ascultimuzica.com/nessus

Nessus ReportNessus Scan Report

08/Aug/2013:13:22:55

HomeFeed: Commercial use of the report is prohibited

Any time Nessus is used in a commercial environment you MUST maintain an activesubscription to the ProfessionalFeed in order to be compliant with our license agreement:http://www.nessus.org/products/nessus-professionalfeed

http://www.nessus.org/products/nessus-professionalfeed

Table Of ContentsHosts Summary (Executive).................................................................................................3

•ascultimuzica.com........................................................................................................................................................4

Vulnerabilities By Host......................................................................................................... 6

•ascultimuzica.com........................................................................................................................................................7

Vulnerabilities By Plugin.....................................................................................................25

•58987 (1) - PHP Unsupported Version Detection.................................................................................................... 26

•57537 (1) - PHP < 5.3.9 Multiple Vulnerabilities...................................................................................................... 27

•58966 (1) - PHP < 5.3.11 Multiple Vulnerabilities.................................................................................................... 29

•58988 (1) - PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution.......................................................................31

•10079 (1) - Anonymous FTP Enabled......................................................................................................................32

•11213 (1) - HTTP TRACE / TRACK Methods Allowed............................................................................................ 33

•26194 (1) - Web Server Uses Plain Text Authentication Forms.............................................................................. 35

•34324 (1) - FTP Supports Clear Text Authentication............................................................................................... 36

•11219 (2) - Nessus SYN scanner.............................................................................................................................37

•10092 (1) - FTP Server Detection............................................................................................................................ 38

•10107 (1) - HTTP Server Type and Version............................................................................................................ 39

•10287 (1) - Traceroute Information...........................................................................................................................40

•10662 (1) - Web mirroring........................................................................................................................................ 41

•11032 (1) - Web Server Directory Enumeration.......................................................................................................42

•12053 (1) - Host Fully Qualified Domain Name (FQDN) Resolution........................................................................43

•19506 (1) - Nessus Scan Information.......................................................................................................................44

•21642 (1) - Session Initiation Protocol Detection..................................................................................................... 45

•22964 (1) - Service Detection...................................................................................................................................46

•24260 (1) - HyperText Transfer Protocol (HTTP) Information..................................................................................47

•39463 (1) - HTTP Server Cookies Set..................................................................................................................... 48

•42057 (1) - Web Server Allows Password Auto-Completion....................................................................................49

•43111 (1) - HTTP Methods Allowed (per directory)................................................................................................. 50

•45590 (1) - Common Platform Enumeration (CPE)..................................................................................................51

•46180 (1) - Additional DNS Hostnames................................................................................................................... 52

•49704 (1) - External URLs........................................................................................................................................53

•50350 (1) - OS Identification Failed..........................................................................................................................54

•59861 (1) - Remote web server screenshot.............................................................................................................55

•66334 (1) - Patch Report..........................................................................................................................................56

Hosts Summary (Executive)

4

ascultimuzica.comSummary

Critical High Medium Low Info Total

1 3 2 2 20 28

Details

Severity Plugin Id Name

Critical (10.0) 58987 PHP Unsupported Version Detection

High (8.3) 58988 PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution

High (7.5) 57537 PHP < 5.3.9 Multiple Vulnerabilities

High (7.5) 58966 PHP < 5.3.11 Multiple Vulnerabilities

Medium (5.0) 10079 Anonymous FTP Enabled

Medium (4.3) 11213 HTTP TRACE / TRACK Methods Allowed

Low (2.6) 26194 Web Server Uses Plain Text Authentication Forms

Low (2.6) 34324 FTP Supports Clear Text Authentication

Info 10092 FTP Server Detection

Info 10107 HTTP Server Type and Version

Info 10287 Traceroute Information

Info 10662 Web mirroring

Info 11032 Web Server Directory Enumeration

Info 11219 Nessus SYN scanner

Info 12053 Host Fully Qualified Domain Name (FQDN) Resolution

Info 19506 Nessus Scan Information

Info 21642 Session Initiation Protocol Detection

Info 22964 Service Detection

Info 24260 HyperText Transfer Protocol (HTTP) Information

Info 39463 HTTP Server Cookies Set

Info 42057 Web Server Allows Password Auto-Completion

Info 43111 HTTP Methods Allowed (per directory)

Info 45590 Common Platform Enumeration (CPE)

Info 46180 Additional DNS Hostnames

Info 49704 External URLs

Info 50350 OS Identification Failed

http://www.nessus.org/plugins/index.php?view=single&id=58987


























5

Info 59861 Remote web server screenshot

Info 66334 Patch Report



Vulnerabilities By Host

7

ascultimuzica.comScan Information

Start time: Thu Aug 8 13:13:20 2013

End time: Thu Aug 8 13:22:48 2013

Host Information

DNS Name: ascultimuzica.com

IP: 81.169.145.154

Results Summary

Critical High Medium Low Info Total

1 3 2 2 21 29

Results Details0/tcp12053 - Host Fully Qualified Domain Name (FQDN) ResolutionSynopsis

It was possible to resolve the name of the remote host.

Description

Nessus was able to resolve the FQDN of the remote host.

Solution

n/a

Risk Factor

None

Plugin Information:

Publication date: 2004/02/11, Modification date: 2012/09/28

Portstcp/0

81.169.145.154 resolves as ascultimuzica.com.

46180 - Additional DNS HostnamesSynopsis

Potential virtual hosts have been detected.

Description

Hostnames different from the current hostname have been collected by miscellaneous plugins. Different web serversmay be hosted on name- based virtual hosts.

See Also

http://en.wikipedia.org/wiki/Virtual_hosting

Solution

If you want to test them, re-scan using the special vhost syntax, such as :www.example.com[192.0.32.10]

Risk Factor

None

Plugin Information:


Portstcp/0

The following hostnames point to the remote host:


8

- www.ascultimuzica.com

50350 - OS Identification FailedSynopsis

It was not possible to determine the remote operating system.

