| List of hosts | ||
|
| [^] Back |
| 111.222.333.444 | |||||||||||||||||||||||
| |||||||||||||||||||||||
| [^] Back to 111.222.333.444 |
| Port general (0/udp) | [-/+] |
| Traceroute Information | |
|
Synopsis: It was possible to obtain traceroute information. Description: Makes a traceroute to the remote host. Risk factor: None Solution: n/a Plugin output: For your information, here is the traceroute from 111.222.333.443 to 111.222.333.444 : 111.222.333.443 111.222.333.444 Plugin ID: 10287 | |
| Nessus Scan Information | |
|
Synopsis: Information about the Nessus scan. Description: This script displays, for each tested host, information about the scan itself: - The version of the plugin set - The type of plugin feed (HomeFeed or ProfessionalFeed) - The version of the Nessus Engine - The port scanner(s) used - The port range scanned - The date of the scan - The duration of the scan - The number of hosts scanned in parallel - The number of checks done in parallel Risk factor: None Solution: n/a Plugin output: Information about this scan : Nessus version : 4.2.2 (Nessus 4.4.1 is available - consider upgrading) Plugin feed version : 201107111935 Type of plugin feed : ProfessionalFeed (Direct) Scanner IP : 111.222.333.443 Port scanner(s) : snmp_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : yes Optimize the test : yes CGI scanning : enabled Web application tests : disabled Max hosts : 4 Max checks : 3 Recv timeout : 4 Backports : None Scan Start Date : 2011/7/12 9:01 Scan duration : 149 sec Plugin ID: 19506 | |
| Device Type | |
|
Synopsis: It is possible to guess the remote device type. Description: Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc). Risk factor: None Solution: n/a Plugin output: Remote device type : printer Confidence level : 100 Plugin ID: 54615 | |
| OS Identification | |
|
Synopsis: It is possible to guess the remote operating system Description: Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...) it is possible to guess the name of the remote operating system in use, and sometimes its version Risk factor: None Solution: N/A Plugin output: Remote operating system : Xerox Printer Confidence Level : 100 Method : SNMP The remote host is running Xerox Printer Plugin ID: 11936 | |
| Ethernet Card Manufacturer Detection | |
|
Synopsis: The manufacturer can be deduced from the Ethernet OUI. Description: Each ethernet MAC address starts with a 24-bit 'Organizationally Unique Identifier'. These OUI are registered by IEEE. Risk factor: None See also: http://standards.ieee.org/faqs/OUI.html See also: http://standards.ieee.org/regauth/oui/index.shtml Solution: n/a Plugin output: The following card manufacturers were identified : 00:00:aa:bb:cc:dd : XEROX CORPORATION 00:00:aa:bb:cc:dd : XEROX CORPORATION Plugin ID: 35716 | |
| Ping the remote host | |
|
Synopsis: It was possible to identify the status of the remote host (alive or dead) Description: This plugin attempts to determine if the remote host is alive using one or more ping types : - An ARP ping, provided the host is on the local subnet and Nessus is running over ethernet. - An ICMP ping. - A TCP ping, in which the plugin sends to the remote host a packet with the flag SYN, and the host will reply with a RST or a SYN/ACK. - A UDP ping (DNS, RPC, NTP, etc). Risk factor: None Solution: n/a Plugin output: The remote host is up The remote host replied to a TCP SYN packet sent to port 139 with a RST,ACK packet Plugin ID: 10180 | |
| ICMP Timestamp Request Remote Date Disclosure | |
|
Synopsis: It is possible to determine the exact time set on the remote host. Description: The remote host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on your machine. This may help him to defeat all your time based authentication protocols. Risk factor: None Solution: Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). Plugin output: The difference between the local and remote clocks is 27172 seconds. Plugin ID: 10114 CVE: CVE-1999-0524 Other references: OSVDB:94, CWE:200 | |
| Port unknown (1024/udp) | [-/+] |
| Port scol? (1200/udp) | [-/+] |
| Port netbios-ns? (137/udp) | [-/+] |
| Port snmp (161/udp) | [-/+] |
| SNMP Agent Default Community Names | |
|
