<NexposeReport version="1.0">
<scans>
<scan id="1" name="Localhost" startTime="20131127T050242739" endTime="20131127T115513233" status="stopped"/>
</scans><nodes>
<node address="192.168.1.1" status="alive" device-id="7">
<fingerprints>
<os  certainty="0.70" device-class="General" vendor="Linux" family="Linux" product="Linux" version="2.6.9"/>
</fingerprints>
<tests>
<test id="tcp-seq-num-approximation" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>TCP reset with incorrect sequence number triggered this fault on 192.168.1.1:21: Connection reset by peer</Paragraph></Paragraph>
</test>

<test id="generic-icmp-netmask" status="not-vulnerable">

<Paragraph>
	<Paragraph>No response</Paragraph></Paragraph>
</test>

<test id="generic-icmp-timestamp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Remote system time: 03:49:09.250 UTC</Paragraph></Paragraph>
</test>

<test id="generic-tcp-timestamp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Apparent system boot time: Wed Nov 27 00:21:55 UTC 2013</Paragraph></Paragraph>
</test>
</tests>
<endpoints>
<endpoint protocol="tcp" port="21" status="open">
<services>
<service name="FTP">
<configuration>
<config name="ftp.banner">220 Welcome to TBS FTP Server.</config>
</configuration>
<tests>
<test id="ftp-anonymous-writeable-directories" status="error">

<Paragraph>
	<Paragraph>Could not connect to endpoint with any known anonymous credentials</Paragraph></Paragraph>
</test>

<test id="ftp-proftpd-1-3-3c-backdoor" status="not-vulnerable">

<Paragraph>
	<Paragraph>Returned the following is a result to executing &#39;id;uname -a;&#39;: 202 Command not implemented, superfluous at this site.</Paragraph></Paragraph>
</test>

<test id="ftp-default-login-admin-null" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable FTP service.</Paragraph>Was not able to authenticate to the FTP service with no credentials.</Paragraph>
</test>

<test id="ftp-default-login-admin-passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable FTP service.</Paragraph>Was not able to authenticate to the FTP service with no credentials.</Paragraph>
</test>

<test id="ftp-default-login-admin-password" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable FTP service.</Paragraph>Was not able to authenticate to the FTP service with no credentials.</Paragraph>
</test>

<test id="ftp-default-login-administrator-null" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable FTP service.</Paragraph>Was not able to authenticate to the FTP service with no credentials.</Paragraph>
</test>

<test id="ftp-default-login-administrator-passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable FTP service.</Paragraph>Was not able to authenticate to the FTP service with no credentials.</Paragraph>
</test>

<test id="ftp-default-login-administrator-password" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable FTP service.</Paragraph>Was not able to authenticate to the FTP service with no credentials.</Paragraph>
</test>

<test id="ftp-generic-0007" status="not-vulnerable">

<Paragraph>
	<Paragraph>Server supports AUTH mechanism TLS</Paragraph></Paragraph>
</test>

<test id="ftp-generic-0001" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable FTP service.</Paragraph>Was not able to authenticate to the FTP service with no credentials.</Paragraph>
</test>

<test id="ftp-generic-0002" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable FTP service.</Paragraph>Was not able to authenticate to the FTP service with no credentials.</Paragraph>
</test>

<test id="ftp-generic-0003" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable FTP service.</Paragraph>Was not able to authenticate to the FTP service with no credentials.</Paragraph>
</test>

<test id="ftp-generic-0004" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable FTP service.</Paragraph>Was not able to authenticate to the FTP service with no credentials.</Paragraph>
</test>

<test id="ftp-generic-0005" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable FTP service.</Paragraph>Was not able to authenticate to the FTP service with no credentials.</Paragraph>
</test>

<test id="ftp-generic-0006" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable FTP service.</Paragraph>Was not able to authenticate to the FTP service with no credentials.</Paragraph>
</test>
</tests>
</service>
</services>
</endpoint>