Description

Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc), it was possible to gather one or morefingerprints from the remote system. Unfortunately, though, Nessus does not currently know how to use them toidentify the overall system.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/0

Help us improve OS fingerprinting by sending the followingsignatures to : [email protected] Be sure to include a brief description of the device itself, such asthe actual operating system or product / model names. HTTP:!:Server: Apache/2.2.25 (Unix)SinFP:!: P1:B11113:F0x12:W1608:O0:M0: P2:B11113:F0x12:W4236:O0204ffff0103030004020000:M1412: P3:B00000:F0x00:W0:O0:M0 P4:5200_7_p=21R

45590 - Common Platform Enumeration (CPE)Synopsis

It is possible to enumerate CPE names that matched on the remote system.

Description

By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matchesfor various hardware and software products found on a host.Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on theinformation available from the scan.

See Also

http://cpe.mitre.org/

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/0

Following application CPE's matched on the remote system : cpe:/a:apache:http_server:2.2.25 -> Apache Software Foundation Apache HTTP Server 2.2.25 cpe:/a:php:php:5.2.17 -> PHP 5.2.17

66334 - Patch Report


9

Synopsis

The remote host is missing several patches

Description

The remote host is missing one or several security patches.This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.

Solution

Install the patches listed below

Risk Factor

None

Plugin Information:


Portstcp/0

. You need to take the following action:[ PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution (58988) ] + Action to take: Upgrade to PHP version 5.3.12 / 5.4.2 or later. A 'mod_rewrite' workaround is available as well. + Impact: Taking this action will resolve 11 different vulnerabilities (CVEs).

19506 - Nessus Scan InformationSynopsis

Information about the Nessus scan.

Description

This script displays, for each tested host, information about the scan itself :- The version of the plugin set- The type of plugin feed (HomeFeed or ProfessionalFeed)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/0

Information about this scan : Nessus version : 5.2.1Plugin feed version : 201308080515Type of plugin feed : HomeFeed (Non-commercial use only)Scanner IP : 192.168.1.3Port scanner(s) : nessus_syn_scanner Port range : 1-65535Thorough tests : no

10

Experimental tests : noParanoia level : 1Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : NoneCGI scanning : enabledWeb application tests : disabledMax hosts : 80Max checks : 5Recv timeout : 5Backports : NoneAllow post-scan editing: YesScan Start Date : 2013/8/8 13:13Scan duration : 564 sec

0/udp10287 - Traceroute InformationSynopsis

It was possible to obtain traceroute information.

Description

Makes a traceroute to the remote host.

Solution

n/a

Risk Factor

None

Plugin Information:


Portsudp/0

For your information, here is the traceroute from 192.168.1.3 to 81.169.145.154 : 192.168.1.3192.168.1.189.121.147.25410.0.225.4910.0.245.20110.0.240.23880.81.193.11081.169.144.3481.169.145.154

21/tcp10079 - Anonymous FTP EnabledSynopsis

Anonymous logins are allowed on the remote FTP server.

Description

This FTP service allows anonymous logins. Any remote user may connect and authenticate without providing apassword or unique credentials. This allows a user to access any files made available on the FTP server.

Solution

Disable anonymous FTP if it is not required. Routinely check the FTP server to ensure sensitive content is notavailable.

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

References

CVE CVE-1999-0497

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0497

11

XREF OSVDB:69

Plugin Information:


Portstcp/2134324 - FTP Supports Clear Text AuthenticationSynopsis

Authentication credentials might be intercepted.

Description

The remote FTP server allows the user's name and password to be transmitted in clear text, which could beintercepted by a network sniffer or a man-in-the-middle attack.

Solution

Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In the latter case, configure the server so thatcontrol connections are encrypted.

Risk Factor

Low

CVSS Base Score

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

References

XREF CWE:522

XREF CWE:523

Plugin Information:


Portstcp/21

This FTP server does not support 'AUTH TLS'.

11219 - Nessus SYN scannerSynopsis

It is possible to determine which TCP ports are open.

Description

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution

Protect your target with an IP filter.

Risk Factor

None

Plugin Information:


Portstcp/21

Port 21/tcp was found to be open

10092 - FTP Server DetectionSynopsis

An FTP server is listening on this port.

Description

http://osvdb.org/show/osvdb/69

http://cwe.mitre.org/data/definitions/522


12

It is possible to obtain the banner of the remote FTP server by connecting to the remote port.

Solution

N/A

Risk Factor

None

Plugin Information:


Portstcp/21

The remote FTP banner is : 220 Speak friend, and enter

80/tcp58987 - PHP Unsupported Version DetectionSynopsis

The remote host contains an unsupported version of a web application scripting language.

Description

According to its version, the installation of PHP on the remote host is no longer supported. As a result, it is likely tocontain security vulnerabilities.

See Also

https://wiki.php.net/rfc/releaseprocess

Solution

Upgrade to a version of PHP that is currently supported.

Risk Factor

Critical

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Plugin Information:


Portstcp/80

Source : X-Powered-By: PHP/5.2.17 Installed version : 5.2.17 End of support date : 2011/12/16 Announcement : http://www.php.net/archive/2010.php Supported versions : 5.3.x / 5.4.x

58966 - PHP < 5.3.11 Multiple VulnerabilitiesSynopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

According to its banner, the version of PHP installed on the remote host is earlier than 5.3.11, and as such ispotentially affected by multiple vulnerabilities :- During the import of environment variables, temporary changes to the 'magic_quotes_gpc' directive are not handledproperly. This can lower the difficulty for SQL injection attacks. (CVE-2012-0831)- The '$_FILES' variable can be corrupted because the names of uploaded files are not properly validated.(CVE-2012-1172)- The 'open_basedir' directive is not properly handled by the functions 'readline_write_history' and'readline_read_history'.- The 'header()' function does not detect multi-line headers with a CR. (Bug #60227 / CVE-2011-1398)

See Also


13

http://www.nessus.org/u?e81d4026

https://bugs.php.net/bug.php?id=61043



http://marc.info/?l=oss-security&m=134626481806571&w=2

http://www.php.net/archive/2012.php#id2012-04-26-1

http://www.php.net/ChangeLog-5.php#5.3.11

Solution

Upgrade to PHP version 5.3.11 or later.

