SANS Top 20 Critical Controls Report
Transcript of SANS Top 20 Critical Controls Report
-
8/12/2019 SANS Top 20 Critical Controls Report
1/107
SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
MELCARA - CODY HOME NETWORK
SANS Top 20 Critical
Controls ReportMay 7, 2013 at 7:43pm EDT[cody]
Confidential: The following report contains confidential information. Do not distribute, email, fax,or transfer via any electronic mechanism unless it has been approved by the recipient company'ssecurity policy. All copies and backups of this document should be saved on protected storage at alltimes. Do not share any of the information contained within this report with anyone unless they areauthorized to view the information. Violating any of the previous instructions is grounds for termination.
http://www.tenablesecurity.com/ -
8/12/2019 SANS Top 20 Critical Controls Report
2/107
-
8/12/2019 SANS Top 20 Critical Controls Report
3/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
Table of Contents
Tenable Network Security ii
Cisco Device Audit ....................... ......................... ........................ ........................ ........................ ......................... ........................ ........................ ........................ 33Juniper Device Audit .................. ........................ ........................ ......................... ........................ ........................ ........................ ........................ ......................... .. 34
SANS Control 11 - Control of Ports/Protocols/Services ............................................................................................35Host On Network ..................... ........................ ........................ ........................ ........................ ......................... ........................ ........................ ........................ .......36New Services ..................... ........................ ......................... ........................ ........................ ........................ ........................ ......................... ........................ ............ 39Port Scanner Identified Services ........................ ........................ ........................ ........................ ......................... ........................ ........................ ........................ ..42
SANS Control 12 Controlled Use of Administrator Privileges .......................................................................47User Added ........................ ........................ ......................... ........................ ........................ ........................ ......................... ........................ ........................ ............ 48User Changes ......................... ........................ ........................ ........................ ......................... ........................ ........................ ........................ ......................... ....... 49User Removal ............................................ ...................................................................................................................................................................................... 50New User Creation .......................................................... ........................ ........................ ......................... ........................ ........................ ........................ ............... 51
SANS Control 13 - Boundary Defense ............................................................................................................................................52Linked to Bot List ......................................................... ........................ ......................... ........................ ........................ ........................ ........................ ................. 53Web Site Linkedto Malicious Content ....................... ........................ ........................ ......................... .........................................................................................54Threatlist Intrusion ....................... ......................... ........................ ........................ ........................ ........................ ......................... ........................ ........................ .55Threatlist Statistics ..................... ........................ ........................ ......................... ........................ ........................ ........................ ......................... ........................ .. 56Firewall Anomaly Statistics ............................................................................................................................................................................................................57Connection Statistics ......................................................................................................................................................................................................................58Access Denied Anomaly Statistics ........................ ........................ ........................ ......................... ........................ ........................ ........................ ...................... 60Login Failure Large Anomaly Statistics .......................................................................................................................................................................................61
SANS Control 14 - Monitoring and Analysis of Logs ................................................................................................... 62Event Trend Summary ....................................................................................................................................................................................................................64Long Term Intrusion Activity ....................... ......................... ........................ .................................................................................................................................67Multiple System Crashes ........ ........................ ........................ ........................ ......................... ........................ ........................ ........................ ......................... ......68Long Term DNS Failures ........................ ........................ ........................ ........................ ......................... ........................ ........................ ........................ ...............69Long Term ErrorActivity ............................................................................................................................................................................................................... 71Long Term DOS Activity .............................. ........................ ........................ ........................ ......................... ........................ ........................ ........................ ......... 72
SANS Control 15 - Controlled Access/Data Leakage .................................................................................................... 73
-
8/12/2019 SANS Top 20 Critical Controls Report
4/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
Table of Contents
Tenable Network Security iii
