Information - A large number of services (e.g., TCP and UDP ports) are probed during the scan. Any that appear to be active on the device are listed in the table.
You should review this list to ensure that only those services you intend to offer to the public are accessible. All other internal services should be protected by your firewall
or similar device.
Service Information
#
Device
Names
OS
Ping
Port
1
97.74.181.130
(www.seatsmarket
place.com)
ip-97-74-181130.ip.secureserver.net
FreeBSD FreeBSD
2.6
Protocol
Application
Detail
true
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 11
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
Service Information
#
Device
Names
OS
Ping
Port
Protocol
Application
Detail
tcp/21
ftp
pureftpd:pure-ftpd
220---------Welcome to PureFTPd [privsep]
[TLS] ---------\x0d\x0a220-You
are user number 14
of 500
allowed.\x0d\x0a22
0-Local time is now
07:42. Server port:
21.\x0d\x0a220This is a private
system - No
anonymous
login\x0d\x0a220
You will be
disconnected after
3 minutes of
inactivity.
tcp/22
ssh
openssh:openssh
OpenSSH_5.1
tcp/80
http
apache:http_serv
er
Apache
tcp/443
http
apache:http_serv
er
Apache
All other scanned ports were filtered.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 12
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
Part 3a. Previous Scan Targets (Not Scanned)
The following locations were removed from your scan setup at your request and have not been included in this scan. You confirmed that these locations or domain names
do not store, process, or transmit cardholder data and therefore not required to be scanned for PCI DSS compliance.
#
Name
Type
IP Address
Date Removed
No such scan locations have been removed by this customer.
Part 3b. Discovered Scan Targets (Not Scanned)
The following systems were discovered to be related to your network during this scan. TrustKeeper only scans those systems which are explicitly identified by you;
however, the following systems were identified using reconnaissance techniques based on the information you provided. While not scanned for this assessment, you should
be aware that an attacker could identify the same information.
Please review this information and update your TrustKeeper Scan Setup if any of the following systems are relevant to the assessment being performed. In many cases,
some of these systems will not be relevant to the assessment. Common examples include domain name servers (DNS) and mail servers maintained by your ISP. The
scanner may also identify internal systems that are not directly accessible from the Internet.
#
IP Address
Domain Name
Comments
1
68.178.213.37
mailstore1.secureserver.net
Discovered hosts using second-level domain name(s): seatsmarketplace.com
2
72.167.238.29
smtp.secureserver.net
Discovered hosts using second-level domain name(s): seatsmarketplace.com
3
208.109.255.50
pdns02.domaincontrol.com
Discovered hosts using second-level domain name(s): seatsmarketplace.com
4
216.69.185.50
pdns01.domaincontrol.com
Discovered hosts using second-level domain name(s): seatsmarketplace.com
Part 3c. Load Balancers
If you are using load balancers for your web sites to spread the web traffic across multiple servers, it is your responsibility to ensure that the configuration of the environment
behind your load balancers is synchronized, or to ensure that the environment is scanned as part of the internal vulnerability scans required by PCI DSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 13
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
Part 4. Vulnerabilities & Policy Violations
The following issues were identified during this scan. Please review all items and address all that items that affect compliance or the security of your system.
In the tables below you can find the following information about each TrustKeeper finding.
• CVE Number - The Common Vulnerabilities and Exposure number(s) for the detected vulnerability - an industry standard for cataloging vulnerabilities. A comprehensive
list of CVEs can be found at nvd.nist.gov or cve.mitre.org.
• Vulnerability - This describes the name of the finding, which usually includes the name of the application or operating system that is vulnerable.
• CVSS Score - The Common Vulnerability Scoring System is an open framework for communicating the characteristics and impacts of IT vulnerabilities. Further information
can be found at www.first.org/cvss or nvd.nist.gov/cvss.cfm.
• Severity - This identifies the risk of the vulnerability. It is closely associated with the CVSS score.
• Compliance Status - Findings that are PCI compliance violations are indicated with a Fail status. In order to pass a vulnerability scan, these findings must be addressed.
Most findings with a CVSS score of 4 or more, or a Severity of Medium or higher, will have a Fail status. Some exceptions exist, such as DoS vulnerabilities, which are not
included in PCI compliance.
• Details - TrustKeeper provides the port on which the vulnerability is detected, details about the vulnerability, links to available patches and other specific guidance on actions
you can take to address each vulnerability.
For more information on how to read this section and the scoring methodology used, please refer to the appendix.
97.74.181.130 (www.seatsmarketplace.com)
#
1
CVE Number
Vulnerability
Unencrypted
Communication Channel
Accessibility
CVSS
Score
Severity
Compliance
Status
6.20
Medium
Fail
Details
Policy Violation
Port:
tcp/21
The service running on this port appears to make use of a plaintext
(unencrypted) communication channel. The PCI DSS forbids the use of
such insecure services/protocols. Unencrypted communication channels
are vulnerable to the disclosure and/or modification of any data transiting
through them (including usernames and passwords), and as such the
confidentially and integrity of the data in transit cannot be ensured with any
level of certainty.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 14
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
CVSSv2:
Service:
AV:A/AC:H/Au:N/C:C/I:C/A:N
pureftpd:pure-ftpd
Evidence:
Details: Unencrypted authentication is allowed prior to TLS negotiation
AUTH TLS Supported: true
AUTH TLS Required: false
Command Sent: USER trustkeeper
Response Received: 331 User trustkeeper OK. Password required
Remediation:
Transition to using more secure alternatives such as SSH instead of Telnet
and SFTP in favor of FTP, or consider wrapping less secure services within
more secure technologies by utilizing the benefits offered by VPN,
SSL/TLS, or IPSec for example. Also, limit access to management
protocols/services to specific IP addresses (usually accomplished via a
"whitelist") whenever possible.