Synopsis: The community names of the remote SNMP server can be guessed. Description: It is possible to obtain the default community names of the remote SNMP server. An attacker may use this information to gain more knowledge about the remote host or to change the configuration of the remote system (if the default community allow such modifications). Risk factor: High CVSS Base Score:7.5 CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P Solution: Disable the SNMP service on the remote host if you do not use it, filter incoming UDP packets going to this port, or change the default community string. Plugin output: The remote SNMP server replies to the following default community strings : - private - public Plugin ID: 10264 CVE: CVE-1999-0186, CVE-1999-0254, CVE-1999-0516, CVE-1999-0517, CVE-2004-0311, CVE-2004-1474, CVE-2010-1574 BID: 177, 2112, 6825, 7081, 7212, 7317, 9681, 986, 10576, 11237, 41436 Other references: OSVDB:209, OSVDB:3985, OSVDB:5770, OSVDB:8076, OSVDB:10206, OSVDB:11964, OSVDB:58147, OSVDB:66120, IAVA:2001-B-0001 | |
| SNMP Agent Default Community Name (public) | |
|
Synopsis: The community name of the remote SNMP server can be guessed. Description: It is possible to obtain the default community name of the remote SNMP server. An attacker may use this information to gain more knowledge about the remote host, or to change the configuration of the remote system (if the default community allow such modifications). Risk factor: High CVSS Base Score:7.5 CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P Solution: Disable the SNMP service on the remote host if you do not use it, filter incoming UDP packets going to this port, or change the default community string. Plugin output: The remote SNMP server replies to the following default community string : public Plugin ID: 41028 CVE: CVE-1999-0517 BID: 2112 Other references: OSVDB:209 | |
| SNMP Query Routing Information Disclosure | |
|
Synopsis: The list of IP routes on the remote host can be obtained via SNMP. Description: It is possible to obtain the routing information on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.4.21 An attacker may use this information to gain more knowledge about the network topology. Risk factor: None Solution: Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Plugin output: 127.0.0.1/255.255.255.255 111.222.333.128/255.255.255.128 111.222.333.192/255.255.255.255 111.222.333.255/255.255.255.255 169.254.0.0/255.255.0.0 Plugin ID: 34022 | |
| SNMP Query Installed Software Disclosure | |
|
Synopsis: The list of software installed on the remote host can be obtained via SNMP. Description: It is possible to obtain the list of installed software on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.25.6.3.1.2 An attacker may use this information to gain more knowledge about the target host. Risk factor: None Solution: Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Plugin output: PhaserHD Plugin ID: 19763 | |
| SNMP Request Network Interfaces Enumeration | |
|
Synopsis: The list of network interfaces cards of the remote host can be obtained via SNMP. Description: It is possible to obtain the list of the network interfaces installed on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.2.1.0 An attacker may use this information to gain more knowledge about the target host. Risk factor: None Solution: Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Plugin output: Interface 1 information : ifIndex : 1 ifDescr : Xerox Phaser 7750DN v(5.0.2/24.46.05.11.2005/3.9.0/5.66) Ethernet Interface 100 Mbps RRW330952 ifPhysAddress : 0000aabbccdd Interface 2 information : ifIndex : 2 ifDescr : Xerox Phaser 7750DN v(5.0.2/24.46.05.11.2005/3.9.0/5.66) Ethernet Interface 100 Mbps RRW330952 ifPhysAddress : 0000aabbccdd Plugin ID: 10551 | |
| SNMP Query System Information Disclosure | |
|
Synopsis: The System Information of the remote host can be obtained via SNMP. Description: It is possible to obtain the system information about the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.1.1. An attacker may use this information to gain more knowledge about the target host. Risk factor: None Solution: Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Plugin output: System information : sysDescr : Xerox Phaser 7750DN;PS 5.0.2,Net 24.46.05.11.2005,Eng 3.9.0,OS 5.66;SN SSX441063 sysObjectID : 1.3.6.1.4.1.253.8.62.1.19.5.3.2 sysUptime : 0d 10h 29m 29s sysContact : sysName : Zachary (Color) Phaser 7750 sysLocation : sysServices : 72 Plugin ID: 10800 | |