<endpoint protocol="tcp" port="22" status="open">
<services>
<service name="SSH">
<fingerprints>
<fingerprint  certainty="0.90" family="Dropbear" product="Dropbear" version="0.51"/>
</fingerprints>
<configuration>
<config name="ssh.banner">SSH-2.0-dropbear_0.51</config>
<config name="ssh.protocol.version">2.0</config>
<config name="ssh.rsa.pubkey.fingerprint">6305014FCD096DADED95AE89192CB8BC</config>
</configuration>
<tests>
<test id="ssh-default-account-admin-password-admin" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable SSH service.</Paragraph>Was not able to authenticate to the SSH service with no credentials.</Paragraph>
</test>

<test id="ssh-default-account-admin-password-password" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable SSH service.</Paragraph>Was not able to authenticate to the SSH service with no credentials.</Paragraph>
</test>

<test id="ssh-default-account-root-no-password" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable SSH service.</Paragraph>Was not able to authenticate to the SSH service with no credentials.</Paragraph>
</test>

<test id="ssh-default-account-root-password-password" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable SSH service.</Paragraph>Was not able to authenticate to the SSH service with no credentials.</Paragraph>
</test>

<test id="ssh-default-account-root-password-root" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable SSH service.</Paragraph>Successfully authenticated to the SSH service with credentials: uid[root] pw[root] realm[null]</Paragraph>
</test>

<test id="ssh-default-account-root-password-toor" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable SSH service.</Paragraph>Was not able to authenticate to the SSH service with no credentials.</Paragraph>
</test>

<test id="ssh-generic-0003" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-iphone-default-account-root-password-alpine" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable SSH service.</Paragraph>Was not able to authenticate to the SSH service with no credentials.</Paragraph>
</test>

<test id="ssh-iphone-default-account-root-password-dottie" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable SSH service.</Paragraph>Was not able to authenticate to the SSH service with no credentials.</Paragraph>
</test>

<test id="ssh-openssh-0001" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-openssh-0006" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-openssh-0007" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-openssh-0010" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-pragma-sshredder-overflow" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-suse-default-account-suse-gm-password-123456" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable SSH service.</Paragraph>Was not able to authenticate to the SSH service with no credentials.</Paragraph>
</test>

<test id="ssh-openssh-pam-multiple-vulns" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="openssl-debian-weak-keys" status="not-vulnerable">

<Paragraph>
	<Paragraph>SSH public key with fingerprint 6305014FCD096DADED95AE89192CB8BC is not a known weak key</Paragraph></Paragraph>
</test>

<test id="ssh-default-account-guest-password-guest" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable SSH service.</Paragraph>Was not able to authenticate to the SSH service with no credentials.</Paragraph>
</test>

<test id="ssh-default-account-vmware-password-vmware" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable SSH service.</Paragraph>Was not able to authenticate to the SSH service with no credentials.</Paragraph>
</test>

<test id="ssh-openssh-0003" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-openssh-0005" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-openssh-0008" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-openssh-0009" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-sshinc-0002" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-sshinc-0007" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-v1-supported" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service.</Paragraph></Paragraph>
</test>

<test id="ssh-openssh-0002" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-openssh-0004" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-sshinc-0001" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-sshinc-0005" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-sshinc-0006" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-sshinc-getlogin-spoof-privilege-escalation" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-sshinc-rsa-signature-forging" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-openssh-valid-username-info-leak" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>

<test id="ssh-sshinc-0004" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable SSH service: Dropbear 0.51.</Paragraph></Paragraph>
</test>
</tests>
</service>
</services>
</endpoint>

<endpoint protocol="tcp" port="23" status="open">
<services>
<service name="Telnet">
<tests>
<test id="telnet-avaya-default-login-diag" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-avaya-default-login-manuf" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-default-account-admin-password-password" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-default-account-root-password-password" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-generic-0001" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-generic-0002" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-generic-0003" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-generic-0004" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-generic-0005" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-netscreen-default-netscreen-netscreen" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-db2-default-login-db2as" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-db2-default-login-db2fenc1" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-db2-default-login-db2inst1" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-open-port" status="vulnerable-version">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph></Paragraph>
</test>
</tests>
</service>
</services>
</endpoint>