2
CVE-2007-2243
CVE-2007-2768
CVE-2009-1273
SSH Keyboard-Interactive
Authentication Username
Enumeration
5.00
Medium
Fail
Port:
tcp/22
The remote host is running the secure-shell (SSH) service, and allows for
authentication via the "keyboard-interactive" method. This method passes
authentication off to a third party, who will provide a prompt (often
"Password:") that is sent back to the SSH client. The remote SSH service
varies its response dependent on the username that is provided, making it
possible to enumerate usernames on the remote host. This variance is
often due to the use of one-time password (OTP) authentication
mechanisms such
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 15
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
as S/Key and OPIE, which require a random challenge to be presented to
those authenticating. Often in these setups, only those users that are
configured to use one-time passwords will be prompted with a random
challenge. Thus, it is possible to positively identify those usernames that
are configured to use one-time password authentication. A known
vulnerability in pam_ssh (CVE-2009-1273) 1.92 and earlier may trigger this
finding, as pam_ssh would report a different prompt depending on if the
username was valid or not.
CVE:
NVD:
Bugtraq:
CVSSv2:
Service:
CVE-2007-2243, CVE-2007-2768, CVE-2009-1273
CVE-2007-2243, CVE-2007-2768, CVE-2009-1273
23601
AV:N/AC:L/Au:N/C:P/I:N/A:N
openssh:openssh
Reference:
http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html
http://www.openssh.com
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/one-timepasswords.html
http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5
Evidence:
Info: Identified presence of 'root' user account by attempting keyboardinteractive authentication for 'root'. Probe for non-existent user
'trustkeeper25774' gave a response of message type 51, while probe for
'root' gave a response message type of 60.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 16
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
Remediation:
It is recommended that the challenge authentication mechanism be
replaced with something that does not reveal the presence of user
accounts. Two-factor authentication mechanisms using security tokens, for
example, do not require a revealing challenge. Consult your documentation
for the affected SSH service for more information on modifying its
authentication mechanisms. If pam_ssh is the culprit, then check with your
vendor for a patch for CVE-2009-1273.
3
CVE-2001-1013
HTTP Server Username
Probing
5.00
Medium
Fail
Port:
tcp/80
The web server running on this host allows attackers to probe for user
names via requests for user home pages (e.g., http://host/~username).
Many different types of web servers exhibit this behavior, but it is most
commonly associated with Apache HTTP Server.
CVE:
NVD:
Bugtraq:
CVSSv2:
Service:
CVE-2001-1013
CVE-2001-1013
3335
AV:N/AC:L/Au:N/C:P/I:N/A:N
apache:http_server
Evidence:
Discovered username: root
Discovered path: /~root
HTTP status code: 301
Non-existent user path: /~non_existant_user
HTTP status code for non-existent user: 302
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 17
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
Remediation:
Configure the HTTP server to specify the same error documents for both
403 (Forbidden) and 404 (Page Not Found) responses. Additionally, if
Apache is being used, the UserDir directive should be disabled in the
Apache configuration file (httpd.conf).
4
CVE-2001-1013
HTTP Server Username
Probing
5.00
Medium
Fail
Port:
tcp/443
The web server running on this host allows attackers to probe for user
names via requests for user home pages (e.g., http://host/~username).
Many different types of web servers exhibit this behavior, but it is most
commonly associated with Apache HTTP Server.
CVE:
NVD:
Bugtraq:
CVSSv2:
Service:
CVE-2001-1013
CVE-2001-1013
3335
AV:N/AC:L/Au:N/C:P/I:N/A:N
apache:http_server
Evidence:
Discovered username: root
Discovered path: /~root
HTTP status code: 301
Non-existent user path: /~non_existant_user
HTTP status code for non-existent user: 404
Remediation:
Configure the HTTP server to specify the same error documents
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 18
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
for both 403 (Forbidden) and 404 (Page Not Found) responses.
Additionally, if Apache is being used, the UserDir directive should be
disabled in the Apache configuration file (httpd.conf).
5
Web Application Transmits
Login Credentials Without
Encryption
4.60
Medium
Fail
Port:
tcp/80
There is a web application running on this host that transmits login
credentials over HTTP, which is a clear-text protocol. As such, if an
attacker was able to intercept traffic containing login credentials, it would be
trivial to view user account and password information.
CVSSv2:
Service:
AV:A/AC:H/Au:N/C:C/I:N/A:N
apache:http_server
Evidence:
Protected Webpage: http://www.seatsmarketplace.com:80/stats/
Authentication Type: basic
Remediation:
All web application communications containing sensitive information should
be transmitted using SSL/TLS (HTTPS). If re-direction from HTTP to
HTTPS is utilized in an attempt to remediate this finding, please ensure that
such redirection occurs on the server side of the system (for example via
the use of the HTTP "Location" header element) and that redirection is not
reliant upon the client (browser) side.
6
CVE-2011-5000
OpenSSH Resources
Exhaustion Bug via
3.50
Low
Pass
Port:
tcp/22
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 19
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
GSSAPI
CVSS
Score
Severity
Compliance
Status
Details
The version of OpenSSH running on this host, when gssapi-with-mic
authentication is enabled, is prone to a vulnerability which allows remote
authenticated users to cause a denial of service (memory consumption)
condition by supplying large value to a certain length field.
Vulnerabilities which result only in denial of service do not affect PCI
compliance; however, they may still be critical to your systems.
This finding is based on version information which may not have been
updated by previously installed patches (e.g., Red Hat "back ports").
Please submit a "Patched Service" dispute in TrustKeeper if this
vulnerability has already been patched.
CVE:
NVD:
CVSSv2:
Service:
CVE-2011-5000
CVE-2011-5000
AV:N/AC:M/Au:S/C:N/I:N/A:P
openssh:openssh
Reference:
http://site.pi3.com.pl/adv/ssh_1.txt
Evidence:
Match: '5.1' is greater than or equal to '5.0'
Match: '5.1' is less than '5.8'
Remediation:
This issue was fixed with the release of version 5.8 of OpenSSH. However,
it is strongly recommended that the latest stable version with all of the
appropriate patches be installed.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 20
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
7
CVE-2008-5161
OpenSSH CBC Mode
Information Disclosure
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
2.60
Low
Pass
Port:
tcp/22
The detected version of OpenSSH is prone to an information-disclosure
vulnerability. Successful exploits could allow attackers to obtain up to four
bytes of plaintext data from an encrypted session. Versions prior to
OpenSSH 5.2 are reported to be vulnerable as well as various versions of
SSH Tectia.
This finding is based on version information which may not have been
updated by previously installed patches (e.g., Red Hat "back ports").
Please submit a "Patched Service" dispute in TrustKeeper if this
vulnerability has already been patched.