| SNMP Supported Protocols Detection | |
|
Synopsis: This plugin reports all the protocol versions successfully negotiated with the remote SNMP agent. Description: Extend the SNMP settings data already gathered by testing for\ SNMP versions other than the highest negotiated. Risk factor: None Solution: n/a Plugin output: This host supports SNMP version SNMPv1. Plugin ID: 40448 | |
| SNMP Protocol Version Detection | |
|
Synopsis: This plugin reports the protocol version negotiated with the remote SNMP agent. Description: By sending an SNMP 'get-next-request', it is possible to determine the protocol version of the remote SNMP agent. Risk factor: None See also: http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol Solution: Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Plugin output: Nessus has negotiated SNMP communications at SNMPv1. Plugin ID: 35296 | |
| Nessus SNMP Scanner | |
|
Synopsis: SNMP information is enumerated to learn about other open ports. Description: This plugin runs an SNMP scan against the remote machine to find open ports. See the section 'plugins options' to configure it Risk factor: None Solution: n/a Plugin output: Nessus snmp scanner was able to retrieve the open port list with the community name: public It found 6 open TCP ports and 10 open UDP ports Plugin ID: 14274 | |
| Port snmptrap? (162/udp) | [-/+] |
| Port ssdp? (1900/udp) | [-/+] |
| Port fjicl-tep-a? (1901/udp) | [-/+] |
| Port ftp (21/tcp) | [-/+] |
| FTP Privileged Port Bounce Scan | |
|
Synopsis: The remote FTP server is vulnerable to a FTP server bounce attack. Description: It is possible to force the remote FTP server to connect to third parties using the PORT command. The problem allows intruders to use your network resources to scan other hosts, making them think the attack comes from your network. Risk factor: High CVSS Base Score:7.5 CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P See also: http://archives.neohapsis.com/archives/bugtraq/1995_3/0047.html See also: http://archives.neohapsis.com/archives/bugtraq/2002-10/0367.html See also: http://www.cert.org/advisories/CA-1997-27.html Solution: See the CERT advisory in the references for solutions and workarounds . Plugin output: The following command, telling the server to connect to 169.254.195.180 on port 10794: PORT 169,254,195,180,42,42 produced the following output: 200 PORT command successful. Plugin ID: 10081 CVE: CVE-1999-0017 BID: 126 Other references: OSVDB:71 | |
| Multiple Vendor Embedded FTP Service Any Username Authentication Bypass | |
|
Synopsis: A random username and password can be used to authenticate to the remote FTP server. Description: The FTP server running on the remote host can be accessed using a random username and password. Nessus has enabled some countermeasures to prevent other plugins from reporting vulnerabilities incorrectly because of this. Risk factor: Medium CVSS Base Score:5.0 CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N Solution: Contact the FTP server's documentation so that the service handles authentication requests properly. Plugin ID: 10990 Other references: OSVDB:813 | |
| Anonymous FTP Enabled | |
|
Synopsis: Anonymous logins are allowed on the remote FTP server. Description: This FTP service allows anonymous logins. Any remote user may connect and authenticate without providing a password or unique credentials. This allows a user to access any files made available on the FTP server. Risk factor: Medium CVSS Base Score:5.0 CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N Solution: Disable anonymous FTP if it is not required. Routinely check the FTP server to ensure sensitive content is not available. Plugin output: The contents of the remote FTP root are : [.] Plugin ID: 10079 CVE: CVE-1999-0497 Other references: OSVDB:69 | |
| FTP Server Detection | |
|
Synopsis: An FTP server is listening on this port. Description: It is possible to obtain the banner of the remote FTP server by connecting to the remote port. Risk factor: None Solution: N/A Plugin output: The remote FTP banner is : 220 FTP server ready. Plugin ID: 10092 | |