<endpoint protocol="tcp" port="80" status="open">
<services>
<service name="HTTP">
<fingerprints>
<fingerprint  certainty="0.90" vendor="ACME Laboratories" family="mini_httpd" product="mini_httpd" version="1.19"/>
</fingerprints>
<configuration>
<config name="http.banner">mini_httpd/1.19 19dec2003</config>
<config name="http.banner.server">mini_httpd/1.19 19dec2003</config>
</configuration>
<tests>
<test id="adobe-apsb13-03-cve-2013-0632" key="/CFIDE/adminapi/administrator.cfc?" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-13-cve-2013-1389" status="skipped-version">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>Based on the result of the &quot;APSB13-13: Security updates available for Adobe ColdFusion (CVE-2013-3336)&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-3com-wap-default-admin-password" key="/index.htm" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-drac-default-login" status="not-vulnerable">

<Paragraph>
	<Paragraph>Server responded with an HTTP 404 to a request to /cgi-bin/webcgi/login</Paragraph></Paragraph>
</test>

<test id="http-drac-default-login" key="/data/login" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-drac-default-login" key="/cgi/login" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-glassfish-default-admin-password" key="/common/index.jsf" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-nokia-firewall-default-admin-password" key="/cgi-bin/home.tcl" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-phpmyadmin-account-pma-password-empty" key="/phpmyadmin/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-struts-cve-2013-2251" key="/struts2-showcase/employee/save.action" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-struts-cve-2013-2251" key="/struts2-blank/example/HelloWorld.action" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="checkpoint-ess-info-disclosure-sk57881" key="/conf/ssl/apache/integrity.key" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-thttpd-obsolete" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable HTTP service: ACME Laboratories mini_httpd 1.19.</Paragraph></Paragraph>
</test>

<test id="http-unrestricted-webdav-put-delete" status="not-vulnerable">

<Paragraph>
	<Paragraph>/r7.txt was not successfully PUT on the server.</Paragraph></Paragraph>
</test>

<test id="adobe-apsb10-18-cve-2010-2861" key="/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-awstats-remote-code-execution" key="/cgi-bin/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-faxsurvey-command-execution" key="/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/servermanager/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/adminapi/base.cfc?wsdl" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/adminiapi/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/administrator/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/AIR/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/appdeployment/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/componentutils/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/orm/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/portlets/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/scheduler/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/services/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/websocket/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/wizards/common/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/wizards/common/utils.cfc?method=verifyldapserver&amp;vserver=localhost&amp;vport=22&amp;vstart=&amp;vusername=&amp;vpassword=&amp;returnformat=json" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-frontpage-unprotected" key="/_vti_bin/_vti_aut/author.dll" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-php-xmlrpc-code-injection" key="/xmlrpc.php" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-03-cve-2013-0625" status="skipped-version">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>Based on the result of the &quot;APSB13-03: Security updates available for Adobe ColdFusion (CVE-2013-0629)&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.1/" LinkTitle="http://192.168.1.1/"></URLLink></Paragraph>HTTP response code was 200 but expected 401</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-iis-0014" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>Based on the following 3 results:
		<OrderedList>
			<ListItem>
				<Paragraph>
					<ContainerBlockElement></ContainerBlockElement></Paragraph></ListItem>
			<ListItem>
				<Paragraph>
					<ContainerBlockElement></ContainerBlockElement></Paragraph></ListItem>
			<ListItem>
				<Paragraph>
					<ContainerBlockElement></ContainerBlockElement></Paragraph></ListItem></OrderedList></Paragraph></Paragraph>
</test>

<test id="http-cgi-viewsource-arbitrary-file-access" key="/cgi-bin/view-source?../../../../../../../etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-trace-method-enabled" key="/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-track-method-enabled" key="/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="spider-adobe-flash-permissive-crossdomain-xml" key="/crossdomain.xml" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-03-cve-2013-0631" key="/CFIDE/adminapi/customtags/fusebox.cfm" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-13-cve-2013-3336" key="/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charse" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-awstats-debug-information-disclosure" key="/cgi-bin/awstats.pl?debug=1" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-bigbrother-accessible" key="/bb/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-htdig-arbitrary-file-access" key="/cgi-bin/htsearch?Exclude=%60/etc/passwd%60" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-htgrep-arbitrary-file-access" key="/cgi-bin/htgrep/file=index.html&amp;hdr=/etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-htmlscript-arbitrary-file-access" key="/cgi-bin/htmlscript?../../../../../../../etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-testcgi-file-listing" key="/cgi-bin/test-cgi" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cookie-http-only-flag" key="/cgi-bin/webproc" status="vulnerable-exploited">