CVE:
NVD:
Bugtraq:
CVSSv2:
Service:
CVE-2008-5161
CVE-2008-5161
32319
AV:N/AC:H/Au:N/C:P/I:N/A:N
openssh:openssh
Evidence:
Match: '5.1' is greater than or equal to '4.0'
Match: '5.1' is less than or equal to '5.1'
Remediation:
The Vendor has released updates that address this issue. Upgrade to the
most recent current version.
8
Indexable Web Directories
2.60
Low
Pass
Port:
tcp/80
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 21
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
One or more directories on this web server appear to allow remote users to
view the directory structure and potentially navigate to sensitive data.
CVSSv2:
Service:
AV:N/AC:H/Au:N/C:P/I:N/A:N
apache:http_server
Evidence:
URL:
URL:
http://www.seatsmarketplace.com:80/icons/
http://www.seatsmarketplace.com/icons/?C=N;O=D
URL:
http://www.seatsmarketplace.com/icons/?C=M;O=A
URL:
http://www.seatsmarketplace.com/icons/?C=S;O=A
URL:
http://www.seatsmarketplace.com/icons/?C=D;O=A
URL:
URL:
http://www.seatsmarketplace.com/icons/small/
http://www.seatsmarketplace.com/icons/?C=M;O=D
URL:
http://www.seatsmarketplace.com/icons/?C=N;O=A
URL:
http://www.seatsmarketplace.com/icons/?C=S;O=D
URL:
http://www.seatsmarketplace.com/icons/small/?C=N;O=
D
http://www.seatsmarketplace.com/icons/?C=D;O=D
URL:
URL:
URL:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
http://www.seatsmarketplace.com/icons/small/?C=M;O=
A
http://www.seatsmarketplace.com/icons/small/?
Copyright 2014 Trustwave, All Rights Reserved
Page 22
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
URL:
URL:
C=D;O=A
http://www.seatsmarketplace.com/icons/small/?C=S;O=
A
http://www.seatsmarketplace.com/icons/small/?C=N;O=
A
http://www.seatsmarketplace.com/icons/small/?C=M;O=
D
http://www.seatsmarketplace.com/icons/small/?C=D;O=
D
http://www.seatsmarketplace.com/icons/small/?C=S;O=
D
URL:
URL:
URL:
URL:
Remediation:
Ensure that directory indexing is not enabled on this web server.
9
SSL Weak Encryption
Algorithms
1.80
Low
Pass
Port:
tcp/21
The SSL-based service running on this host appears to support the use of
"weak" ciphers, which are those that have key-lengths of less than 128 bits.
CVSSv2:
Service:
AV:A/AC:H/Au:N/C:P/I:N/A:N
pureftpd:pure-ftpd
Reference:
http://www.schneier.com/paper-ssl.pdf
Evidence:
Cipher Suite: SSLv3 : ADH-AES256-SHA
Cipher Suite: SSLv3 : ADH-DES-CBC3-SHA
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 23
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
Cipher Suite: SSLv3 : ADH-AES128-SHA
Cipher Suite: SSLv3 : ADH-RC4-MD5
Cipher Suite: TLSv1 : ADH-AES256-SHA
Cipher Suite: TLSv1 : ADH-DES-CBC3-SHA
Cipher Suite: TLSv1 : ADH-AES128-SHA
Cipher Suite: TLSv1 : ADH-RC4-MD5
Remediation:
Configure your SSL server to only use higher-grade encryption. OpenSSL
servers classify encryption algorithms as HIGH, MEDIUM, LOW, and
EXPORT strength. Algorithms classified as HIGH all use 128-bit encryption
or higher, as do several that are classified as MEDIUM.
The "SSLCipherSuite" configuration item for mod_ssl and Apache2 can be
used to control encryption algorithms for web servers that use OpenSSL.
Since the definition of HIGH, MEDIUM, LOW, and EXPORT can vary
between each version of OpenSSL, it is recommended that the following be
used to give the best guarantee for strong encryption:
SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
For Windows systems running Internet Information Server (IIS), refer to the
following Knowledge Base article for disabling certain cryptographic
algorithms and protocols: http://support.microsoft.com/kb/245030.
Patches:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 24
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
http://support.microsoft.com/kb/245030
http://httpd.apache.org/docs/2.2/ssl/
10
SSL Anonymous DiffieHellman Ciphers
1.80
Low
Pass
Port:
tcp/21
Anonymous Diffie-Hellman ciphers do not authenticate the server during
the key exchange. This approach is vulnerable to man-in-the-middle
attacks, in which the attacker conducts anonymous Diffie-Hellman
exchanges with both parties.
CVSSv2:
Service:
AV:A/AC:H/Au:N/C:P/I:N/A:N
pureftpd:pure-ftpd
Reference:
http://www.schneier.com/paper-ssl.pdf
Evidence:
Cipher Suite: SSLv3 : ADH-AES256-SHA
Cipher Suite: SSLv3 : ADH-DES-CBC3-SHA
Cipher Suite: SSLv3 : ADH-AES128-SHA
Cipher Suite: SSLv3 : ADH-RC4-MD5
Cipher Suite: TLSv1 : ADH-AES256-SHA
Cipher Suite: TLSv1 : ADH-DES-CBC3-SHA
Cipher Suite: TLSv1 : ADH-AES128-SHA
Cipher Suite: TLSv1 : ADH-RC4-MD5
Remediation:
Configure your SSL server to only use higher-grade encryption. OpenSSL
servers classify encryption algorithms as HIGH, MEDIUM, LOW and
EXPORT strength. Algorithms classified as HIGH all use
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 25
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
128-bit encryption or higher, as do several that are classified as MEDIUM.
The "SSLCipherSuite" configuration item for mod_ssl and Apache2 can be
used to control encryption algorithms for web servers that use OpenSSL.
Since the definition of HIGH, MEDIUM, LOW, and EXPORT can vary
between each version of OpenSSL, it is recommended that the following be
used to give the best guarantee for strong encryption:
SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
For Windows systems running Internet Information Server (IIS), refer to the
following Knowledge Base article for disabling certain cryptographic
algorithms and protocols: http://support.microsoft.com/kb/245030.
Patches:
http://support.microsoft.com/kb/245030
http://httpd.apache.org/docs/2.2/ssl/
11
TCP Timestamp Options
Enabled
0.00
Info
Pass
Port:
tcp/21
The remote service supports TCP Timestamps, which are detailed in
RFC1323. This information can potentially be used to discover the uptime
of the remote system.