Risk Factor

High

CVSS Base Score

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Temporal Score


References

BID 51954

BID 53403

BID 55297

CVE CVE-2011-1398

CVE CVE-2012-0831

CVE CVE-2012-1172

XREF OSVDB:79017

XREF OSVDB:81791

XREF OSVDB:85086

Plugin Information:


Portstcp/80

Version source : X-Powered-By: PHP/5.2.17 Installed version : 5.2.17 Fixed version : 5.3.11

58988 - PHP < 5.3.12 / 5.4.2 CGI Query String Code ExecutionSynopsis

The remote web server uses a version of PHP that is affected by a remote code execution vulnerability.

Description

According to its banner, the version of PHP installed on the remote host is earlier than 5.3.12 / 5.4.2, and as such ispotentially affected by a remote code execution and information disclosure vulnerability.An error in the file 'sapi/cgi/cgi_main.c' can allow a remote attacker to obtain PHP source code from the web serveror to potentially execute arbitrary code. In vulnerable configurations, PHP treats certain query string parameters ascommand line arguments including switches such as '-s', '-d', and '-c'.








http://www.securityfocus.com/bid/51954









14

Note that this vulnerability is exploitable only when PHP is used in CGI-based configurations. Apache with 'mod_php'is not an exploitable configuration.

See Also

http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/





Solution

Upgrade to PHP version 5.3.12 / 5.4.2 or later. A 'mod_rewrite'workaround is available as well.

Risk Factor

High

CVSS Base Score

8.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:P/A:P)

CVSS Temporal Score


References

BID 53388

CVE CVE-2012-1823

XREF OSVDB:81633

XREF CERT:520827

Exploitable with

CANVAS (true)Core Impact (true)Metasploit (true)

Plugin Information:


Portstcp/80

Version source : X-Powered-By: PHP/5.2.17 Installed version : 5.2.17 Fixed version : 5.3.12 / 5.4.2

57537 - PHP < 5.3.9 Multiple VulnerabilitiesSynopsis

The remote web server uses a version of PHP that is affected by multiple flaws.

Description

According to its banner, the version of PHP installed on the remote host is older than 5.3.9. As such, it may beaffected by the following security issues :- The 'is_a()' function in PHP 5.3.7 and 5.3.8 triggers a call to '__autoload()'. (CVE-2011-3379)- It is possible to create a denial of service condition by sending multiple, specially crafted requests containingparameter values that cause hash collisions when computing the hash values for storage in a hash table.(CVE-2011-4885)- An integer overflow exists in the exif_process_IFD_TAG function in exif.c that can allow a remote attacker to readarbitrary memory locations or cause a denial of service condition. This vulnerability only affects PHP 5.4.0beta2 on 32-bit platforms. (CVE-2011-4566)- Calls to libxslt are not restricted via xsltSetSecurityPrefs(), which could allow an attacker to create or overwrite files,resulting in arbitrary code execution. (CVE-2012-0057)









15

- An error exists in the function 'tidy_diagnose' that can allow an attacker to cause the application to dereference a nullpointer. This causes the application to crash. (CVE-2012-0781)- The 'PDORow' implementation contains an error that can cause application crashes when interacting with thesession feature. (CVE-2012-0788)- An error exists in the timezone handling such that repeated calls to the function 'strtotime' can allow a denial ofservice attack via memory consumption.(CVE-2012-0789)

See Also

http://xhe.myxwiki.org/xwiki/bin/view/XSLT/Application_PHP5


http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html





Solution


Risk Factor

High

CVSS Base Score


CVSS Temporal Score


References

BID 49754

BID 50907

BID 51193

BID 51806

BID 51952

BID 51992

BID 52043

CVE CVE-2011-3379

CVE CVE-2011-4566

CVE CVE-2011-4885

CVE CVE-2012-0057

CVE CVE-2012-0781

CVE CVE-2012-0788

CVE CVE-2012-0789






















16

XREF OSVDB:75713

XREF OSVDB:77446

XREF OSVDB:78115

XREF OSVDB:78571

XREF OSVDB:78676

XREF OSVDB:79016

XREF OSVDB:79332

Plugin Information:


Portstcp/80


11213 - HTTP TRACE / TRACK Methods AllowedSynopsis

Debugging functions are enabled on the remote web server.

Description

The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods thatare used to debug web server connections.

See Also

http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf

http://www.apacheweek.com/issues/03-01-24

http://download.oracle.com/sunalerts/1000718.1.html

Solution

Disable these methods. Refer to the plugin output for more information.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Temporal Score


References

BID 9506

BID 9561

BID 11604

BID 33374

BID 37995

CVE CVE-2003-1567

















17

CVE CVE-2004-2320

CVE CVE-2010-0386

XREF OSVDB:877

XREF OSVDB:3726

XREF OSVDB:5648

XREF OSVDB:50485

XREF CERT:288308

XREF CERT:867593

XREF CWE:16

Exploitable with

Metasploit (true)

Plugin Information:


Portstcp/80

To disable these methods, add the following lines for each virtualhost in your configuration file : RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2support disabling the TRACE method natively via the 'TraceEnable'directive. Nessus sent the following TRACE request : ------------------------------ snip ------------------------------TRACE /Nessus1625581356.html HTTP/1.1Connection: CloseHost: ascultimuzica.comPragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*Accept-Language: enAccept-Charset: iso-8859-1,*,utf-8 ------------------------------ snip ------------------------------ and received the following response from the remote server : ------------------------------ snip ------------------------------HTTP/1.1 200 OKDate: Thu, 08 Aug 2013 10:19:09 GMTServer: Apache/2.2.25 (Unix)Keep-Alive: timeout=3, max=100Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: message/http TRACE /Nessus1625581356.html HTTP/1.1Connection: Keep-AliveHost: ascultimuzica.comPragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*








18

Accept-Language: enAccept-Charset: iso-8859-1,*,utf-8 ------------------------------ snip ------------------------------

26194 - Web Server Uses Plain Text Authentication FormsSynopsis

The remote web server might transmit credentials in cleartext.

Description

The remote web server contains several HTML form fields containing an input of type 'password' which transmit theirinformation to a remote web server in cleartext.An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of validusers.

Solution

Make sure that every sensitive form transmits content over HTTPS.