| Service Detection | |
|
Synopsis: The remote service could be identified. Description: It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Risk factor: None Solution: n/a Plugin output: An FTP server is running on this port. Plugin ID: 22964 | |
| Port slp (427/tcp) | [-/+] |
| SLP Server Detection (UDP) | |
|
Synopsis: The remote server supports the Service Location Protocol. Description: The remote server understands Service Location Protocol (SLP), a protocol that allows network applications to discover the existence, location, and configuration of various services in an enterprise network environment. A server that understands SLP can either be a service agent (SA), which knows the location of various services, or a directory agent (DA), which acts as a central repository for service location information. Risk factor: None See also: http://www.ietf.org/rfc/rfc2608.txt Solution: Limit incoming traffic to this port if desired. Plugin output: An SLP Service Agent is listening on this port. In addition, Nessus was able to learn that the agent knows about the following services : service:printer:ipp service:printer:lpr service:printer:raw-tcp Plugin ID: 23778 | |
| SLP Server Detection (TCP) | |
|
Synopsis: The remote server supports the Service Location Protocol. Description: The remote server understands Service Location Protocol (SLP), a protocol that allows network applications to discover the existence, location, and configuration of various services in an enterprise network environment. A server that understands SLP can either be a service agent (SA), which knows the location of various services, or a directory agent (DA), which acts as a central repository for service location information. Risk factor: None See also: http://www.ietf.org/rfc/rfc2608.txt Solution: Limit incoming traffic to this port if desired. Plugin output: An SLP Service Agent is listening on this port. In addition, Nessus was able to learn that the agent knows about the following services : service:printer:ipp service:printer:lpr service:printer:raw-tcp Plugin ID: 23777 | |
| Port lpd (515/tcp) | [-/+] |
| Service Detection | |
|
Synopsis: The remote service could be identified. Description: It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Risk factor: None Solution: n/a Plugin output: An LPD (Line Printer Daemon) server is running on this port. Plugin ID: 22964 | |
| Port mdns (5353/udp) | [-/+] |
| mDNS Detection | |
|
Synopsis: It is possible to obtain information about the remote host. Description: The remote service understands the Bonjour (also known as ZeroConf or mDNS) protocol, which allows anyone to uncover information from the remote host such as its operating system type and exact version, its hostname, and the list of services it is running. Risk factor: Medium CVSS Base Score:5.0 CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N Solution: Filter incoming traffic to UDP port 5353 if desired. Plugin output: Nessus was able to extract the following information : - mDNS hostname : Zachary.local. Plugin ID: 12218 | |
| Port www (631/tcp) | [-/+] |
| Web Server Generic XSS | |
|
Synopsis: The remote web server is prone to cross-site scripting attacks. Description: The remote host is running a web server that fails to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. Risk factor: Medium CVSS Base Score:4.3 CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N See also: http://en.wikipedia.org/wiki/Cross-site_scripting Solution: Contact the vendor for a patch or upgrade. Plugin output: The request string used to detect this flaw was : /<script>cross_site_scripting.nasl</script>.asp The output was : HTTP/1.1 404 Not Found Content-Type: text/html Transfer-Encoding: chunked Server: Allegro-Software-RomPager/4.10 Connection: close <body> <h1>Object Not Found</h1> The requested URL '/<script>cross_site_scripting.nasl</script>.asp' was not found on the RomPager server.<p> Return to <A HREF="">last page</A><p> Plugin ID: 10815 CVE: CVE-2002-1700, CVE-2003-1543, CVE-2005-2453, CVE-2006-1681 BID: 5011, 5305, 7344, 7353, 8037, 14473, 17408 Other references: OSVDB:18525, OSVDB:24469, OSVDB:42314, OSVDB:4989, OSVDB:58976, CWE:79, CWE:80, CWE:81, CWE:83, CWE:20, CWE:74, CWE:442, CWE:712, CWE:722, CWE:725, CWE:811, CWE:751, CWE:801, CWE:116 | |
