|
 | 作者: h1412 [h1412]
 论坛用户 |
登录 |
| 漏洞 ftp (21/tcp) It is possible to crash the remote FTP server by sending it a stream of zeroes. This vulnerability allows an attacker to prevent you from sharing data through FTP, and may even crash this host. Solution : if you are using FTP Serv-U, upgrade to version 2.5f. If you are not, then contact your vendor for a patch Risk factor : Serious CVE_ID : CVE-2000-0837 NESSUS_ID : 10488 漏洞 ftp (21/tcp) It was possible to disable the remote FTP server by connecting to it about 3000 times, with one connection at a time. If the remote server is running from within [x]inetd, this is a feature and the FTP server should automatically be back in a couple of minutes. An attacker may use this flaw to prevent this service from working properly. Solution : If the remote server is GoodTech ftpd server, download the newest version from http://www.goodtechsys.com. BID : 2270 Risk factor : Serious CVE_ID : CAN-2001-0188 BUGTRAQ_ID : 2270 NESSUS_ID : 10690 提示 ftp (21/tcp) A FTP server is running on this port. Here is its banner : 220 Serv-U FTP Server v5.0 for WinSock ready... NESSUS_ID : 10330 提示 ftp (21/tcp) 通过登陆目标服务器并经过缓冲器接收可查出FTP服务的类型和版本。这些注册过的标识信息将给予潜在的攻击者们关于他们要攻击的系统的额外信息。版本和类型会在可能的地方被泄露。 解决方案:将这些注册过的标识信息转变为普通类别的信息。。 风险等级:低 ___________________________________________________________________ Remote FTP server banner : 220 Serv-U FTP Server v5.0 for WinSock ready... NESSUS_ID : 10092 |
| 地主 发表时间: 05-02-18 20:42 |
| 回复: h1412 [h1412] 论坛用户 |
登录 |
|
漏洞 www (80/tcp) It was possible to crash the Jigsaw web server by requesting /servlet/con about 30 times. A cracker may use this attack to make this service crash continuously. Solution: upgrade your software Risk factor : Medium CVE_ID : CAN-2002-1052 BUGTRAQ_ID : 5258 NESSUS_ID : 11047 漏洞 www (80/tcp) 通过Tomcat、servlet引擎、使用类似于/examples/servlet/AUX的文件名的方式 上千次的读取MS/DOS设备将可能导致冻结或当掉Windows或者Web服务器 攻击者可以利用这个缺陷使你的系统连续当机 阻止你正常的工作。 解决方案 : 升级你的Apache Tomcat web server到版本 4.1.10。 风险等级 : 高 ___________________________________________________________________ It was possible to freeze or crash Windows or the web server by reading a thousand of times a MS/DOS device through Tomcat servlet engine, using a file name like /examples/servlet/AUX A cracker may use this flaw to make your system crash continuously, preventing you from working properly. Solution : upgrade your Apache Tomcat web server to version 4.1.10. Risk factor : High CVE_ID : CAN-2003-0045 NESSUS_ID : 11150 漏洞 www (80/tcp) It was possible to kill the HTTP proxy by sending an invalid request with a too long header A cracker may exploit this vulnerability to make your proxy server crash continually or even execute arbitrary code on your system. Solution : upgrade your software Risk factor : High CVE_ID : CAN-2002-0133 BUGTRAQ_ID : 3904 NESSUS_ID : 11715 漏洞 www (80/tcp) The remote WebDAV server may be vulnerable to a buffer overflow when it receives a too long request. An attacker may use this flaw to execute arbitrary code within the LocalSystem security context. *** As safe checks are enabled, Nessus did not actually test for this *** flaw, so this might be a false positive Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx Risk Factor : High CVE_ID : CAN-2003-0109 BUGTRAQ_ID : 7116 NESSUS_ID : 11412 Other references : IAVA:2003-A-0005 漏洞 www (80/tcp) 远程Web服务器在ASP ISAPI过滤中存在缓冲区溢出。 这可能导致远程Web服务器以SYSTEM权限执行任意命令。 