<Paragraph>
	<ContainerBlockElement>
		<Paragraph>Cookie is not marked as HttpOnly: &#39;sessionid=7d7130f3; path=/cgi-bin; domain=192.168.1.1&#39;</Paragraph>
		<Paragraph>URL: 
		<URLLink LinkURL="http://192.168.1.1/cgi-bin/webproc" LinkTitle="http://192.168.1.1/cgi-bin/webproc"></URLLink></Paragraph></ContainerBlockElement></Paragraph>
</test>

<test id="http-generic-propfind-dir-browsing" status="skipped-version">

<Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.1/html/" LinkTitle="http://192.168.1.1/html/"></URLLink></Paragraph></ContainerBlockElement></Paragraph>
	<Paragraph>Server did not respond with a valid XML document.</Paragraph>
	<Paragraph>Based on the result of the &quot;WebDAV Extensions are Enabled&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-generic-propfind-dir-browsing" status="skipped-version">

<Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.1/" LinkTitle="http://192.168.1.1/"></URLLink></Paragraph></ContainerBlockElement></Paragraph>
	<Paragraph>Server did not respond with a valid XML document.</Paragraph>
	<Paragraph>Based on the result of the &quot;WebDAV Extensions are Enabled&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-lighttpd-mod_userdir-info-discl" key="/~bin/true" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-open-proxy" key="http://www.google.com:80/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP HEAD request to 
				<URLLink LinkURL="http://www.google.com/" LinkTitle="http://www.google.com/"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-php-ini-file-exposed" key="/cgi-bin/php.ini" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-symantec-scan-engine-file-disclosure" key="/README.txt" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-tomcat-jkstatus-accessible" key="/jkstatus/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-vignette-app-portal-diag" status="not-vulnerable">

<Paragraph>
	<Paragraph>Diagnostics page not returned</Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-03-cve-2013-0629" key="/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../license.txt" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-0005" key="ftp://ftp.kernel.org/;utf7xss" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-0005" key="ftp://ftp.kernel.org/;utf7xss" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-2939" key="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-2939" key="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-adobe-amf-gateway-xxe-cve-2009-3960" key="/flex2gateway/http" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>
</tests>
</service>
</services>
</endpoint>
</endpoints>
</node>

<node address="192.168.1.18" status="alive" device-id="6">
<fingerprints>
<os  certainty="0.70" device-class="WAP" vendor="Linux" family="Linux" product="Linux" version="2.4.20"/>
</fingerprints>
<tests>
<test id="tcp-seq-num-approximation" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>TCP reset with incorrect sequence number triggered this fault on 192.168.1.18:23: Connection reset by peer</Paragraph></Paragraph>
</test>

<test id="generic-icmp-netmask" status="not-vulnerable">

<Paragraph>
	<Paragraph>No response</Paragraph></Paragraph>
</test>

<test id="generic-icmp-timestamp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Remote system time: 06:05:56.324 UTC</Paragraph></Paragraph>
</test>

<test id="generic-tcp-timestamp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Apparent system boot time: Wed Nov 27 00:16:51 UTC 2013</Paragraph></Paragraph>
</test>
</tests>
<endpoints>
<endpoint protocol="tcp" port="23" status="open">
<services>
<service name="Telnet">
<tests>
<test id="telnet-avaya-default-login-diag" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-avaya-default-login-manuf" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-default-account-admin-password-password" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-default-account-root-password-password" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-generic-0001" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-generic-0002" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-generic-0003" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-generic-0004" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-generic-0005" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-netscreen-default-netscreen-netscreen" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-db2-default-login-db2as" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-db2-default-login-db2fenc1" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-db2-default-login-db2inst1" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph>Was not able to authenticate to the Telnet service with no credentials.</Paragraph>
</test>