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
pureftpd:pure-ftpd
Reference:
http://www.ietf.org/rfc/rfc1323.txt
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 26
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
Evidence:
Timestamp: 1045232544
Remediation:
If you are concerned about the exposure of uptime of your systems, disable
support for TCP Timestamps, if possible. This would be vendor specific.
12
FTP Server Supports AUTH
TLS (STARTTLS)
0.00
Info
Pass
Port:
tcp/21
The FTP service running on this host supports encryption using the AUTH
TLS command.
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
pureftpd:pure-ftpd
Reference:
http://en.wikipedia.org/wiki/STARTTLS
Evidence:
Message: 234 AUTH TLS OK.
Remediation:
No remediation necessary. This is identified for informational purposes.
13
SSL Certificate Common
Name Does Not Validate
0.00
Info
Pass
Port:
tcp/21
This SSL certificate has a common name (CN) that does not appear to
match the identity of the server. Modern browsers may
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 27
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
present a warning to users who attempt to browse this service as it is
currently configured. Note that in some networks in which load balancers
are used, it may not be possible for the scanner to perform this test
correctly.
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
pureftpd:pure-ftpd
Evidence:
Subject: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy Software
Inc./OU=Hosting/CN=p3nlhftpg008.shr.prod.phx3.secureserver.net
Issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy Software
Inc./OU=Hosting/CN=p3nlhftpg008.shr.prod.phx3.secureserver.net
Certificate Chain Depth: 0
Hostnames provided to scanner: www.seatsmarketplace.com,
97.74.181.130
Subject CN: p3nlhftpg008.shr.prod.phx3.secureserver.net
Remediation:
Check your certificate to ensure it is installed on the correct service. Verify
that you have added the domain name or fully qualified virtual host name of
the system to your Network Questionnaire. Additionally, check your DNS
servers to ensure that the domain name is properly mapped to the correct
IP address.
14
SSL Certificate is SelfSigned
0.00
Info
Pass
Port:
tcp/21
This SSL certificate appears to be issued by a private Certificate
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 28
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
Authority (CA). Users will likely receive a security warning if their client
software (e.g., web browser) does not trust the issuer of the certificate.
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
pureftpd:pure-ftpd
Evidence:
Subject: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy Software
Inc./OU=Hosting/CN=p3nlhftpg008.shr.prod.phx3.secureserver.net
Issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy Software
Inc./OU=Hosting/CN=p3nlhftpg008.shr.prod.phx3.secureserver.net
Certificate Chain Depth: 0
Remediation:
If this certificate is associated with a service accessible to the general
public, you may want to consider acquiring a certificate from a well-known
CA.
15
SSL Certificate is Not
Trusted
0.00
Info
Pass
Port:
tcp/21
It was not possible to validate the SSL certificate, and thus it could not be
trusted. Users may receive a security warning when using this service. This
occurs because either the certificate or a certificate in its chain has issues
that prevent validation. Some examples of these issues are, but not limited
to, a certificate having expired, the hostname does not have match the
name on the certificate, or the certificate is not signed by a well-known
Certificate Authority (CA).
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 29
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
pureftpd:pure-ftpd
Evidence:
Subject: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy Software
Inc./OU=Hosting/CN=p3nlhftpg008.shr.prod.phx3.secureserver.net
Issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy Software
Inc./OU=Hosting/CN=p3nlhftpg008.shr.prod.phx3.secureserver.net
Certificate Chain Depth: 0
Reason: The hostname on the certificate does not match any of the
hostnames provided to the scanner.
Reason: The leaf certificate is self-signed but is not trusted.
Remediation:
If this certificate is associated with a service accessible to the general
public, you may want to consider acquiring a certificate from a well-known
CA, and that it is not expired.
16
SSL Perfect Forward
Secrecy Supported
0.00
Info
Pass
Port:
tcp/21
The server supports Ephemeral Diffie-Hellman ciphers for the SSL/TLS key
exchange phase. Using this algorithm enforces Forward Secrecy for secure
communications with the server.
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
pureftpd:pure-ftpd
Evidence:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 30
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
Cipher Suite: SSLv3 : DHE-RSA-AES256-SHA
Cipher Suite: SSLv3 : ADH-AES256-SHA
Cipher Suite: SSLv3 : EDH-RSA-DES-CBC3-SHA
Cipher Suite: SSLv3 : ADH-DES-CBC3-SHA
Cipher Suite: SSLv3 : DHE-RSA-AES128-SHA
Cipher Suite: SSLv3 : ADH-AES128-SHA
Cipher Suite: SSLv3 : ADH-RC4-MD5
Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : ADH-AES256-SHA
Cipher Suite: TLSv1 : EDH-RSA-DES-CBC3-SHA
Cipher Suite: TLSv1 : ADH-DES-CBC3-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : ADH-AES128-SHA
Cipher Suite: TLSv1 : ADH-RC4-MD5
Remediation:
No remediation is necessary.
17
CVE-2014-3566
SSLv3 Supported
0.00
Info
Pass
Port:
tcp/21
This server supports a version of SSL vulnerable to a padding-oracle
attack.
An attack, commonly known as "Padding Oracle On Downgraded Legacy
Encryption" ("POODLE"), takes advantage of this vulnerability to gain
access to sensitive information. Because SSLv3 CBC padding is not
deterministic, an attacker performing a man-in-the-middle attack could be
able to retrieve clear-text data by exploiting this flaw.
CVE:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
CVE-2014-3566
Copyright 2014 Trustwave, All Rights Reserved
Page 31
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
NVD:
CVSSv2:
Service:
CVE-2014-3566
AV:N/AC:L/Au:N/C:N/I:N/A:N
pureftpd:pure-ftpd
Reference:
https://www.openssl.org/~bodo/ssl-poodle.pdf
Evidence:
Cipher Suite: SSLv3 : DHE-RSA-AES256-SHA
Cipher Suite: SSLv3 : ADH-AES256-SHA
Cipher Suite: SSLv3 : AES256-SHA
Cipher Suite: SSLv3 : EDH-RSA-DES-CBC3-SHA
Cipher Suite: SSLv3 : ADH-DES-CBC3-SHA
Cipher Suite: SSLv3 : DES-CBC3-SHA
Cipher Suite: SSLv3 : DHE-RSA-AES128-SHA
Cipher Suite: SSLv3 : ADH-AES128-SHA
Cipher Suite: SSLv3 : AES128-SHA
Cipher Suite: SSLv3 : ADH-RC4-MD5
Cipher Suite: SSLv3 : RC4-SHA
Cipher Suite: SSLv3 : RC4-MD5
Remediation:
The server should be configured to disable SSLv3. Although the latest
versions of all major web browsers support newer versions than SSLv3 by
default, disabling it may prevent old services from connecting to the server
if they only support SSLv3.