解决方法:查看http://www.microsoft.com/technet/security/bulletin/ms02-018.asp 风险级别:高 ___________________________________________________________________ There's a buffer overflow in the remote web server through the ASP ISAPI filter. It is possible to overflow the remote web server and execute commands as user SYSTEM. Solution: See http://www.microsoft.com/technet/security/bulletin/ms02-018.mspx Risk factor : High CVE_ID : CVE-2002-0079, CVE-2002-0147, CVE-2002-0149 BUGTRAQ_ID : 4485 NESSUS_ID : 10935 Other references : IAVA:2002-A-0002 漏洞 www (80/tcp) It was possible to make IIS use 100% of the CPU by sending it malformed extension data in the URL requested, preventing him to serve web pages to legitimate clients. Solution : Microsoft has made patches available at : - For Internet Information Server 4.0: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20906 - For Internet Information Server 5.0: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20904 Risk factor : Serious CVE_ID : CVE-2000-0408 BUGTRAQ_ID : 1190 NESSUS_ID : 10406 警告 www (80/tcp) 远程服务器当前运行WebDAV服务,WebDAV 服务是HTTP规范的一个扩展的标准。它让远程用户对服务器添加授权的用户和管理添加服务器的内容。如果你不使用这个功能,请禁用它。 解决方案:http://support.microsoft.com/default.aspx?kbid=241520 风险等级:中 ___________________________________________________________________ The remote server is running with WebDAV enabled. WebDAV is an industry standard extension to the HTTP specification. It adds a capability for authorized users to remotely add and manage the content of a web server. If you do not use this extension, you should disable it. Solution : See http://support.microsoft.com/default.aspx?kbid=241520 Risk factor : Medium NESSUS_ID : 11424 警告 www (80/tcp) 你的webserver支持TRACE 和/或 TRACK 方式。 TRACE和TRACK是用来调试web服务器连接的HTTP方式。 支持该方式的服务器存在跨站脚本漏洞,通常在描述各种浏览器缺陷的时候,把"Cross-Site-Tracing"简称为XST。 攻击者可以利用此漏洞欺骗合法用户并得到他们的私人信息。 解决方案: 禁用这些方式。 如果你使用的是Apache, 在各虚拟主机的配置文件里添加如下语句: RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] 如果你使用的是Microsoft IIS, 使用URLScan工具禁用HTTP TRACE请求,或者只开放满足站点需求和策略的方式。 如果你使用的是Sun ONE Web Server releases 6.0 SP2 或者更高的版本, 在obj.conf文件的默认object section里添加下面的语句: AuthTrans fn="set-variable" remove-headers="transfer-encoding" set-headers="content-length: -1" error="501" 如果你使用的是Sun ONE Web Server releases 6.0 SP2 或者更低的版本, 编译如下地址的NSAPI插件: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603 参见http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603 http://www.kb.cert.org/vuls/id/867593 风险等级: 中 ___________________________________________________________________ Your webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections. It has been shown that servers supporting this method are subject to cross-site-scripting attacks, dubbed XST for "Cross-Site-Tracing", when used in conjunction with various weaknesses in browsers. An attacker may use this flaw to trick your legitimate web users to give him their credentials. Solution: Disable these methods. If you are using Apache, add the following lines for each virtual host in your configuration file : RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE requests or to permit only the methods needed to meet site requirements and policy. If you are using Sun ONE Web Server releases 6.0 SP2 and later, add the following to the default object section in obj.conf: AuthTrans fn="set-variable" remove-headers="transfer-encoding" set-headers="content-length: -1" error="501" If you are using Sun ONE Web Server releases 6.0 SP2 or below, compile the NSAPI plugin located at: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603 See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603 http://www.kb.cert.org/vuls/id/867593 Risk factor : Medium NESSUS_ID : 11213 警告 www (80/tcp) It seems that the PUT method is enabled on your web server Although we could not exploit this, you'd better disable it Solution : disable this method Risk factor : Serious NESSUS_ID : 10498 警告 www (80/tcp) It seems that the DELETE method is enabled on your web server Although we could not exploit this, you'd better disable it Solution : disable this method Risk factor : Medium NESSUS_ID : 10498 提示 www (80/tcp) A web server is running on this port NESSUS_ID : 10330 |