<test id="telnet-open-port" status="vulnerable-version">

<Paragraph>
	<Paragraph>Running vulnerable Telnet service.</Paragraph></Paragraph>
</test>
</tests>
</service>
</services>
</endpoint>

<endpoint protocol="tcp" port="53" status="open">
<services>
<service name="DNS-TCP">
<tests>
<test id="dns-allows-cache-snooping" status="error">

<Paragraph>
	<Paragraph>java.io.EOFException</Paragraph></Paragraph>
</test>

<test id="dns-processes-recursive-queries" status="not-vulnerable">

<Paragraph>
	<Paragraph>Nameserver did not resolve test host.</Paragraph></Paragraph>
</test>

<test id="dns-unrestricted-reverse-zone-transfer" status="error">

<Paragraph>
	<Paragraph>java.io.EOFException</Paragraph></Paragraph>
</test>

<test id="dns-0004" status="not-vulnerable">

<Paragraph>
	<Paragraph>The zone data was not transferred.</Paragraph></Paragraph>
</test>
</tests>
</service>
</services>
</endpoint>

<endpoint protocol="tcp" port="80" status="open">
<services>
<service name="HTTP">
<fingerprints>
<fingerprint  certainty="0.75" product="httpd"/>
</fingerprints>
<configuration>
<config name="http.banner">httpd</config>
<config name="http.banner.server">httpd</config>
</configuration>
<tests>
<test id="adobe-apsb13-03-cve-2013-0632" key="/CFIDE/adminapi/administrator.cfc?" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-13-cve-2013-1389" status="skipped-version">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>Based on the result of the &quot;APSB13-13: Security updates available for Adobe ColdFusion (CVE-2013-3336)&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-3com-wap-default-admin-password" key="/index.htm" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-drac-default-login" key="/data/login" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-drac-default-login" key="/cgi/login" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-drac-default-login" status="not-vulnerable">

<Paragraph>
	<Paragraph>Server responded with an HTTP 401 to a request to /cgi-bin/webcgi/login</Paragraph></Paragraph>
</test>

<test id="http-glassfish-default-admin-password" key="/common/index.jsf" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-nokia-firewall-default-admin-password" key="/cgi-bin/home.tcl" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.18/cgi-bin/home.tcl" LinkTitle="http://192.168.1.18/cgi-bin/home.tcl"></URLLink></Paragraph>HTTP response code was 401 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-phpmyadmin-account-pma-password-empty" key="/phpmyadmin/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/phpmyadmin/" LinkTitle="http://192.168.1.18/phpmyadmin/"></URLLink></Paragraph>HTTP response code was 200 but expected 401</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-struts-cve-2013-2251" key="/struts2-showcase/employee/save.action" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-struts-cve-2013-2251" key="/struts2-blank/example/HelloWorld.action" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="checkpoint-ess-info-disclosure-sk57881" key="/conf/ssl/apache/integrity.key" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-thttpd-obsolete" status="skipped-version">

<Paragraph>
	<Paragraph>Running not-vulnerable HTTP service: httpd.</Paragraph></Paragraph>
</test>

<test id="http-unrestricted-webdav-put-delete" status="not-vulnerable">

<Paragraph>
	<Paragraph>/r7.txt was not successfully PUT on the server.</Paragraph></Paragraph>
</test>