SANS Control 16 - Account Monitoring and Control .....................................................................................................76Login Failure Events ................ ......................... ........................ ........................ ........................ ......................... ........................ ........................ ........................ .....77Password Guessing Intrusion Events ........................ ........................ ......................... ........................ ........................ ........................ ......................... ................ 80Successful Password Guessing Events ........................ ........................ ......................... ........................ ........................ ........................ ......................... .............81User Account Locked Out Events ..................... ......................... ........................ ........................ ........................ ......................... ........................ ........................ . 82Password Never Expires .................. ........................ ........................ ........................ ......................... ........................ ........................ ........................ ..................... 83Passwords Never Changed ........ ........................ ......................... ........................ ........................ ........................ ......................... ........................ ........................ ..84Account with Blank Password ....................... ......................... ........................ ........................ ........................ ......................... ........................ ........................ ..... 85Windows Administrator Default Password ........................ ........................ ........................ ......................... ........................ ........................ ........................ ......... 86
SANS Control 17 - Data Loss Prevention ...................................................................................................................................87Data Leakage ..................... ........................ ......................... ........................ ........................ ........................ ......................... ........................ ........................ ............ 88USB Device Usage ......................... ......................... ........................ ........................ ........................ ........................ ......................... ........................ ....................... 89Dropbox Software Detection ....... ........................ ......................... ........................ ........................ ........................ ......................... ........................ ........................ .90BitTorrent Activity ........................ ........................ ........................ ........................ ......................... ........................ ........................ ........................ ......................... . 91
SANS Control 20 - Penetration Testing/Exploits ................................................................................................................ 92Client Side Patch Related Vulnerabilities ....................... ........................ ........................ ......................... ........................ ........................ ........................ .............93Mobile Device Passive Vulnerabilities ..................... ........................ ........................ ......................... ........................ ........................ ........................ .................... 94Web Client Passive Vulnerabilities ....................... ....................... ...................... ........................ ........................ ........................ ......................... ........................ .. 95General Passive Vulnerabilities ...................... ......................... ......................................................................................................................................................97Port Range 1-1024 Passive Vulnerabilities ....................... ........................ ........................ ......................... ........................ ........................ ........................ ........ 100Port Range 1025-5000 Passive Vulnerabilities ........................ ........................ ........................ ........................ ........................ ......................... ........................ . 101Port Range 5001-10000 Passive Vulnerabilities ...................... ......................... ........................ ........................ ........................ ......................... ........................ 102Port Range 10000+ Passive Vulnerabilities ........................................ ........................ ........................ ......................... ........................ ........................ .............. 103
-
8/12/2019 SANS Top 20 Critical Controls Report
5/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Top 20 Overview
Tenable Network Security 1
SANS Top 20 Overview
The 20 Critical Controls are being prioritized for implementation by organizations that understand the evolving risk of cyber attack. Leading adopters include the U.S.
National Security Agency, the British Centre for the Protection of National Infrastructure, and the U.S. Department of Homeland Security Federal Network Security
Program. Ten state governments as well as power generation and distribution companies and defense contractors are among the hundreds of organizations that
have shifted from a compliance focus to a security focus by adopting the Critical Controls.
All of these entities changed over to the Critical Controls in answer to the key question: What needs to be done right now to protect my organization from known
attacks? Adopting and operationalizing the Critical Controls allows organizations to easily document those security processes to demonstrate compliance.
The Critical Controls reflect the consensus of major organizations with a deep understanding of how cyber attacks are carried out in the real world, why the attacks
succeed, and what specific controls can stop them or mitigate their damage. Failure by management to implement the Critical Controls puts an organizations sensitive
data or processes at great risk.
The Critical Controls are regularly updated by an international consortium headed by Tony Sager, who recently served as chief of the NSAs Vulnerability Analysis
and Operations Group (which includes the NSA Red and Blue Teams and other top national cyber talent).
http://www.sans.org/critical-security-controls/
-
8/12/2019 SANS Top 20 Critical Controls Report
6/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 1 - New Devices Detected
Tenable Network Security 2
SANS Control 1 - New Devices Detected
Reduce the ability of attackers to find and exploit unauthorized and unprotected systems: Use active monitoring and configuration management to maintain an up-
to-date inventory of devices connected to the enterprise network, including servers, workstations, laptops, and remote devices.
This chapter utilizes Nessus and PVS plugins (active and passive) to report new hosts found in the network over the last 48 hours by recording the network address
and machine names.
Associated NIST Special Publication 800-53, Revision 3, Priority 1 Controls CM-8 (a, c, d, 2, 3, 4), PM-5, PM-6
New Hosts Table
-
8/12/2019 SANS Top 20 Critical Controls Report
7/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 3 - Secure Configurations
Tenable Network Security 3
SANS Control 3 - Secure Configurations
Prevent attackers from exploiting services and settings that allow easy access through networks and browsers: Build a secure image that is used for all new systems
deployed to the enterprise, host these standard images on secure storage servers, regularly validate and update these configurations, and track system images
in a configuration management system.