Risk Factor

Low

CVSS Base Score


References

XREF CWE:522

XREF CWE:523

XREF CWE:718

XREF CWE:724

Plugin Information:


Portstcp/80

Page : /Destination page : http://www.ascultimuzica.com/login.phpInput name : pass Page : /articlesDestination page : http://www.ascultimuzica.com/login.phpInput name : pass Page : /register.phpDestination page : register.htmlInput name : passInput name : confirm_pass Page : /test/Destination page : http://www.ascultimuzica.com/test/login.phpInput name : pass Page : /test/?D=ADestination page : http://www.ascultimuzica.com/test/login.phpInput name : pass

11219 - Nessus SYN scannerSynopsis


Description





19


Solution


Risk Factor

None

Plugin Information:


Portstcp/80


22964 - Service DetectionSynopsis

The remote service could be identified.

Description

It was possible to identify the remote service by its banner or by looking at the error message it sends when it receivesan HTTP request.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/80

A web server is running on this port.

11032 - Web Server Directory EnumerationSynopsis

It is possible to enumerate directories on the web server.

Description

This plugin attempts to determine the presence of various common directories on the remote web server. By sendinga request for a directory, the web server response code indicates if it is a valid directory or not.

See Also

http://projects.webappsec.org/Predictable-Resource-Location

Solution

n/a

Risk Factor

None

References

XREF OWASP:OWASP-CM-006

Plugin Information:


Portstcp/80

The following directories were discovered:/include, /test, /js, /templates, /uploads, /articles


20

While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with companysecurity standards

10662 - Web mirroringSynopsis

Nessus crawled the remote web site.

Description

This script makes a mirror of the remote web site(s) and extracts the list of CGIs that are used by the remote host.It is suggested that you change the number of pages to mirror in the 'Options' section of the client.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/80

The following CGI have been discovered : Syntax : cginame (arguments [default value]) /register.php (PHPSESSID [p86im77tsrvag1srm2hfsgn377] )/register.html (name [] gender [female] country [256] username [] pass [] confirm_pass...)/www.facebook.com/plugins/likebox.php (href [https://www.facebook.com/pages/Ascul%C8%9Bi-Muzic%C4%83/33421213...)

39463 - HTTP Server Cookies SetSynopsis

Some cookies have been set by the web server.

Description

HTTP cookies are pieces of information that are presented by web servers and are sent back by the browser.As HTTP is a stateless protocol, cookies are a possible mechanism to keep track of sessions.This plugin displays the list of the HTTP cookies that were set by the web server when it was crawled.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/80

path = /test/name = watched_video_listvalue = MzczLDIyLDk%3Dversion = 1expires = Fri, 09-Aug-2013 10:17:41 GMTsecure = 0httponly = 0 path = /name = watched_video_listvalue = Mzczversion = 1expires = Fri, 09-Aug-2013 10:17:39 GMTsecure = 0

21

httponly = 0 path = /name = PHPSESSIDvalue = p86im77tsrvag1srm2hfsgn377version = 1secure = 0httponly = 0

49704 - External URLsSynopsis

Links to external sites were gathered.

Description

Nessus gathered HREF links to external sites by crawling the remote web server.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/80

108 external URLs were gathered on this web server : URL... - Seen on... http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js - /http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js - /test/http://dj-darky.com/wp-content/uploads/2013/08/reclama-ta.png - /http://dj-darky.com/wp-content/uploads/2013/08/reclama_ta_aici.gif - /http://i.ytimg.com/vi/BpWM0FNPZSs/0.jpg - /test/http://i.ytimg.com/vi/TuBMXS6vU3o/0.jpg - /test/http://i1.ytimg.com/vi/N06t7jOt-po/0.jpg - /http://i1.ytimg.com/vi/PUz-GF3Espc/0.jpg - /http://i1.ytimg.com/vi/U26CMLWPT14/0.jpg - /http://i1.ytimg.com/vi/fAkFo_vA2zM/0.jpg - /http://i1.ytimg.com/vi/o9qe1gEMoWU/0.jpg - /http://images.top66.ro/vote/9.gif - /http://img.youtube.com/vi/1NtHGg558s0/mqdefault.jpg - /test/http://img.youtube.com/vi/4U8EMvwsXbY/mqdefault.jpg - /test/http://img.youtube.com/vi/5KyAJeut3pI/mqdefault.jpg - /test/http://img.youtube.com/vi/614SeKAPN_A/1.jpg - /http://img.youtube.com/vi/63Gb5mng6mg/mqdefault.jpg - /test/http://img.youtube.com/vi/6Y5GUWOZl7o/1.jpg - /http://img.youtube.com/vi/71jBcH_MXXc/mqdefault.jpg - /test/http://img.youtube.com/vi/9RMdehcw9Jo/1.jpg - /http://img.youtube.com/vi/CKvzkrcBDuM/mqdefault.jpg - /test/http://img.youtube.com/vi/CQ0xSySTl6I/mqdefault.jpg - /test/http://img.youtube.com/vi/DQfBJsDD30c/1.jpg - /http://img.youtube.com/vi/GwkbEhAvNRY/1.jpg - /http://img.youtube.com/vi/IezSOT-trR4/1.jpg - /http://img.youtube.com/vi/Levc-PFeUcg/mqdefault.jpg - /test/http://img.youtube.com/vi/LjwPZdj-z4A/mqdefault.jpg - /test/http://img.youtube.com/vi/LpwNwzypZQ4/mqdefault.jpg - /test/http://img.youtube.com/vi/NGka248okZU/1.jpg - /http://img.youtube.com/vi/OopYn4DnHfM/1.jpg - /http://img.youtube.com/vi/PxdqMd1fa80/1.jpg - /http://img.youtube.com/vi/QYU3SFL1ybw/1.jpg - /http://img.youtube.com/vi/R4UOteuzkjM/1.jpg - /http://img.youtube.com/vi/RH2lko-9M6g/mqdefault.jpg - /test/http://img.youtube.com/vi/X3yAmFb99z4/mqdefault.jpg - /test/http://img.youtube.com/vi/Xg5KjmSV [...]

42057 - Web Server Allows Password Auto-CompletionSynopsis

22

Auto-complete is not disabled on password fields.

Description

The remote web server contains at least HTML form field containing an input of type 'password' where 'autocomplete'is not set to 'off'.While this does not represent a risk to this web server per se, it does mean that users who use the affected forms mayhave their credentials saved in their browsers, which could in turn lead to a loss of confidentiality if any of them use ashared host or their machine is compromised at some point.

Solution

Add the attribute 'autocomplete=off' to these fields to prevent browsers from caching credentials.