<test id="adobe-apsb10-18-cve-2010-2861" key="/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en" LinkTitle="http://192.168.1.18/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en"></URLLink></Paragraph>HTTP response code was 400 but expected 200HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-awstats-remote-code-execution" key="/cgi-bin/awstats/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/cgi-bin/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;" LinkTitle="http://192.168.1.18/cgi-bin/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;"></URLLink></Paragraph>HTTP response code was 401 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/cgi-bin/awstats/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;" LinkTitle="http://192.168.1.18/cgi-bin/awstats/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;"></URLLink></Paragraph>HTTP response code was 401 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-faxsurvey-command-execution" key="/cgi-bin/faxquery?/bin/cat%20/etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd" LinkTitle="http://192.168.1.18/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd"></URLLink></Paragraph>HTTP response code was 401 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/cgi-bin/faxquery?/bin/cat%20/etc/passwd" LinkTitle="http://192.168.1.18/cgi-bin/faxquery?/bin/cat%20/etc/passwd"></URLLink></Paragraph>HTTP response code was 401 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/AIR/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/CFIDE/AIR/" LinkTitle="http://192.168.1.18/CFIDE/AIR/"></URLLink></Paragraph>HTTP response code was an expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/wizards/common/utils.cfc?method=verifyldapserver&amp;vserver=localhost&amp;vport=22&amp;vstart=&amp;vusername=&amp;vpassword=&amp;returnformat=json" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/wizards/common/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/CFIDE/wizards/common/" LinkTitle="http://192.168.1.18/CFIDE/wizards/common/"></URLLink></Paragraph>HTTP response code was an expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/websocket/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/CFIDE/websocket/" LinkTitle="http://192.168.1.18/CFIDE/websocket/"></URLLink></Paragraph>HTTP response code was an expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/services/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/CFIDE/services/" LinkTitle="http://192.168.1.18/CFIDE/services/"></URLLink></Paragraph>HTTP response code was an expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/servermanager/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/CFIDE/servermanager/" LinkTitle="http://192.168.1.18/CFIDE/servermanager/"></URLLink></Paragraph>HTTP response code was an expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/scheduler/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/CFIDE/scheduler/" LinkTitle="http://192.168.1.18/CFIDE/scheduler/"></URLLink></Paragraph>HTTP response code was an expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/portlets/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/CFIDE/portlets/" LinkTitle="http://192.168.1.18/CFIDE/portlets/"></URLLink></Paragraph>HTTP response code was an expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/orm/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/CFIDE/orm/" LinkTitle="http://192.168.1.18/CFIDE/orm/"></URLLink></Paragraph>HTTP response code was an expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/componentutils/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/CFIDE/componentutils/" LinkTitle="http://192.168.1.18/CFIDE/componentutils/"></URLLink></Paragraph>HTTP response code was an expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/appdeployment/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/CFIDE/appdeployment/" LinkTitle="http://192.168.1.18/CFIDE/appdeployment/"></URLLink></Paragraph>HTTP response code was an expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/administrator/enter.cfm" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/CFIDE/administrator/" LinkTitle="http://192.168.1.18/CFIDE/administrator/"></URLLink></Paragraph>HTTP response code was an expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/adminiapi/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/CFIDE/adminiapi/" LinkTitle="http://192.168.1.18/CFIDE/adminiapi/"></URLLink></Paragraph>HTTP response code was an expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/adminapi/base.cfc?wsdl" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-dd-wrt-remote-command-execution" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Sleep command executed (Round-trip times: 10428ms, 92ms, 10100ms, 364ms)</Paragraph></Paragraph>
</test>