The results for this chapter are defined by keywords in vulnerability text that match text contained in several plugins. The chapter sections provide mini-reports for
compliance data against PCI, DISA, CIS, and HIPAA checks.
Associated NIST Special Publication 800-53, Revision 3, Priority 1 Controls CM-1, CM-2 (1, 2), CM-3 (b, c, d, e, 2, 3), CM-5 (2), CM-6 (1, 2, 4), CM-7 (1), SA-1
(a), SA-4 (5), SI-7 (3), PM-6
-
8/12/2019 SANS Top 20 Critical Controls Report
8/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 3 - Secure Configurations
Tenable Network Security 4
PCI Compliance Summary
PCI Compliance Severity Summary
-
8/12/2019 SANS Top 20 Critical Controls Report
9/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 3 - Secure Configurations
Tenable Network Security 5
PCI Top 100 Host Table
IP Address NetBIOS Name DNS Name Score Total Info Med. High
172.31.100.62 sc01.melcara.com 50 5 0 0 5
172.31.100.63 lce01.melcara.com 50 5 0 0 5
172.31.100.64 pvs01.melcara.com 50 5 0 0 5
172.31.100.65 scan01.melcara.com 50 5 0 0 5
172.31.100.40 20 3 1 0 2
172.31.104.141 UNKNOWN\FAMILY-PC 20 2 0 0 2
172.31.100.11 NPROTECT\DC02 dc02.nprotect.int 10 1 0 0 1
172.31.100.26 10 2 1 0 1
172.31.100.29 10 2 1 0 1
172.31.100.55 10 2 1 0 1
172.31.100.102 WORKGROUP\NAS3T 10 2 1 0 1
172.31.100.103 10 2 1 0 1
172.31.100.110 10 2 1 0 1
172.31.100.253 10 2 1 0 1
172.31.104.134 NPROTECT\JND-DTP 10 1 0 0 1
172.31.104.135 UNKNOWN\GRD-LPTP 10 2 1 0 1
172.31.104.251 10 2 1 0 1
172.31.104.253 10 2 1 0 1
172.31.100.56 0 1 1 0 0
172.31.104.129 0 1 1 0 0
172.31.104.130 UNKNOWN\LPTP01 0 1 1 0 0
172.31.104.131 0 1 1 0 0
172.31.104.133 0 1 1 0 0
172.31.104.136 0 1 1 0 0
172.31.104.137 0 1 1 0 0
172.31.104.139 0 1 1 0 0
172.31.104.140 0 1 1 0 0
172.31.104.143 0 1 1 0 0
-
8/12/2019 SANS Top 20 Critical Controls Report
10/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 3 - Secure Configurations
Tenable Network Security 6
DISA Compliance Summary
DISA Compliance Severity Summary
-
8/12/2019 SANS Top 20 Critical Controls Report
11/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 3 - Secure Configurations
Tenable Network Security 7
DISA Top 100 Host Table
IP Address NetBIOS Name DNS Name Score Total Info Med. High
172.31.100.62 sc01.melcara.com 50 5 0 0 5
172.31.100.63 lce01.melcara.com 50 5 0 0 5
172.31.100.64 pvs01.melcara.com 50 5 0 0 5
172.31.100.65 scan01.melcara.com 50 5 0 0 5
172.31.100.40 20 3 1 0 2
172.31.104.141 UNKNOWN\FAMILY-PC 20 2 0 0 2
172.31.100.11 NPROTECT\DC02 dc02.nprotect.int 10 1 0 0 1
172.31.100.26 10 2 1 0 1
172.31.100.29 10 2 1 0 1
172.31.100.55 10 2 1 0 1
172.31.100.102 WORKGROUP\NAS3T 10 2 1 0 1
172.31.100.103 10 2 1 0 1
172.31.100.110 10 2 1 0 1
172.31.100.253 10 2 1 0 1
172.31.104.134 NPROTECT\JND-DTP 10 1 0 0 1
172.31.104.135 UNKNOWN\GRD-LPTP 10 2 1 0 1
172.31.104.251 10 2 1 0 1
172.31.104.253 10 2 1 0 1
172.31.100.56 0 1 1 0 0
172.31.104.129 0 1 1 0 0
172.31.104.130 UNKNOWN\LPTP01 0 1 1 0 0
172.31.104.131 0 1 1 0 0
172.31.104.133 0 1 1 0 0
172.31.104.136 0 1 1 0 0
172.31.104.137 0 1 1 0 0
172.31.104.139 0 1 1 0 0
172.31.104.140 0 1 1 0 0
172.31.104.143 0 1 1 0 0
-
8/12/2019 SANS Top 20 Critical Controls Report
12/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 3 - Secure Configurations
Tenable Network Security 8
CIS Compliance Summary
CIS Compliance Severity Summary
-
8/12/2019 SANS Top 20 Critical Controls Report
13/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 3 - Secure Configurations
Tenable Network Security 9
CIS Top 100 Host Table
IP Address NetBIOS Name DNS Name Score Total Info Med. High
172.31.100.63 lce01.melcara.com 2561 451 190 7 254
