Developer Report1 PDF

Acunetix Website Audit
3 October, 2014
Developer Report
Generated by Acunetix WVS Reporter (v9.0 Build 20140206)
Scan of http://mail.sukasa.com/
Scan details
Scan information
Start time
Finish time
Scan time
Profile
10/03/2014 17:05:13
10/03/2014 17:05:23
10 seconds
Default
Server information
Responsive
Server banner
Server OS
Server technologies
True
Apache/2.2.15 (CentOS)
Unix
PHP
Threat level
Acunetix Threat Level 2
One or more medium-severity type vulnerabilities have been discovered by the scanner.
You should investigate each of these vulnerabilities to ensure they will not escalate to
more severe problems.
Alerts distribution
Total alerts found
15
High
Medium
Low
Informational
13
1
Alerts summary
Apache httpd remote denial of service
Affects
Web Server
Variation
s1
Apache mod_negotiation filename bruteforcing

Affects
Web Server
Variation
s1
Clickjacking: X-Frame-Options header missing

Affects
Web Server
Variation
s1
Possible virtual host found

Affects
git
internal
intranet
localhost
mail
prelive
secure
webmail
www-staging
www-test
Variation
s1
1
1
1
1
1
1
1
1
1
TRACE method is enabled

Affects
Web Server
Variation
s1
Broken links
Affects
/webmail
Variation
s1
Alert details
Apache httpd remote denial of service
Severity
Medium
Type
Configuration
Reported by module Scripting (Version_Check.script)
Description
A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache
HTTPD server:
http://seclists.org/fulldisclosure/2011/Aug/175
An attack tool is circulating in the wild. Active use of this tools has been observed. The attack can be done remotely and
with a modest number of requests can cause very significant memory and CPU usage on the server.
This alert was generated using only banner information. It may be a false positive.
Affected Apache versions (1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19).
Impact
Remote Denial of Service
Recommendation
Upgrade to the latest version of Apache HTTP Server (2.2.20 or later), available from the Apache HTTP Server Project
Web site.
References
Apache httpd Remote Denial of Service (memory exhaustion)
CVE-2011-3192
Apache HTTP Server 2.2.20 Released
Apache HTTPD Security ADVISORY
Affected items
Web Server
Details
Current version is : 2.2.15
Apache mod_negotiation filename bruteforcing

Severity
Low
Type
Validation
Reported by module Scripting (Apache_mod_negotiation_Filename_Bruteforcing.script)
Description
mod_negotiation is an Apache module responsible for selecting the document that best matches the clients capabilities,
from one of several available documents. If the client provides an invalid Accept header, the server will respond with a
406 Not Acceptable error containing a pseudo directory listing. This behaviour can help an attacker to learn more about
his target, for example, generate a list of base names, generate a list of interesting extensions, look for backup files and
so on.
Impact
Possible information disclosure: directory listing, filename bruteforcing, backup files.
Recommendation
Disable the MultiViews directive from Apache's configuration file and restart Apache.
You can disable MultiViews by creating a .htaccess file containing the following line:
Options -Multiviews
References
Multiviews Apache, Accept Requests and free listing
Apache Module mod_negotiation
mod_negotiation: directory listing, filename bruteforcing
Affected items
Web Server
Details
Pattern found: <title>406 Not Acceptable</title>
Request headers
GET /index HTTP/1.1
Accept: acunetix/wvs
Host: mail.sukasa.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Acunetix-Product: WVS/9.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Clickjacking: X-Frame-Options header missing

Severity
Low
Type
Configuration
Reported by module Scripting (Clickjacking_X_Frame_Options.script)
Description
Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web
user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing
confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking
attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be
allowed to render a page in a <frame> or <iframe>. Sites can use this to avoid clickjacking attacks, by ensuring that their
content is not embedded into other sites.
Impact
The impact depends on the affected web application.
Recommendation
Configure your web server to include an X-Frame-Options header. Consult Web references for more information about
the possible values for this header.
References
The X-Frame-Options response header
Clickjacking
Original Clickjacking paper
Affected items
Web Server
Details
No details are available.
Request headers
GET / HTTP/1.1
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
Possible virtual host found