<test id="http-frontpage-unprotected" key="/_vti_bin/_vti_aut/author.dll" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-php-xmlrpc-code-injection" key="/xmlrpc.php" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-03-cve-2013-0625" status="skipped-version">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>Based on the result of the &quot;APSB13-03: Security updates available for Adobe ColdFusion (CVE-2013-0629)&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/Management.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/Management.asp" LinkTitle="http://192.168.1.18/cgi-bin/Management.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/" LinkTitle="http://192.168.1.18/"></URLLink></Paragraph>HTTP response code was 200 but expected 401</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/images/apply.cgi" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/images/apply.cgi" LinkTitle="http://192.168.1.18/cgi-bin/images/apply.cgi"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/images/index.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/images/index.asp" LinkTitle="http://192.168.1.18/cgi-bin/images/index.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/images/Info.live.htm" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/images/Info.live.htm" LinkTitle="http://192.168.1.18/cgi-bin/images/Info.live.htm"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/images/style/elegant/style.css" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/images/style/elegant/style.css" LinkTitle="http://192.168.1.18/cgi-bin/images/style/elegant/style.css"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/index.asp/&lt;script&gt;xss&lt;/script&gt;" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/index.asp/&lt;script&gt;xss&lt;/script&gt;" LinkTitle="http://192.168.1.18/cgi-bin/index.asp/&lt;script&gt;xss&lt;/script&gt;"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/index.bak" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/index.bak" LinkTitle="http://192.168.1.18/cgi-bin/index.bak"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/index.chtml" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/index.chtml" LinkTitle="http://192.168.1.18/cgi-bin/index.chtml"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/index.htm" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/index.htm" LinkTitle="http://192.168.1.18/cgi-bin/index.htm"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/index.html" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/index.html" LinkTitle="http://192.168.1.18/cgi-bin/index.html"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/index.old" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/index.old" LinkTitle="http://192.168.1.18/cgi-bin/index.old"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/index.swf" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/index.swf" LinkTitle="http://192.168.1.18/cgi-bin/index.swf"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/paypal@dd-wrt.com" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/paypal@dd-wrt.com" LinkTitle="http://192.168.1.18/cgi-bin/paypal@dd-wrt.com"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/readme.txt" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/readme.txt" LinkTitle="http://192.168.1.18/cgi-bin/readme.txt"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/style/elegant/style.css" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/style/elegant/style.css" LinkTitle="http://192.168.1.18/cgi-bin/style/elegant/style.css"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/lang_pack/common.js" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/lang_pack/common.js" LinkTitle="http://192.168.1.18/cgi-bin/lang_pack/common.js"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/lang_pack/lang_pack/english.js" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/lang_pack/lang_pack/english.js" LinkTitle="http://192.168.1.18/cgi-bin/lang_pack/lang_pack/english.js"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/lang_pack/Filters.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/lang_pack/Filters.asp" LinkTitle="http://192.168.1.18/cgi-bin/lang_pack/Filters.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/lang_pack/Firewall.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/lang_pack/Firewall.asp" LinkTitle="http://192.168.1.18/cgi-bin/lang_pack/Firewall.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/lang_pack/ForwardSpec.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/lang_pack/ForwardSpec.asp" LinkTitle="http://192.168.1.18/cgi-bin/lang_pack/ForwardSpec.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/style/elegant/common.js" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/style/elegant/common.js" LinkTitle="http://192.168.1.18/cgi-bin/style/elegant/common.js"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/style/elegant/lang_pack/english.js" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/style/elegant/lang_pack/english.js" LinkTitle="http://192.168.1.18/cgi-bin/style/elegant/lang_pack/english.js"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/lang_pack/Management.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/lang_pack/Management.asp" LinkTitle="http://192.168.1.18/cgi-bin/lang_pack/Management.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/lang_pack/Services.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/lang_pack/Services.asp" LinkTitle="http://192.168.1.18/cgi-bin/lang_pack/Services.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/lang_pack/Status_Router.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/lang_pack/Status_Router.asp" LinkTitle="http://192.168.1.18/cgi-bin/lang_pack/Status_Router.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/lang_pack/Wireless_Basic.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/lang_pack/Wireless_Basic.asp" LinkTitle="http://192.168.1.18/cgi-bin/lang_pack/Wireless_Basic.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/lang_pack/index.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/lang_pack/index.asp" LinkTitle="http://192.168.1.18/cgi-bin/lang_pack/index.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/style/elegant/Filters.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/style/elegant/Filters.asp" LinkTitle="http://192.168.1.18/cgi-bin/style/elegant/Filters.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/style/elegant/Firewall.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/style/elegant/Firewall.asp" LinkTitle="http://192.168.1.18/cgi-bin/style/elegant/Firewall.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/style/elegant/ForwardSpec.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/style/elegant/ForwardSpec.asp" LinkTitle="http://192.168.1.18/cgi-bin/style/elegant/ForwardSpec.