172.31.100.62 sc01.melcara.com 2541 452 193 7 252
172.31.100.64 pvs01.melcara.com 2521 451 194 7 250
172.31.100.65 scan01.melcara.com 2515 452 183 25 244
172.31.100.11 NPROTECT\DC02 dc02.nprotect.int 571 162 72 47 43
172.31.104.141 UNKNOWN\FAMILY-PC 545 162 76 45 41
172.31.104.134 NPROTECT\JND-DTP 541 162 75 47 40
172.31.104.135 UNKNOWN\GRD-LPTP 541 162 75 47 40
-
8/12/2019 SANS Top 20 Critical Controls Report
14/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 3 - Secure Configurations
Tenable Network Security 10
HIPAA Compliance Summary
HIPAA Compliance Severity Summary
HIPAA Top 100 Host Table
IP Address NetBIOS Name DNS Name Score Total Info Med. High
172.31.100.11 NPROTECT\DC02 dc02.nprotect.int 133 32 18 1 13
172.31.104.141 UNKNOWN\FAMILY-PC 130 32 19 0 13
-
8/12/2019 SANS Top 20 Critical Controls Report
15/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 4 - Continuous Vulnerability Scanning
Tenable Network Security 11
SANS Control 4 - Continuous Vulnerability
Scanning
Proactively identify and repair software vulnerabilities reported by security researchers or vendors: Regularly run automated vulnerability scanning tools against all
systems and quickly remediate any vulnerabilities, with critical problems fixed within 48 hours.
This chapter displays the total number of known systems, the number that have been observed over the last 30 days, and the percentage of systems that have had
a credentialed scan completed over the last 30 days. It allows you to determine if vulnerability scanning is occurring against all the systems in the specified range.
Associated NIST Special Publication 800-53, Revision 3, Priority 1 Controls RA-3 (a, b, c, d), RA-5 (a, b, 1, 2, 5, 6)
-
8/12/2019 SANS Top 20 Critical Controls Report
16/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 4 - Continuous Vulnerability Scanning
Tenable Network Security 12
Total Systems
-
8/12/2019 SANS Top 20 Critical Controls Report
17/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 4 - Continuous Vulnerability Scanning
Tenable Network Security 13
System Scanned within 30 Days
30 Day Scanned Asset Summary
-
8/12/2019 SANS Top 20 Critical Controls Report
18/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 4 - Continuous Vulnerability Scanning
Tenable Network Security 14
Top 100 Systems Scanned with 30 Days
IP Address NetBIOS Name DNS Name OS CPE
172.31.104.253
172.31.104.251 cpe:/o:linux:linux_kernel:2.6
172.31.104.146
172.31.104.144cpe:/o:microsoft:windows_7::sp1:x86-enterprise
172.31.104.140
172.31.104.138
172.31.104.137 cpe:/o:apple:mac_os_x:10.8
172.31.104.136
172.31.104.135 UNKNOWN\GRD-LPTP cpe:/o:microsoft:windows_7:::enterprise
172.31.104.134 NPROTECT\JND-DTPcpe:/o:microsoft:windows_7::sp1:x64-
enterprise
172.31.104.132
172.31.104.131 cpe:/o:apple:mac_os_x:10.8
172.31.104.130 UNKNOWN\LPTP01 cpe:/o:apple:mac_os_x:10.8
172.31.104.129
172.31.103.253
172.31.102.253
172.31.102.251 cisco-lwapp-controller.nprotect.int cpe:/o:linux:linux_kernel:2.6
172.31.102.250
172.31.102.222
172.31.102.221
172.31.100.253
172.31.100.102 WORKGROUP\NAS3T cpe:/o:debian:debian_linux:5.0
172.31.100.65 scan01.melcara.com cpe:/o:centos:centos:6:update4
172.31.100.64 pvs01.melcara.com cpe:/o:centos:centos:6:update4
172.31.100.63 lce01.melcara.com cpe:/o:centos:centos:6:update4
172.31.100.62 sc01.melcara.com cpe:/o:centos:centos:6:update4
172.31.100.56 cpe:/o:hp:hp-ux:9.05
-
8/12/2019 SANS Top 20 Critical Controls Report
19/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 4 - Continuous Vulnerability Scanning
Tenable Network Security 15
IP Address NetBIOS Name DNS Name OS CPE
172.31.100.55