18
Enumerated SSL/TLS
Cipher Suites
0.00
Info
Pass
Port:
tcp/21
The finding reports the SSL cipher suites for each SSL/TLS service
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 32
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
version provided by the remote service. This finding does not represent a
vulnerability, but is only meant to provide visibility into the behavior and
configuration of the remote SSL/TLS service.
The information provided as part of this finding includes the SSL version
(ex: TLSv1) as well as the name of the cipher suite (ex: RC4-SHA).
A cipher suite is a set of cryptographic algorithms that provide
authentication, encryption, and message authentication code (MAC) as part
of an SSL/TLS negotiation and through the lifetime of the SSL session. It is
typical that an SSL service would support multiple cipher suites. A cipher
suite can be supported by across multiple SSL/TLS versions, so you should
be of no concern to see the same cipher name reported for multiple
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
pureftpd:pure-ftpd
Reference:
http://www.openssl.org/docs/apps/ciphers.html
Evidence:
Cipher Suite: SSLv3 : DHE-RSA-AES256-SHA
Cipher Suite: SSLv3 : ADH-AES256-SHA
Cipher Suite: SSLv3 : AES256-SHA
Cipher Suite: SSLv3 : EDH-RSA-DES-CBC3-SHA
Cipher Suite: SSLv3 : ADH-DES-CBC3-SHA
Cipher Suite: SSLv3 : DES-CBC3-SHA
Cipher Suite: SSLv3 : DHE-RSA-AES128-SHA
Cipher Suite: SSLv3 : ADH-AES128-SHA
Cipher Suite: SSLv3 : AES128-SHA
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 33
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
Cipher Suite: SSLv3 : ADH-RC4-MD5
Cipher Suite: SSLv3 : RC4-SHA
Cipher Suite: SSLv3 : RC4-MD5
Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : ADH-AES256-SHA
Cipher Suite: TLSv1 : AES256-SHA
Cipher Suite: TLSv1 : EDH-RSA-DES-CBC3-SHA
Cipher Suite: TLSv1 : ADH-DES-CBC3-SHA
Cipher Suite: TLSv1 : DES-CBC3-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : ADH-AES128-SHA
Cipher Suite: TLSv1 : AES128-SHA
Cipher Suite: TLSv1 : ADH-RC4-MD5
Cipher Suite: TLSv1 : RC4-SHA
Cipher Suite: TLSv1 : RC4-MD5
Remediation:
No remediation is necessary.
19
CVE-2013-2566
SSL RC4-based Ciphers
Supported
0.00
Info
Pass
Port:
tcp/21
An attack is possible when using RC4-based ciphers that takes advantage
of single-byte biases within the RC4 algorithm, that could make it easier for
remote attackers to conduct plaintext-recovery attacks via statistical
analysis of cipher text in a larger number of sessions (i.e. millions of
sessions) that use the same plain text.
CVE:
NVD:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
CVE-2013-2566
CVE-2013-2566
Copyright 2014 Trustwave, All Rights Reserved
Page 34
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
CVSSv2:
Service:
AV:N/AC:H/Au:N/C:P/I:N/A:N
pureftpd:pure-ftpd
Evidence:
Cipher Suite: SSLv3 : ADH-RC4-MD5
Cipher Suite: SSLv3 : RC4-SHA
Cipher Suite: SSLv3 : RC4-MD5
Cipher Suite: TLSv1 : ADH-RC4-MD5
Cipher Suite: TLSv1 : RC4-SHA
Cipher Suite: TLSv1 : RC4-MD5
Remediation:
As the attack exploits RC4-based ciphers, SSL may be configured on
servers to disable RC4 ciphers.
20
CVE-2011-3389
SSL Vulnerable to CBC
Attacks
0.00
Info
Pass
Port:
tcp/21
This server supports a version of SSL vulnerable to a Cipher Block
Chaining (CBC) attack. When using a block-based cipher with SSLv2,
SSLv3 or TLS v1.0, it is possible to perform a cryptographic attack called a
chosen-plaintext attack. An attack, commonly known as "Browser Exploit
Against SSL/TLS" ("BEAST") takes advantage of this vulnerability in how
the browser sets up SSL/TLS connections (e.g. for HTTPS), and may allow
an attacker to decrypt the SSL/TLS connection to gain access to sensitive
information. Although, the BEAST attack is the only known exploit, other
services not related to web servers (e.g. IMAP) may also be vulnerable to
such attack.
CVE:
NVD:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
CVE-2011-3389
CVE-2011-3389
Copyright 2014 Trustwave, All Rights Reserved
Page 35
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
Bugtraq:
CVSSv2:
Service:
49778
AV:N/AC:L/Au:N/C:N/I:N/A:N
pureftpd:pure-ftpd
Reference:
http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslciphersuite
http://support.microsoft.com/kb/2643584
http://technet.microsoft.com/en-us/security/advisory/2588513
Evidence:
Cipher Suite: SSLv3 : DHE-RSA-AES256-SHA
Cipher Suite: SSLv3 : ADH-AES256-SHA
Cipher Suite: SSLv3 : AES256-SHA
Cipher Suite: SSLv3 : EDH-RSA-DES-CBC3-SHA
Cipher Suite: SSLv3 : ADH-DES-CBC3-SHA
Cipher Suite: SSLv3 : DES-CBC3-SHA
Cipher Suite: SSLv3 : DHE-RSA-AES128-SHA
Cipher Suite: SSLv3 : ADH-AES128-SHA
Cipher Suite: SSLv3 : AES128-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : ADH-AES256-SHA
Cipher Suite: TLSv1 : AES256-SHA
Cipher Suite: TLSv1 : EDH-RSA-DES-CBC3-SHA
Cipher Suite: TLSv1 : ADH-DES-CBC3-SHA
Cipher Suite: TLSv1 : DES-CBC3-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : ADH-AES128-SHA
Cipher Suite: TLSv1 : AES128-SHA
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 36
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
Remediation:
The server should be configured to allow only TLS versions 1.1 and 1.2,
which are not vulnerable to this CBC attack. Although the latest versions of
all major web browsers support TLS 1.1 and 1.2 enabled by default,
disabling previous versions may prevent other services than HTTP from
connecting to the server if they do not support these versions of TLS.