Risk Factor

None

Plugin Information:


Portstcp/80

Page : /Destination Page : http://www.ascultimuzica.com/login.phpInput name : pass Page : /articlesDestination Page : http://www.ascultimuzica.com/login.phpInput name : pass Page : /register.phpDestination Page : register.htmlInput name : passInput name : confirm_pass

10107 - HTTP Server Type and VersionSynopsis

A web server is running on the remote host.

Description

This plugin attempts to determine the type and the version of the remote web server.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/80

The remote web server type is : Apache/2.2.25 (Unix) You can set the directive 'ServerTokens Prod' to limit the informationemanating from the server in its response headers.

43111 - HTTP Methods Allowed (per directory)

23

Synopsis

This plugin determines which HTTP methods are allowed on various CGI directories.

Description

By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests'is set to 'yes'in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receivesa response code of 400, 403, 405, or 501.Note that the plugin output is only informational and does not necessarily indicate the presence of any securityvulnerabilities.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/80

Based on the response to an OPTIONS request : - HTTP methods GET HEAD OPTIONS POST TRACE are allowed on : /include /js /templates /uploads /www.facebook.com/plugins

24260 - HyperText Transfer Protocol (HTTP) InformationSynopsis

Some information about the remote HTTP configuration can be extracted.

Description

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive andHTTP pipelining are enabled, etc...This test is informational only and does not denote any security problem.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/80

Protocol version : HTTP/1.1SSL : noKeep-Alive : yesOptions allowed : (Not implemented)Headers : Date: Thu, 08 Aug 2013 10:19:14 GMT Server: Apache/2.2.25 (Unix) X-Powered-By: PHP/5.2.17 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: watched_video_list=MTM5LDQ4; expires=Fri, 09-Aug-2013 10:19:14 GMT; path=/

24

Keep-Alive: timeout=3, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8

59861 - Remote web server screenshotSynopsis

It was possible to take a 'screenshot' of the remote web server.

Description

This test renders the view of the remote web site's main page, as seen from within a web browser.This test is informational only and does not denote any security problem.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/80

It was possible to gather the following screenshot of the remote web site.

5060/udp21642 - Session Initiation Protocol DetectionSynopsis

The remote system is a SIP signaling device.

Description

The remote system is running software that speaks the Session Initiation Protocol (SIP).SIP is a messaging protocol to initiate communication sessions between systems. It is a protocol used mostly in IPTelephony networks / systems to setup, control, and teardown sessions between two or more systems.

See Also

http://en.wikipedia.org/wiki/Session_Initiation_Protocol

Solution

If possible, filter incoming connections to the port so that it is used by trusted sources only.

Risk Factor

None

Plugin Information:


Portsudp/5060

Nessus found an unidentified SIP service.


Vulnerabilities By Plugin

26

58987 (1) - PHP Unsupported Version DetectionSynopsis

The remote host contains an unsupported version of a web application scripting language.

Description

According to its version, the installation of PHP on the remote host is no longer supported. As a result, it is likely tocontain security vulnerabilities.

See Also


Solution

Upgrade to a version of PHP that is currently supported.

Risk Factor

Critical

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Plugin Information:


Hostsascultimuzica.com (tcp/80)

Source : X-Powered-By: PHP/5.2.17 Installed version : 5.2.17 End of support date : 2011/12/16 Announcement : http://www.php.net/archive/2010.php Supported versions : 5.3.x / 5.4.x


27

57537 (1) - PHP < 5.3.9 Multiple VulnerabilitiesSynopsis

The remote web server uses a version of PHP that is affected by multiple flaws.

Description

According to its banner, the version of PHP installed on the remote host is older than 5.3.9. As such, it may beaffected by the following security issues :- The 'is_a()' function in PHP 5.3.7 and 5.3.8 triggers a call to '__autoload()'. (CVE-2011-3379)- It is possible to create a denial of service condition by sending multiple, specially crafted requests containingparameter values that cause hash collisions when computing the hash values for storage in a hash table.(CVE-2011-4885)- An integer overflow exists in the exif_process_IFD_TAG function in exif.c that can allow a remote attacker to readarbitrary memory locations or cause a denial of service condition. This vulnerability only affects PHP 5.4.0beta2 on 32-bit platforms. (CVE-2011-4566)- Calls to libxslt are not restricted via xsltSetSecurityPrefs(), which could allow an attacker to create or overwrite files,resulting in arbitrary code execution. (CVE-2012-0057)- An error exists in the function 'tidy_diagnose' that can allow an attacker to cause the application to dereference a nullpointer. This causes the application to crash. (CVE-2012-0781)- The 'PDORow' implementation contains an error that can cause application crashes when interacting with thesession feature. (CVE-2012-0788)- An error exists in the timezone handling such that repeated calls to the function 'strtotime' can allow a denial ofservice attack via memory consumption.(CVE-2012-0789)

See Also








Solution


Risk Factor

High

CVSS Base Score


CVSS Temporal Score


References

BID 49754

BID 50907

BID 51193

BID 51806

BID 51952













28

BID 51992

BID 52043

CVE CVE-2011-3379

CVE CVE-2011-4566

CVE CVE-2011-4885

CVE CVE-2012-0057

CVE CVE-2012-0781

CVE CVE-2012-0788

CVE CVE-2012-0789

XREF OSVDB:75713

XREF OSVDB:77446

XREF OSVDB:78115

XREF OSVDB:78571

XREF OSVDB:78676

XREF OSVDB:79016

XREF OSVDB:79332

Plugin Information:




















29

58966 (1) - PHP < 5.3.11 Multiple VulnerabilitiesSynopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

According to its banner, the version of PHP installed on the remote host is earlier than 5.3.11, and as such ispotentially affected by multiple vulnerabilities :- During the import of environment variables, temporary changes to the 'magic_quotes_gpc' directive are not handledproperly. This can lower the difficulty for SQL injection attacks. (CVE-2012-0831)- The '$_FILES' variable can be corrupted because the names of uploaded files are not properly validated.(CVE-2012-1172)- The 'open_basedir' directive is not properly handled by the functions 'readline_write_history' and'readline_read_history'.- The 'header()' function does not detect multi-line headers with a CR. (Bug #60227 / CVE-2011-1398)

See Also








Solution


Risk Factor

High

CVSS Base Score


CVSS Temporal Score


References

BID 51954

BID 53403

BID 55297

CVE CVE-2011-1398

CVE CVE-2012-0831

CVE CVE-2012-1172

XREF OSVDB:79017

XREF OSVDB:81791

XREF OSVDB:85086

Plugin Information:

















30




31

58988 (1) - PHP < 5.3.12 / 5.4.2 CGI Query String Code ExecutionSynopsis

The remote web server uses a version of PHP that is affected by a remote code execution vulnerability.