| HTTP Methods Allowed (per directory) | |
|
Synopsis: This plugin determines which HTTP methods are allowed on various CGI directories. Description: By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities. Risk factor: None Solution: n/a Plugin output: Based on the response to an OPTIONS request : - HTTP methods HEAD POST PUT GET are allowed on : / Plugin ID: 43111 | |
| HTTP Server Type and Version | |
|
Synopsis: A web server is running on the remote host. Description: This plugin attempts to determine the type and the version of the remote web server. Risk factor: None Solution: n/a Plugin output: The remote web server type is : Allegro-Software-RomPager/4.10 Plugin ID: 10107 | |
| Service Detection | |
|
Synopsis: The remote service could be identified. Description: It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Risk factor: None Solution: n/a Plugin output: A web server is running on this port. Plugin ID: 22964 | |
| Port www (80/tcp) | [-/+] |
| Web Server Generic XSS | |
|
Synopsis: The remote web server is prone to cross-site scripting attacks. Description: The remote host is running a web server that fails to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. Risk factor: Medium CVSS Base Score:4.3 CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N See also: http://en.wikipedia.org/wiki/Cross-site_scripting Solution: Contact the vendor for a patch or upgrade. Plugin output: The request string used to detect this flaw was : /<script>cross_site_scripting.nasl</script>.asp The output was : HTTP/1.1 404 Not Found Content-Type: text/html Transfer-Encoding: chunked Server: Allegro-Software-RomPager/4.10 Connection: close <body> <h1>Object Not Found</h1> The requested URL '/<script>cross_site_scripting.nasl</script>.asp' was not found on the RomPager server.<p> Return to <A HREF="">last page</A><p> Plugin ID: 10815 CVE: CVE-2002-1700, CVE-2003-1543, CVE-2005-2453, CVE-2006-1681 BID: 5011, 5305, 7344, 7353, 8037, 14473, 17408 Other references: OSVDB:18525, OSVDB:24469, OSVDB:42314, OSVDB:4989, OSVDB:58976, CWE:79, CWE:80, CWE:81, CWE:83, CWE:20, CWE:74, CWE:442, CWE:712, CWE:722, CWE:725, CWE:811, CWE:751, CWE:801, CWE:116 | |
| HTTP Methods Allowed (per directory) | |
|
Synopsis: This plugin determines which HTTP methods are allowed on various CGI directories. Description: By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities. Risk factor: None Solution: n/a Plugin output: Based on the response to an OPTIONS request : - HTTP methods HEAD POST PUT GET are allowed on : / Plugin ID: 43111 | |
| HTTP Server Type and Version | |
|
Synopsis: A web server is running on the remote host. Description: This plugin attempts to determine the type and the version of the remote web server. Risk factor: None Solution: n/a Plugin output: The remote web server type is : Allegro-Software-RomPager/4.10 Plugin ID: 10107 | |
| Service Detection | |
|
Synopsis: The remote service could be identified. Description: It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Risk factor: None Solution: n/a Plugin output: A web server is running on this port. Plugin ID: 22964 | |
| Port jetdirect (9100/tcp) | [-/+] |
| Printer Job Language (PJL) Detection | |
|
Synopsis: The remote service uses the PJL (Printer Job Language) protocol. Description: The remote service answered to a HP PJL request. This is indicates the remote device is probably a printer running JetDirect. Through PJL, users can submit printing jobs, transfer files to or from the printers, change some settings, etc... Risk factor: None See also: http://www.maths.usyd.edu.au/u/psz/ps.html See also: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=bpl04568 See also: http://h20000.www2.hp.com/bc/docs/support/SupportManual/bpl13208/bpl13208.pdf See also: http://h20000.www2.hp.com/bc/docs/support/SupportManual/bpl13207/bpl13207.pdf Solution: n/a Plugin output: The device INFO ID is: Xerox Phaser 7750DN Plugin ID: 25037 | |
| Port bacula-dir? (9101/udp) | [-/+] |
| [^] Back to 111.222.333.444 |