21
Enumerated Applications
0.00
Info
Pass
Port:
tcp/21
The following applications have been enumerated on this device.
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
pureftpd:pure-ftpd
Evidence:
CPE: pureftpd:pure-ftpd
Version: unknown
Remediation:
No remediation is required.
22
SSHv2 Cipher Enumeration
0.00
Info
Pass
Port:
tcp/22
Trustkeeper was able to enumerate encryption ciphers available on an
SSHv2 server. This is expected functionality of an SSH server and only
represents an informational finding.
CVSSv2:
Service:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
AV:N/AC:L/Au:N/C:N/I:N/A:N
openssh:openssh
Copyright 2014 Trustwave, All Rights Reserved
Page 37
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
Evidence:
SSHv2 Key Exchange Algorithms: diffie-hellman-group-exchangesha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14sha1,diffie-hellman-group1-sha1
SSHv2 Server Host Key Exchange Algorithms: ssh-dss
SSHv2 Encryption Algorithms Client to Server: aes128-cbc,3descbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256ctr
SSHv2 Encryption Algorithms Server to Client: aes128-cbc,3descbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256ctr
SSHv2 MAC Algorithms Client to Server: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
SSHv2 MAC Algorithms Server to Client: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
SSHv2 Compression Algorithms Client to Server: none,[email protected]
SSHv2 Compression Algorithms Server to Client: none,[email protected]
SSHv2 Languages Client to Server:
SSHv2 Languages Server to Client:
Remediation:
No remediation in necessary for this finding.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 38
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
23
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
Enumerated Applications
0.00
Info
Pass
Port:
tcp/22
The following applications have been enumerated on this device.
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
openssh:openssh
Evidence:
CPE: openssh:openssh
Version: 5.1
Remediation:
No remediation is required.
24
TCP Timestamp Options
Enabled
0.00
Info
Pass
Port:
tcp/80
The remote service supports TCP Timestamps, which are detailed in
RFC1323. This information can potentially be used to discover the uptime
of the remote system.
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
apache:http_server
Reference:
http://www.ietf.org/rfc/rfc1323.txt
Evidence:
Timestamp: 838964397
Remediation:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 39
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
If you are concerned about the exposure of uptime of your systems, disable
support for TCP Timestamps, if possible. This would be vendor specific.
25
Enumerated Applications
0.00
Info
Pass
Port:
tcp/80
The following applications have been enumerated on this device.
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
apache:http_server
Evidence:
CPE: apache:http_server
Version: unknown
Remediation:
No remediation is required.
26
No X-FRAME-OPTIONS
Header
0.00
Info
Pass
Port:
tcp/80
This host does not appear to utilize the benefits that the X-FRAMEOPTIONS HTTP header element offers. This header may be implemented
to prevent pages on this system from being used in part of a click-jacking
scenario. The X-FRAME-OPTIONS header specifies what systems (if any)
are allowed to refer to pages on this system (when the page is to appear
within a HTML frame type of object).
CVSSv2:
Service:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
AV:N/AC:L/Au:N/C:N/I:N/A:N
apache:http_server
Copyright 2014 Trustwave, All Rights Reserved
Page 40
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
Reference:
https://www.owasp.org/index.php/Clickjacking#X-FRAME-OPTIONS
Remediation:
Consider utilizing the X-FRAME-OPTIONS header option to prevent clickjacking type of attacks.
27
Discovered Web Directories
0.00
Info
Pass
Port:
tcp/80
It was possible to guess one or more directories contained in the publicly
accessible path of this web server.
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
apache:http_server
Evidence:
URL:
http://www.seatsmarketplace.com:80/stats/
HTTP Response Code: 401
URL:
http://www.seatsmarketplace.com:80/icons/
HTTP Response Code: 200
Remediation:
Review these directories and verify that there is no unintentional content
made available to remote users.
28
Discovered HTTP Methods
0.00
Info
Pass
Port:
tcp/80
Requesting the allowed HTTP OPTIONS from this host shows which HTTP
protocol methods are supported by its web server. Note
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 41
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
that, in some cases, this information is not reported by the web server
accurately.
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
apache:http_server
Evidence:
URL:
http://www.seatsmarketplace.com/icons/
Methods: GET, HEAD, POST, OPTIONS
Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.
29
Protected Web Page
0.00
Info
Pass
Port:
tcp/80
The web server requires authentication for some resources. Several
authentication types are available such as: 1) Basic is the most simplistic
and sends credentials in clear text 2) NTLM can be used for single sign on
in a Microsoft environment, but it cannot be used on both a proxy and the
web server 3) Digest is a cryptographically strong scheme but credentials
can still be brute forced or discovered through dictionary attacks. Note that
this list is limited to ten instances of this finding.
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
apache:http_server
Evidence:
Protected Webpage: http://www.seatsmarketplace.com:80/stats/
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 42
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
Authentication Type: basic
Authentication Realm: realm="seatsmarketplace.com Statistics"
Remediation:
Confirm that the authentication in use is appropriate.
30
Enumerated SSL/TLS
Cipher Suites
0.00
Info
Pass
Port:
tcp/443
The finding reports the SSL cipher suites for each SSL/TLS service version
provided by the remote service. This finding does not represent a
vulnerability, but is only meant to provide visibility into the behavior and
configuration of the remote SSL/TLS service.
The information provided as part of this finding includes the SSL version
(ex: TLSv1) as well as the name of the cipher suite (ex: RC4-SHA).