Severity
Low
Type
Configuration
Reported by module Scripting (VirtualHost_Audit.script)
Description
Virtual hosting is a method for hosting multiple domain names (with separate handling of each name) on a single server
(or pool of servers). This allows one server to share its resources, such as memory and processor cycles, without
requiring all services provided to use the same host name.
This web server is responding differently when the Host header is manipulated and various common virtual hosts are
tested. This could indicate there is a Virtual Host present.
Impact
Possible sensitive information disclosure.
Recommendation
Consult the virtual host configuration and check if this virtual host should be publicly accessible.
References
Virtual hosting
Affected items
git
Details
VirtualHost: git
Response:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<head>
<title>Apache HTTP Server Test Page powered by CentOS</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
body {
background-color: #fff;
color: #000;
font-size: 0.9em;
font-family: sans-serif,helvetica;
margin: 0;
padding: 0;
}
:link {
color: #0000FF;
}
:visited {
color: #0000FF;
}
a:hover {
Request headers
GET / HTTP/1.0
Host: git
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
internal
Details
VirtualHost: internal
Response:
<head>
body {
color: #000;
font-size: 0.9em;
margin: 0;
padding: 0;
}
:link {
color: #0000FF;
}
:visited {
color: #0000FF;
}
a:hover {
Request headers
GET / HTTP/1.0
Host: internal
intranet
Details
VirtualHost: intranet
Response: <body>
<h1>Apache 2 Test Page<br><font size="-1"><strong>powered by</font> CentOS</strong></h1>
<div class="content">
<div class="content-middle">
<p>This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read
this page it means that the Apache HTTP server installed at this site is working properly.</p>
</div>
<hr />
<div class="content-columns">
<div class="content-column-left">
<h2>If you are a member of the general publi
Request headers
GET / HTTP/1.0
Host: intranet
localhost
Details
VirtualHost: localhost
Response: <body>
</div>
<hr />
Request headers
GET / HTTP/1.0
Host: localhost
mail
Details
VirtualHost: mail
Response:
<head>
body {
color: #000;
font-size: 0.9em;
margin: 0;
padding: 0;
}
:link {
color: #0000FF;
}
:visited {
color: #0000FF;
}
a:hover {
Request headers
GET / HTTP/1.0
Host: mail
prelive
Details
VirtualHost: prelive
Response: <body>
</div>
<hr />
Request headers
GET / HTTP/1.0
Host: prelive
secure
Details
VirtualHost: secure
Response:
<head>
body {
color: #000;
font-size: 0.9em;
margin: 0;
padding: 0;
}
:link {
color: #0000FF;
}
:visited {
color: #0000FF;
}
a:hover {
Request headers
GET / HTTP/1.0
Host: secure
10
webmail
Details
VirtualHost: webmail
Response: <body>
</div>
<hr />
Request headers
GET / HTTP/1.0
Host: webmail
www-staging
Details
VirtualHost: www-staging
Response:
<head>
body {
color: #000;
font-size: 0.9em;
margin: 0;
padding: 0;
}
:link {
color: #0000FF;
}
:visited {
color: #0000FF;
}
a:hover {
Request headers
GET / HTTP/1.0
Host: www-staging
11
www-test
Details
VirtualHost: www-test
Response: <body>
</div>
<hr />
Request headers
GET / HTTP/1.0
Host: www-test
12
TRACE method is enabled

Severity
Low
Type
Validation
Reported by module Scripting (Track_Trace_Server_Methods.script)
Description
HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web
browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.
Impact
Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and
authentication data.
Recommendation
Disable TRACE Method on the web server.
References
W3C - RFC 2616
US-CERT VU#867593
Cross-site tracing (XST)
Affected items
Web Server
Details
No details are available.
Request headers
TRACE /gOQ8yP7qP1 HTTP/1.1
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
13
Broken links
Severity
Informational
Type
Informational
Reported by module Crawler
Description
A broken link refers to any link that should take you to a document, image or webpage, that actually results in an error.
This page was linked from the website but it is inaccessible.
Impact
Problems navigating the site.
Recommendation
Remove the links to this file or make it accessible.
Affected items
/webmail
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /webmail HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
14
Scanned items (coverage report)

Scanned 2 URLs. Found 1 vulnerable.
URL: http://mail.sukasa.com/
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: http://mail.sukasa.com/webmail
Vulnerabilities has been identified for this URL
No input(s) found for this URL
15

Developer Report1 PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Developer Report1 PDF

Uploaded by

Copyright:

Available Formats

Acunetix Website Audit

Generated by Acunetix WVS Reporter (v9.0 Build 20140206)

Apache mod_negotiation filename bruteforcing

Clickjacking: X-Frame-Options header missing

Acunetix Website Audit

Possible virtual host found

TRACE method is enabled

Acunetix Website Audit

Acunetix Website Audit

Apache mod_negotiation filename bruteforcing

Acunetix Website Audit

Clickjacking: X-Frame-Options header missing

Acunetix Website Audit

Possible virtual host found

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

TRACE method is enabled

Acunetix Website Audit

Acunetix Website Audit

Scanned items (coverage report)

Acunetix Website Audit

You might also like