Description

According to its banner, the version of PHP installed on the remote host is earlier than 5.3.12 / 5.4.2, and as such ispotentially affected by a remote code execution and information disclosure vulnerability.An error in the file 'sapi/cgi/cgi_main.c' can allow a remote attacker to obtain PHP source code from the web serveror to potentially execute arbitrary code. In vulnerable configurations, PHP treats certain query string parameters ascommand line arguments including switches such as '-s', '-d', and '-c'.Note that this vulnerability is exploitable only when PHP is used in CGI-based configurations. Apache with 'mod_php'is not an exploitable configuration.

See Also






Solution

Upgrade to PHP version 5.3.12 / 5.4.2 or later. A 'mod_rewrite'workaround is available as well.

Risk Factor

High

CVSS Base Score


CVSS Temporal Score


References

BID 53388

CVE CVE-2012-1823

XREF OSVDB:81633

XREF CERT:520827

Exploitable with

CANVAS (true)Core Impact (true)Metasploit (true)

Plugin Information:



Version source : X-Powered-By: PHP/5.2.17 Installed version : 5.2.17 Fixed version : 5.3.12 / 5.4.2









32

10079 (1) - Anonymous FTP EnabledSynopsis

Anonymous logins are allowed on the remote FTP server.

Description

This FTP service allows anonymous logins. Any remote user may connect and authenticate without providing apassword or unique credentials. This allows a user to access any files made available on the FTP server.

Solution

Disable anonymous FTP if it is not required. Routinely check the FTP server to ensure sensitive content is notavailable.

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

References

CVE CVE-1999-0497

XREF OSVDB:69

Plugin Information:





33

11213 (1) - HTTP TRACE / TRACK Methods AllowedSynopsis

Debugging functions are enabled on the remote web server.

Description

The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods thatare used to debug web server connections.

See Also




Solution

Disable these methods. Refer to the plugin output for more information.

Risk Factor

Medium

CVSS Base Score


CVSS Temporal Score


References

BID 9506

BID 9561

BID 11604

BID 33374

BID 37995

CVE CVE-2003-1567

CVE CVE-2004-2320

CVE CVE-2010-0386

XREF OSVDB:877

XREF OSVDB:3726

XREF OSVDB:5648

XREF OSVDB:50485

XREF CERT:288308

XREF CERT:867593

XREF CWE:16

Exploitable with

Metasploit (true)

Plugin Information:

















34



To disable these methods, add the following lines for each virtualhost in your configuration file : RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2support disabling the TRACE method natively via the 'TraceEnable'directive. Nessus sent the following TRACE request : ------------------------------ snip ------------------------------TRACE /Nessus1625581356.html HTTP/1.1Connection: CloseHost: ascultimuzica.comPragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*Accept-Language: enAccept-Charset: iso-8859-1,*,utf-8 ------------------------------ snip ------------------------------ and received the following response from the remote server : ------------------------------ snip ------------------------------HTTP/1.1 200 OKDate: Thu, 08 Aug 2013 10:19:09 GMTServer: Apache/2.2.25 (Unix)Keep-Alive: timeout=3, max=100Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: message/http TRACE /Nessus1625581356.html HTTP/1.1Connection: Keep-AliveHost: ascultimuzica.comPragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*Accept-Language: enAccept-Charset: iso-8859-1,*,utf-8 ------------------------------ snip ------------------------------

35

26194 (1) - Web Server Uses Plain Text Authentication FormsSynopsis

The remote web server might transmit credentials in cleartext.

Description

The remote web server contains several HTML form fields containing an input of type 'password' which transmit theirinformation to a remote web server in cleartext.An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of validusers.

Solution

Make sure that every sensitive form transmits content over HTTPS.

Risk Factor

Low

CVSS Base Score


References

XREF CWE:522

XREF CWE:523

XREF CWE:718

XREF CWE:724

Plugin Information:



Page : /Destination page : http://www.ascultimuzica.com/login.phpInput name : pass Page : /articlesDestination page : http://www.ascultimuzica.com/login.phpInput name : pass Page : /register.phpDestination page : register.htmlInput name : passInput name : confirm_pass Page : /test/Destination page : http://www.ascultimuzica.com/test/login.phpInput name : pass Page : /test/?D=ADestination page : http://www.ascultimuzica.com/test/login.phpInput name : pass





36

34324 (1) - FTP Supports Clear Text AuthenticationSynopsis

Authentication credentials might be intercepted.

Description

The remote FTP server allows the user's name and password to be transmitted in clear text, which could beintercepted by a network sniffer or a man-in-the-middle attack.

Solution

Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In the latter case, configure the server so thatcontrol connections are encrypted.

Risk Factor

Low

CVSS Base Score


References

XREF CWE:522

XREF CWE:523

Plugin Information:



This FTP server does not support 'AUTH TLS'.



37

11219 (2) - Nessus SYN scannerSynopsis


Description


Solution


Risk Factor

None

Plugin Information:




ascultimuzica.com (tcp/80)


38

10092 (1) - FTP Server DetectionSynopsis

An FTP server is listening on this port.

Description

It is possible to obtain the banner of the remote FTP server by connecting to the remote port.

Solution

N/A

Risk Factor

None

Plugin Information:



The remote FTP banner is : 220 Speak friend, and enter

39

10107 (1) - HTTP Server Type and VersionSynopsis

A web server is running on the remote host.

Description

This plugin attempts to determine the type and the version of the remote web server.

Solution

n/a

Risk Factor

None

Plugin Information:



The remote web server type is : Apache/2.2.25 (Unix) You can set the directive 'ServerTokens Prod' to limit the informationemanating from the server in its response headers.

40

10287 (1) - Traceroute InformationSynopsis

It was possible to obtain traceroute information.