A cipher suite is a set of cryptographic algorithms that provide
authentication, encryption, and message authentication code (MAC) as part
of an SSL/TLS negotiation and through the lifetime of the SSL session. It is
typical that an SSL service would support multiple cipher suites. A cipher
suite can be supported by across multiple SSL/TLS versions, so you should
be of no concern to see the same cipher name reported for multiple
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
apache:http_server
Reference:
http://www.openssl.org/docs/apps/ciphers.html
Evidence:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 43
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : AES256-SHA
Cipher Suite: TLSv1 : CAMELLIA256-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-DES-CBC3-SHA
Cipher Suite: TLSv1 : DES-CBC3-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : AES128-SHA
Cipher Suite: TLSv1 : SEED-SHA
Cipher Suite: TLSv1 : CAMELLIA128-SHA
Cipher Suite: TLSv1 : IDEA-CBC-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-RC4-SHA
Cipher Suite: TLSv1 : RC4-SHA
Cipher Suite: TLSv1_1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1_1 : AES256-SHA
Cipher Suite: TLSv1_1 : CAMELLIA256-SHA
Cipher Suite: TLSv1_1 : ECDHE-RSA-DES-CBC3-SHA
Cipher Suite: TLSv1_1 : DES-CBC3-SHA
Cipher Suite: TLSv1_1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1_1 : AES128-SHA
Cipher Suite: TLSv1_1 : SEED-SHA
Cipher Suite: TLSv1_1 : CAMELLIA128-SHA
Cipher Suite: TLSv1_1 : IDEA-CBC-SHA
Cipher Suite: TLSv1_1 : ECDHE-RSA-RC4-SHA
Cipher Suite: TLSv1_1 : RC4-SHA
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-SHA384
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1_2 : AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : AES256-SHA256
Cipher Suite: TLSv1_2 : AES256-SHA
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 44
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
Cipher Suite: TLSv1_2 : CAMELLIA256-SHA
Cipher Suite: TLSv1_2 : ECDHE-RSA-DES-CBC3-SHA
Cipher Suite: TLSv1_2 : DES-CBC3-SHA
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-GCM-SHA256
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-SHA256
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1_2 : AES128-GCM-SHA256
Cipher Suite: TLSv1_2 : AES128-SHA256
Cipher Suite: TLSv1_2 : AES128-SHA
Cipher Suite: TLSv1_2 : SEED-SHA
Cipher Suite: TLSv1_2 : CAMELLIA128-SHA
Cipher Suite: TLSv1_2 : IDEA-CBC-SHA
Cipher Suite: TLSv1_2 : ECDHE-RSA-RC4-SHA
Cipher Suite: TLSv1_2 : RC4-SHA
Remediation:
No remediation is necessary.
31
CVE-2013-2566
SSL RC4-based Ciphers
Supported
0.00
Info
Pass
Port:
tcp/443
An attack is possible when using RC4-based ciphers that takes advantage
of single-byte biases within the RC4 algorithm, that could make it easier for
remote attackers to conduct plaintext-recovery attacks via statistical
analysis of cipher text in a larger number of sessions (i.e. millions of
sessions) that use the same plain text.
CVE:
NVD:
CVSSv2:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
CVE-2013-2566
CVE-2013-2566
AV:N/AC:H/Au:N/C:P/I:N/A:N
Copyright 2014 Trustwave, All Rights Reserved
Page 45
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
Service:
apache:http_server
Evidence:
Cipher Suite: TLSv1 : ECDHE-RSA-RC4-SHA
Cipher Suite: TLSv1 : RC4-SHA
Cipher Suite: TLSv1_1 : ECDHE-RSA-RC4-SHA
Cipher Suite: TLSv1_1 : RC4-SHA
Cipher Suite: TLSv1_2 : ECDHE-RSA-RC4-SHA
Cipher Suite: TLSv1_2 : RC4-SHA
Remediation:
As the attack exploits RC4-based ciphers, SSL may be configured on
servers to disable RC4 ciphers.
32
CVE-2011-3389
SSL Vulnerable to CBC
Attacks
0.00
Info
Pass
Port:
tcp/443
This server supports a version of SSL vulnerable to a Cipher Block
Chaining (CBC) attack. When using a block-based cipher with SSLv2,
SSLv3 or TLS v1.0, it is possible to perform a cryptographic attack called a
chosen-plaintext attack. An attack, commonly known as "Browser Exploit
Against SSL/TLS" ("BEAST") takes advantage of this vulnerability in how
the browser sets up SSL/TLS connections (e.g. for HTTPS), and may allow
an attacker to decrypt the SSL/TLS connection to gain access to sensitive
information. Although, the BEAST attack is the only known exploit, other
services not related to web servers (e.g. IMAP) may also be vulnerable to
such attack.
CVE:
NVD:
Bugtraq:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
CVE-2011-3389
CVE-2011-3389
49778
Copyright 2014 Trustwave, All Rights Reserved
Page 46
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
apache:http_server
Reference:
http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslciphersuite
http://support.microsoft.com/kb/2643584
http://technet.microsoft.com/en-us/security/advisory/2588513
Evidence:
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : AES256-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-DES-CBC3-SHA
Cipher Suite: TLSv1 : DES-CBC3-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : AES128-SHA
Cipher Suite: TLSv1 : IDEA-CBC-SHA
Remediation:
The server should be configured to allow only TLS versions 1.1 and 1.2,
which are not vulnerable to this CBC attack. Although the latest versions of
all major web browsers support TLS 1.1 and 1.2 enabled by default,
disabling previous versions may prevent other services than HTTP from
connecting to the server if they do not support these versions of TLS.
33
Enumerated Applications
0.00
Info
Pass
Port:
tcp/443
The following applications have been enumerated on this device.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 47
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
apache:http_server
Evidence:
CPE: apache:http_server
Version: unknown
Remediation:
No remediation is required.
34
No X-FRAME-OPTIONS
Header
0.00
Info
Pass
Port:
tcp/443
This host does not appear to utilize the benefits that the X-FRAMEOPTIONS HTTP header element offers. This header may be implemented
to prevent pages on this system from being used in part of a click-jacking
scenario. The X-FRAME-OPTIONS header specifies what systems (if any)
are allowed to refer to pages on this system (when the page is to appear
within a HTML frame type of object).
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
apache:http_server
Reference:
https://www.owasp.org/index.php/Clickjacking#X-FRAME-OPTIONS
Remediation:
Consider utilizing the X-FRAME-OPTIONS header option to prevent clickjacking type of attacks.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 48
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
35
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
Robots.txt
0.00
Info
Pass
Port:
tcp/443
Some Web Servers use a file called /robot(s).txt to make search engines
and any other indexing tools visit their WebPages more frequently and
more efficiently. By connecting to the server and requesting the /robot(s).txt
file, an attacker may gain additional information about the system they are
attacking. Such information as, restricted directories, hidden directories, cgi
script directories and etc.