172.31.100.40 cpe:/o:linux:linux_kernel:2.6
172.31.100.29 cpe:/o:vmware:esx_server172.31.100.26 cpe:/o:vmware:esx_server
172.31.100.11 NPROTECT\DC02 dc02.nprotect.int
cpe:/
o:microsoft:windows_server_2008:r2:sp1:x64-
enterprise
-
8/12/2019 SANS Top 20 Critical Controls Report
20/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 4 - Continuous Vulnerability Scanning
Tenable Network Security 16
Systems Scanned Credentials within 7 Days Summary
Systems Scanned Credentials within 7 Days Summary
Top 100 Systems Scanned Credentials within 7 Days Summary
IP Address NetBIOS Name DNS Name OS CPE
172.31.104.134 NPROTECT\JND-DTPcpe:/o:microsoft:windows_7::sp1:x64-
enterprise
172.31.100.11 NPROTECT\DC02 dc02.nprotect.int
cpe:/
o:microsoft:windows_server_2008:r2:sp1:x64-
enterprise
-
8/12/2019 SANS Top 20 Critical Controls Report
21/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 5 - Malware Controls
Tenable Network Security 17
SANS Control 5 - Malware Controls
Block malicious code from tampering with system settings or contents, capturing sensitive data, or spreading: Use automated anti-virus and anti-spyware software to
continuously monitor and protect workstations, servers, and mobile devices. Automatically update such anti-malware tools on all machines on a daily basis. Prevent
network devices from using auto-run programs to access removable media.
This chapter displays results from the Tenable Malicious Process Detection plugin, as well as provides details on virus anomalies, and active virus detection.
Associated NIST Special Publication 800-53, Revision 3, Priority 1 Controls SC-18, SC-26, SI-3 (a, b, 1, 2, 5, 6)
-
8/12/2019 SANS Top 20 Critical Controls Report
22/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 5 - Malware Controls
Tenable Network Security 18
Malicious Process Detection
Asset Summary Malicious Process Detection
Top 100 hosts with malicious process detected
-
8/12/2019 SANS Top 20 Critical Controls Report
23/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 5 - Malware Controls
Tenable Network Security 19
Virus Spike
Virus Spike
Top 100 Systems with Virus Spike
-
8/12/2019 SANS Top 20 Critical Controls Report
24/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 5 - Malware Controls
Tenable Network Security 20
Active Virus
ActiveVirus
Top 100 Active Virus Event Summary by Host
-
8/12/2019 SANS Top 20 Critical Controls Report
25/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 6 - Web Application Security
Tenable Network Security 21
SANS Control 6 - Web Application Security
Neutralize vulnerabilities in web-based and other application software: Carefully test internally developed and third-party application software for security flaws,
including coding errors and malware. Deploy web application firewalls that inspect all traffic, and explicitly check for errors in all user input (including by size and
data type).
This chapter utilizes PVS and a wide variety of plugins to passively identify application vulnerabilities within web applications, even detecting unsupported or vulnerable
software versions. Included tests are: SQL injections, CGI abuses, Backdoors, XSS, DNS and FTP checks, IMAP, SMTP, and POP checks, Internet Service Checks,
and Web Server checks, sorted by severity.
Associated NIST Special Publication 800-53, Revision 3, Priority 1 Controls CM-7, RA-5 (a, 1), SA-3, SA-4 (3), SA-8, SI-3, SI-10
Top 25 Host with Web Vulnerable Activity
-
8/12/2019 SANS Top 20 Critical Controls Report
26/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 6 - Web Application Security
Tenable Network Security 22
Top 100 Web Application Vulnerabilities.