Description

Makes a traceroute to the remote host.

Solution

n/a

Risk Factor

None

Plugin Information:


Hostsascultimuzica.com (udp/0)

For your information, here is the traceroute from 192.168.1.3 to 81.169.145.154 : 192.168.1.3192.168.1.189.121.147.25410.0.225.4910.0.245.20110.0.240.23880.81.193.11081.169.144.3481.169.145.154

41

10662 (1) - Web mirroringSynopsis

Nessus crawled the remote web site.

Description

This script makes a mirror of the remote web site(s) and extracts the list of CGIs that are used by the remote host.It is suggested that you change the number of pages to mirror in the 'Options' section of the client.

Solution

n/a

Risk Factor

None

Plugin Information:



The following CGI have been discovered : Syntax : cginame (arguments [default value]) /register.php (PHPSESSID [p86im77tsrvag1srm2hfsgn377] )/register.html (name [] gender [female] country [256] username [] pass [] confirm_pass...)/www.facebook.com/plugins/likebox.php (href [https://www.facebook.com/pages/Ascul%C8%9Bi-Muzic%C4%83/33421213...)

42

11032 (1) - Web Server Directory EnumerationSynopsis

It is possible to enumerate directories on the web server.

Description

This plugin attempts to determine the presence of various common directories on the remote web server. By sendinga request for a directory, the web server response code indicates if it is a valid directory or not.

See Also


Solution

n/a

Risk Factor

None

References

XREF OWASP:OWASP-CM-006

Plugin Information:



The following directories were discovered:/include, /test, /js, /templates, /uploads, /articles While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with companysecurity standards


43

12053 (1) - Host Fully Qualified Domain Name (FQDN) ResolutionSynopsis

It was possible to resolve the name of the remote host.

Description

Nessus was able to resolve the FQDN of the remote host.

Solution

n/a

Risk Factor

None

Plugin Information:



81.169.145.154 resolves as ascultimuzica.com.

44

19506 (1) - Nessus Scan InformationSynopsis

Information about the Nessus scan.

Description

This script displays, for each tested host, information about the scan itself :- The version of the plugin set- The type of plugin feed (HomeFeed or ProfessionalFeed)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel

Solution

n/a

Risk Factor

None

Plugin Information:



Information about this scan : Nessus version : 5.2.1Plugin feed version : 201308080515Type of plugin feed : HomeFeed (Non-commercial use only)Scanner IP : 192.168.1.3Port scanner(s) : nessus_syn_scanner Port range : 1-65535Thorough tests : noExperimental tests : noParanoia level : 1Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : NoneCGI scanning : enabledWeb application tests : disabledMax hosts : 80Max checks : 5Recv timeout : 5Backports : NoneAllow post-scan editing: YesScan Start Date : 2013/8/8 13:13Scan duration : 564 sec

45

21642 (1) - Session Initiation Protocol DetectionSynopsis

The remote system is a SIP signaling device.

Description

The remote system is running software that speaks the Session Initiation Protocol (SIP).SIP is a messaging protocol to initiate communication sessions between systems. It is a protocol used mostly in IPTelephony networks / systems to setup, control, and teardown sessions between two or more systems.

See Also


Solution

If possible, filter incoming connections to the port so that it is used by trusted sources only.

Risk Factor

None

Plugin Information:


Hostsascultimuzica.com (udp/5060)

Nessus found an unidentified SIP service.


46

22964 (1) - Service DetectionSynopsis

The remote service could be identified.

Description

It was possible to identify the remote service by its banner or by looking at the error message it sends when it receivesan HTTP request.

Solution

n/a

Risk Factor

None

Plugin Information:



A web server is running on this port.

47

24260 (1) - HyperText Transfer Protocol (HTTP) InformationSynopsis

Some information about the remote HTTP configuration can be extracted.

Description

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive andHTTP pipelining are enabled, etc...This test is informational only and does not denote any security problem.

Solution

n/a

Risk Factor

None

Plugin Information:



Protocol version : HTTP/1.1SSL : noKeep-Alive : yesOptions allowed : (Not implemented)Headers : Date: Thu, 08 Aug 2013 10:19:14 GMT Server: Apache/2.2.25 (Unix) X-Powered-By: PHP/5.2.17 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: watched_video_list=MTM5LDQ4; expires=Fri, 09-Aug-2013 10:19:14 GMT; path=/ Keep-Alive: timeout=3, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8

48

39463 (1) - HTTP Server Cookies SetSynopsis

Some cookies have been set by the web server.

Description

HTTP cookies are pieces of information that are presented by web servers and are sent back by the browser.As HTTP is a stateless protocol, cookies are a possible mechanism to keep track of sessions.This plugin displays the list of the HTTP cookies that were set by the web server when it was crawled.

Solution

n/a

Risk Factor

None

Plugin Information:



path = /test/name = watched_video_listvalue = MzczLDIyLDk%3Dversion = 1expires = Fri, 09-Aug-2013 10:17:41 GMTsecure = 0httponly = 0 path = /name = watched_video_listvalue = Mzczversion = 1expires = Fri, 09-Aug-2013 10:17:39 GMTsecure = 0httponly = 0 path = /name = PHPSESSIDvalue = p86im77tsrvag1srm2hfsgn377version = 1secure = 0httponly = 0

49

42057 (1) - Web Server Allows Password Auto-CompletionSynopsis

Auto-complete is not disabled on password fields.

Description

The remote web server contains at least HTML form field containing an input of type 'password' where 'autocomplete'is not set to 'off'.While this does not represent a risk to this web server per se, it does mean that users who use the affected forms mayhave their credentials saved in their browsers, which could in turn lead to a loss of confidentiality if any of them use ashared host or their machine is compromised at some point.

Solution

Add the attribute 'autocomplete=off' to these fields to prevent browsers from caching credentials.

Risk Factor

None

Plugin Information:



Page : /Destination Page : http://www.ascultimuzica.com/login.phpInput name : pass Page : /articlesDestination Page : http://www.ascultimuzica.com/login.phpInput name : pass Page : /register.phpDestination Page : register.htmlInput name : passInput name : confirm_pass

50

43111 (1) - HTTP Methods Allowed (per directory)Synopsis

This plugin determines which HTTP methods are allowed on various CGI directories.