| B1层 发表时间: 05-02-18 20:43 |
| 回复: h1412 [h1412] 论坛用户 |
登录 |
|
漏洞 unknown (1521/tcp) Oracle8i和9i tnslsnr 服务没有设置口令的话那么它存在很多安全问题。 风险等级 : 高 ___________________________________________________________________ The remote Oracle tnslsnr has no password assigned. An attacker may use this fact to shut it down arbitrarily, thus preventing legitimate users from using it properly. Solution: use the lsnrctrl SET PASSWORD command to assign a password to, the tnslsnr. Risk factor : Serious NESSUS_ID : 10660 漏洞 oracle_tnslsnr (1521/tcp) The remote Oracle Database, according to its version number, is vulnerable to a buffer overflow in the query CREATE DATABASE LINK. An attacker with a database account may use this flaw to gain the control on the whole database, or even to obtain a shell on this host. Solution : See http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf Risk Factor : High CVE_ID : CAN-2003-0222 BUGTRAQ_ID : 7453 NESSUS_ID : 11563 提示 oracle_tnslsnr (1521/tcp) 连接目标主机的1541或1521端口,可执行一个TNS VERSION命令来查询版本信息 ___________________________________________________________________ This host is running the Oracle tnslsnr: TNSLSNR for 32-bit Windows: Version 8.1.7.0.0 - Production TNS for 32-bit Windows: Version 8.1.7.0.0 - Production Windows NT Named Pipes NT Protocol Adapter for 32-bit Windows: Version 8.1.7.0.0 - Production Windows NT TCP/IP NT Protocol Adapter for 32-bit Windows: Version 8.1.7.0.0 - Production,, CVE_ID : CVE-2000-0818 BUGTRAQ_ID : 1853 NESSUS_ID : 10658 漏洞 tcp 如果向远程主机发送一个自己构造的特殊的IP数据包, 将IP选项#0xE4设为空的长度,则远程主机可能崩溃。 一个攻击者可以利用这个漏洞阻止远 程主机正常地完成它的任务。 风险等级 : 高 ___________________________________________________________________ It was possible to crash the remote host by sending a specially crafted IP packet with a null length for IP option #0xE4 An attacker may use this flaw to prevent the remote host from accomplishing its job properly. Risk factor : High BUGTRAQ_ID : 7175 NESSUS_ID : 11475 提示 udp traceroute到远端主机的路由。 风险等级 : 低 ___________________________________________________________________ For your information, here is the traceroute to 61.167.57.95 : 192.168.1.42 192.168.1.1 219.147.197.97 219.147.147.9 219.147.145.149 202.97.56.145 202.97.54.41 202.97.40.217 202.97.36.82 202.97.15.182 219.158.5.73 219.158.8.82 61.167.0.6 61.180.152.229 218.10.116.34 218.10.116.218 61.167.15.254 61.167.57.95 NESSUS_ID : 10287 |
| B2层 发表时间: 05-02-18 20:44 |
| 回复: h1412 [h1412] 论坛用户 |
登录 |
|
自己顶下 |
| B3层 发表时间: 05-02-19 15:56 |
 | 回复: bluehacker [bluehacker]  论坛用户 |
登录 |
|
呵呵~~ 一个字-----“看”。 比如: “Your webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections. It has been shown that servers supporting this method are subject to cross-site-scripting attacks, dubbed XST for "Cross-Site-Tracing", when used in conjunction with various weaknesses in browsers. An attacker may use this flaw to trick your legitimate web users to give him their credentials. Solution: Disable these methods. 警告 www (80/tcp) 你的webserver支持TRACE 和/或 TRACK 方式。 TRACE和TRACK是用来调试web服务器连接的HTTP方式。 支持该方式的服务器存在跨站脚本漏洞,通常在描述各种浏览器缺陷的时候,把"Cross-Site-Tracing"简称为XST。 攻击者可以利用此漏洞欺骗合法用户并得到他们的私人信息。 解决方案: 禁用这些方式。” ----------------------------------------------- 以上告诉你这个服务器有跨站脚本漏洞,可以用SQL跨站攻击等。 你可以分开来看这个错误报告,注意“风险等级: 中/高”的报告部分,抓住一两点就可采取 行动了。 |
| B4层 发表时间: 05-02-19 16:05 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 菜鸟乐园 标题: 请指点如何分析扫描报告