Plugin Total Severity Plugin Name Family
5824 2 HighPHP 5.3 < 5.3.6 String To
Double Conversion DoSWeb Servers
6015 2 HighPHP 5.3 < 5.3.7 Multiple
VulnerabilitiesWeb Servers
6017 2 HighPHP 5.3.7 crypt() MD5
Incorrect Return ValueWeb Servers
6021 2 HighApache 2.2 < 2.2.20 MultipleVulnerabilities
Web Servers
6062 2 HighApache 2.2 < 2.2.21mod_proxy_ajp DoS
Web Servers
6129 2 HighOpenSSL 0.9.8 < 0.9.8s /1.x < 1.0.0f Multiple
Vulnerabilities
Web Servers
6263 2 High PHP < 5.3.9 MultipleVulnerabilities
Web Servers
6302 2 HighApache 2.2 < 2.2.22 MultipleVulnerabilities
Web Servers
6304 2 HighPHP 5.3.9php_register_variable_ex()
Code Execution
Web Servers
6494 2 HighPHP 5.3.x < 5.3.13CGI Query String Code
Execution
Web Servers
6495 2 HighPHP 5.3.x < 5.4.3 Multiple
VulnerabilitiesWeb Servers
6530 2 High PHP 5.4.x < 5.4.5_php_sream_scandir
Overflow
Web Servers
6556 2 HighPHP 5.3.x < 5.3.15 Multiple
VulnerabilitiesWeb Servers
55976 2 HighApache HTTP Server Byte
Range DoSWeb Servers
-
8/12/2019 SANS Top 20 Critical Controls Report
27/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 6 - Web Application Security
Tenable Network Security 23
Plugin Total Severity Plugin Name Family
3038 1 High
phpBB < 2.0.16
viewtopic.php Arbitrary Code
Execution
CGI
3657 1 High TWiki Privilege Escalation CGI
6332 1 HighApache Tomcat 6.0.x< 6.0.35 Multiple
Vulnerabilities
Web Servers
12218 2 Medium mDNS Detection Service detection
2810 2 MediumAutocomplete Not Disabled
for 'Password' FieldWeb Servers
5720 2 MediumOpenSSL < 0.9.8q / 1.0.0c
Multiple VulnerabilitiesWeb Servers
5782 2 Medium
OpenSSL < 0.9.8r / 1.0.0d
OCSP Stapling Denial ofService
Web Servers
5799 2 MediumWeb Server HttpOnlyCookies Not In Use
Web Servers
6400 2 Medium
OpenSSL 0.9.8 < 0.9.8u /
1.0.0 < 1.0.0h MultipleVulnerabilities
Web Servers
6576 2 MediumApache 2.2 < 2.2.23 MultipleVulnerabilities
Web Servers
6671 2 Medium
PHP 5.3.x < 5.3.21 cuRL
X.509 Certificate DomainName Matching MiTM
Weakness
Web Servers
6701 2 Medium
Apache 2.2 < 2.2.24
Multiple Cross-Site Scripting
Vulnerabilites
Web Servers
6707 2 MediumPHP 5.3.x < 5.3.22 Multiple
VulnerabilitiesWeb Servers
10678 2 MediumApache mod_info /server-
info Information DisclosureWeb Servers
55640 2 MediumSQL Dump Files Disclosed
via Web ServerCGI abuses
-
8/12/2019 SANS Top 20 Critical Controls Report
28/107
SANS Top 20 Critical Controls Report SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2013
SANS Control 6 - Web Application Security
Tenable Network Security 24
Plugin Total Severity Plugin Name Family
57640 2 MediumWeb Application Information
DisclosureCGI abuses
57792 2 Medium
Apache HTTP Server
httpOnly Cookie InformationDisclosure
Web Servers
3703 1 MediumRecursive DNS Server
DetectionDNS Servers
20007 1 MediumSSL Version 2 (v2) Protocol
DetectionService detection
3223 1 MediumTwiki rev ParameterArbitrary Shell Command
Execution
CGI
5789 1 Medium
Apache Tomcat 6.0.x
< 6.0.30 Multiple
Vulnerabilities
Web Servers
5790 1 MediumApache Tomcat 6.0.x