Description

By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests'is set to 'yes'in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receivesa response code of 400, 403, 405, or 501.Note that the plugin output is only informational and does not necessarily indicate the presence of any securityvulnerabilities.

Solution

n/a

Risk Factor

None

Plugin Information:



Based on the response to an OPTIONS request : - HTTP methods GET HEAD OPTIONS POST TRACE are allowed on : /include /js /templates /uploads /www.facebook.com/plugins

51

45590 (1) - Common Platform Enumeration (CPE)Synopsis

It is possible to enumerate CPE names that matched on the remote system.

Description

By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matchesfor various hardware and software products found on a host.Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on theinformation available from the scan.

See Also


Solution

n/a

Risk Factor

None

Plugin Information:



Following application CPE's matched on the remote system : cpe:/a:apache:http_server:2.2.25 -> Apache Software Foundation Apache HTTP Server 2.2.25 cpe:/a:php:php:5.2.17 -> PHP 5.2.17


52

46180 (1) - Additional DNS HostnamesSynopsis

Potential virtual hosts have been detected.

Description

Hostnames different from the current hostname have been collected by miscellaneous plugins. Different web serversmay be hosted on name- based virtual hosts.

See Also


Solution

If you want to test them, re-scan using the special vhost syntax, such as :www.example.com[192.0.32.10]

Risk Factor

None

Plugin Information:



The following hostnames point to the remote host: - www.ascultimuzica.com


53

49704 (1) - External URLsSynopsis

Links to external sites were gathered.

Description

Nessus gathered HREF links to external sites by crawling the remote web server.

Solution

n/a

Risk Factor

None

Plugin Information:



108 external URLs were gathered on this web server : URL... - Seen on... http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js - /http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js - /test/http://dj-darky.com/wp-content/uploads/2013/08/reclama-ta.png - /http://dj-darky.com/wp-content/uploads/2013/08/reclama_ta_aici.gif - /http://i.ytimg.com/vi/BpWM0FNPZSs/0.jpg - /test/http://i.ytimg.com/vi/TuBMXS6vU3o/0.jpg - /test/http://i1.ytimg.com/vi/N06t7jOt-po/0.jpg - /http://i1.ytimg.com/vi/PUz-GF3Espc/0.jpg - /http://i1.ytimg.com/vi/U26CMLWPT14/0.jpg - /http://i1.ytimg.com/vi/fAkFo_vA2zM/0.jpg - /http://i1.ytimg.com/vi/o9qe1gEMoWU/0.jpg - /http://images.top66.ro/vote/9.gif - /http://img.youtube.com/vi/1NtHGg558s0/mqdefault.jpg - /test/http://img.youtube.com/vi/4U8EMvwsXbY/mqdefault.jpg - /test/http://img.youtube.com/vi/5KyAJeut3pI/mqdefault.jpg - /test/http://img.youtube.com/vi/614SeKAPN_A/1.jpg - /http://img.youtube.com/vi/63Gb5mng6mg/mqdefault.jpg - /test/http://img.youtube.com/vi/6Y5GUWOZl7o/1.jpg - /http://img.youtube.com/vi/71jBcH_MXXc/mqdefault.jpg - /test/http://img.youtube.com/vi/9RMdehcw9Jo/1.jpg - /http://img.youtube.com/vi/CKvzkrcBDuM/mqdefault.jpg - /test/http://img.youtube.com/vi/CQ0xSySTl6I/mqdefault.jpg - /test/http://img.youtube.com/vi/DQfBJsDD30c/1.jpg - /http://img.youtube.com/vi/GwkbEhAvNRY/1.jpg - /http://img.youtube.com/vi/IezSOT-trR4/1.jpg - /http://img.youtube.com/vi/Levc-PFeUcg/mqdefault.jpg - /test/http://img.youtube.com/vi/LjwPZdj-z4A/mqdefault.jpg - /test/http://img.youtube.com/vi/LpwNwzypZQ4/mqdefault.jpg - /test/http://img.youtube.com/vi/NGka248okZU/1.jpg - /http://img.youtube.com/vi/OopYn4DnHfM/1.jpg - /http://img.youtube.com/vi/PxdqMd1fa80/1.jpg - /http://img.youtube.com/vi/QYU3SFL1ybw/1.jpg - /http://img.youtube.com/vi/R4UOteuzkjM/1.jpg - /http://img.youtube.com/vi/RH2lko-9M6g/mqdefault.jpg - /test/http://img.youtube.com/vi/X3yAmFb99z4/mqdefault.jpg - /test/http://img.youtube.com/vi/Xg5KjmSV [...]

54

50350 (1) - OS Identification FailedSynopsis

It was not possible to determine the remote operating system.

Description

Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc), it was possible to gather one or morefingerprints from the remote system. Unfortunately, though, Nessus does not currently know how to use them toidentify the overall system.

Solution

n/a

Risk Factor

None

Plugin Information:



Help us improve OS fingerprinting by sending the followingsignatures to : [email protected] Be sure to include a brief description of the device itself, such asthe actual operating system or product / model names. HTTP:!:Server: Apache/2.2.25 (Unix)SinFP:!: P1:B11113:F0x12:W1608:O0:M0: P2:B11113:F0x12:W4236:O0204ffff0103030004020000:M1412: P3:B00000:F0x00:W0:O0:M0 P4:5200_7_p=21R

55

59861 (1) - Remote web server screenshotSynopsis

It was possible to take a 'screenshot' of the remote web server.

Description

This test renders the view of the remote web site's main page, as seen from within a web browser.This test is informational only and does not denote any security problem.

Solution

n/a

Risk Factor

None

Plugin Information:



It was possible to gather the following screenshot of the remote web site.

56

66334 (1) - Patch ReportSynopsis

The remote host is missing several patches

Description

The remote host is missing one or several security patches.This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.

Solution

Install the patches listed below

Risk Factor

None

Plugin Information:



. You need to take the following action:[ PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution (58988) ] + Action to take: Upgrade to PHP version 5.3.12 / 5.4.2 or later. A 'mod_rewrite' workaround is available as well. + Impact: Taking this action will resolve 11 different vulnerabilities (CVEs).

ascultimuzica.com/nessus

Documents

Transcript of ascultimuzica.com/nessus