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
apache:http_server
Evidence:
Request: GET /robots.txt HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: 97.74.181.130
Content-Type: text/html
Content-Length: 0
Response: HTTP/1.1 200 OK
Date: Sat, 13 Dec 2014 14:56:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, precheck=0
Pragma: no-cache
X-Pingback: https://seatsmarketplace.com/xmlrpc.php
Set-Cookie: PHPSESSID=e9ujd29n3eup495c3r2lt0l5r1; path=/
Set-Cookie: wfvt_-2124291146=548c53a36d70d; expires=Sat,
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 49
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
CVE Number
Vulnerability
CVSS
Score
Severity
Compliance
Status
Details
13-Dec-2014 15:26:35 GMT; path=/; httponly
Vary: Accept-Encoding
Connection: close
Transfer-Encoding: chunked
Content-Type: text/plain; charset=utf-8
Status code: equals '200'
Body: matched "Disallow:"
Remediation:
Take special care not to tell the robots not to index sensitive directories,
since this tells attackers exactly which of your directories are sensitive.
36
Enumerated Hostnames
0.00
Info
Pass
This list contains all hostnames discovered during the scan that are
believed to belong to this host.
CVSSv2:
AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
Hostname: seatsmarketplace.com, Source: SSL Certificate Subject
Common Name
Hostname: seatsmarketplace.com, Source: SSL Certificate Subject
subjectAltName DNS
Hostname: www.seatsmarketplace.com, Source: SSL Certificate Subject
subjectAltName DNS
Hostname: p3nlhftpg008.shr.prod.phx3.secureserver.net, Source: SSL
Certificate Subject Common Name
Remediation:
No action is required.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 50
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
97.74.181.130 (www.seatsmarketplace.com)
#
37
CVE Number
Vulnerability
Remote Access Service
Detected
CVSS
Score
Severity
Compliance
Status
0.00
Info
Pass
Details
Policy Violation
Port:
tcp/22
One or more remote access services were detected on the remote host. As
defined by the PCI ASV Program Guide: "remote access software includes,
but is not limited to: VPN (IPSec, PPTP, SSL), pcAnywhere, VNC,
Microsoft Terminal Server, remote web-based administration, ssh, Telnet."
CVSSv2:
Service:
AV:N/AC:L/Au:N/C:N/I:N/A:N
openssh:openssh
Remediation:
Note to scan customer: Due to increased risk to the cardholder data
environment when remote access software is present, please 1) justify the
business need for this software to the ASV and 2) confirm it is either
implemented securely per Appendix C or disabled/ removed. Please
consult your ASV if you have questions about this Special Note.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 51
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
Part 5a. Web Servers
It is important to pay special attention to the security of your Web servers. This section provides a convenient list of all of the Web servers found in the course of the network
scan based on the locations you specified in your scan setup. Information profiled includes the server type (e.g., Microsoft IIS or Apache) and the title of the default Web page.
Some tips for using this information are below.
• You should ensure that all Web servers listed in this section are authorized and intended to be running in your network since many systems will inadvertently be configured
with some type of Web server when they are installed.
• In addition, many network devices (e.g., routers, switches and print servers) may have Web-based management interfaces of which you may not have been aware. Whenever
possible, unused Web interfaces should be disabled or, at a minimum, password protected.
• Review the "Port" column and make sure that any sites that should be secure are using port 443 (HTTPS, or "Secure Web") to encrypt the web sessions.
Special Note: If you are using load balancers for your web sites to spread the web traffic across multiple servers, it is your responsibility to ensure that the configuration of the
environment behind your load balancers is synchronized, or to ensure that the environment is scanned as part of the internal vulnerability scans required by PCI DSS.
#
1
2
System IP
Address
97.74.181.130
(www.seatsmarke
tplace.com)
97.74.181.130
(www.seatsmarke
tplace.com)
Domain Name
Port
Server Type
ip-97-74-181-130.ip.secureserver.net
tcp / 80
apache:http_server
ip-97-74-181-130.ip.secureserver.net
tcp / 443
apache:http_server
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Default Status and Title/Redirect
Copyright 2014 Trustwave, All Rights Reserved
Page 52
Report Date: 2014-12-21
Vulnerability Scan Report: Vulnerability Details
Part 5b. SSL Certificate Information
Several network services, most notably HTTPS ("Secure Web"), employ certificates which contain information about the service which can be used by connecting clients to
authenticate the identity of the server. For Web servers, the certificate is intended to authenticate the domain name (e.g., www.yoursite.com) of a web site. For example, a home
banking application should be run on a web server which provides a certificate to its clients' Web browsers proving that the web server they are connected to is actually the one
they intended to use.
In order to provide users with confidence in the site they are visiting, the certificate should be issued by a well-known certificate authority instead of self-generated. In some
cases, such as in a private network, self-generated certificates may be used; however, those users should have confidence in the internal issuing authority.
This table provides a summary of the certificates found in your network, including expiration date and issuer of each certificate.
#
Service
Common Name
Expires
Details
1
97.74.181.130 : 21 (ftp)
(www.seatsmarketplace.co
m)
p3nlhftpg008.shr.prod.phx3.secureserver.net
1/28/28 2:56 PM
Issued to: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy
Software
Inc./OU=Hosting/CN=p3nlhftpg008.shr.prod.phx3.secureserver.n
et
Issued by: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy
Software
Inc./OU=Hosting/CN=p3nlhftpg008.shr.prod.phx3.secureserver.n
et
2
97.74.181.130 : 443 (http)
(www.seatsmarketplace.co
m)
seatsmarketplace.com
3/7/16 1:49 PM
Issued to: /OU=Domain Control
Validated/CN=seatsmarketplace.com
Issued by: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com,
Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy
Secure Certificate Authority - G2
Fingerprint:F5:4D:FF:31:5D:E2:3C:D0:CA:4F:94:1E:0A:BF:29:0C
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,
distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and SEATS MARKETPLACE.
Copyright 2014 Trustwave, All Rights Reserved
Page 53