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/style/elegant/Management.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/style/elegant/Management.asp" LinkTitle="http://192.168.1.18/cgi-bin/style/elegant/Management.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/style/elegant/Services.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/style/elegant/Services.asp" LinkTitle="http://192.168.1.18/cgi-bin/style/elegant/Services.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/style/elegant/Status_Router.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/style/elegant/Status_Router.asp" LinkTitle="http://192.168.1.18/cgi-bin/style/elegant/Status_Router.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/style/elegant/Wireless_Basic.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/style/elegant/Wireless_Basic.asp" LinkTitle="http://192.168.1.18/cgi-bin/style/elegant/Wireless_Basic.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/style/elegant/index.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/style/elegant/index.asp" LinkTitle="http://192.168.1.18/cgi-bin/style/elegant/index.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/lang_pack/apply.cgi" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/lang_pack/apply.cgi" LinkTitle="http://192.168.1.18/cgi-bin/lang_pack/apply.cgi"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/style/elegant/apply.cgi" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/style/elegant/apply.cgi" LinkTitle="http://192.168.1.18/cgi-bin/style/elegant/apply.cgi"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/lang_pack/Info.live.htm" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/lang_pack/Info.live.htm" LinkTitle="http://192.168.1.18/cgi-bin/lang_pack/Info.live.htm"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/lang_pack/style/elegant/style.css" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/lang_pack/style/elegant/style.css" LinkTitle="http://192.168.1.18/cgi-bin/lang_pack/style/elegant/style.css"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/style/elegant/Info.live.htm" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/style/elegant/Info.live.htm" LinkTitle="http://192.168.1.18/cgi-bin/style/elegant/Info.live.htm"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/style/elegant/style/elegant/style.css" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/style/elegant/style/elegant/style.css" LinkTitle="http://192.168.1.18/cgi-bin/style/elegant/style/elegant/style.css"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/style/elegant/style_ie.css" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/style/elegant/style_ie.css" LinkTitle="http://192.168.1.18/cgi-bin/style/elegant/style_ie.css"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/web.config" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/web.config" LinkTitle="http://192.168.1.18/cgi-bin/web.config"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/exchange/default.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/exchange/default.asp" LinkTitle="http://192.168.1.18/exchange/default.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/exchange/logon.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/exchange/logon.asp" LinkTitle="http://192.168.1.18/exchange/logon.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/exchweb/bin/auth/owalogon.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/exchweb/bin/auth/owalogon.asp" LinkTitle="http://192.168.1.18/exchweb/bin/auth/owalogon.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/iisstart.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/iisstart.asp" LinkTitle="http://192.168.1.18/iisstart.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/localstart.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/localstart.asp" LinkTitle="http://192.168.1.18/localstart.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/login.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/login.asp" LinkTitle="http://192.168.1.18/login.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/test.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/test.asp" LinkTitle="http://192.168.1.18/test.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/.cobalt/default.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/.cobalt/default.asp" LinkTitle="http://192.168.1.18/.cobalt/default.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/.cobalt/index.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/.cobalt/index.asp" LinkTitle="http://192.168.1.18/.cobalt/index.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/&lt;script&gt;xss&lt;/script&gt;.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/&lt;script&gt;xss&lt;/script&gt;.asp" LinkTitle="http://192.168.1.18/&lt;script&gt;xss&lt;/script&gt;.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/AdminScripts/Filters.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/AdminScripts/Filters.asp" LinkTitle="http://192.168.1.18/AdminScripts/Filters.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/AdminScripts/Firewall.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/AdminScripts/Firewall.asp" LinkTitle="http://192.168.1.18/AdminScripts/Firewall.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/AdminScripts/ForwardSpec.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/AdminScripts/ForwardSpec.asp" LinkTitle="http://192.168.1.18/AdminScripts/ForwardSpec.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/AdminScripts/Management.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/AdminScripts/Management.asp" LinkTitle="http://192.168.1.18/AdminScripts/Management.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/AdminScripts/Services.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/AdminScripts/Services.asp" LinkTitle="http://192.168.1.18/AdminScripts/Services.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/AdminScripts/Status_Router.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/AdminScripts/Status_Router.asp" LinkTitle="http://192.168.1.18/AdminScripts/Status_Router.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/AdminScripts/Wireless_Basic.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/AdminScripts/Wireless_Basic.asp" LinkTitle="http://192.168.1.18/AdminScripts/Wireless_Basic.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/AdminScripts/default.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/AdminScripts/default.asp" LinkTitle="http://192.168.1.18/AdminScripts/default.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/AdminScripts/index.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/AdminScripts/index.asp" LinkTitle="http://192.168.1.18/AdminScripts/index.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/Filters.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/Filters.asp" LinkTitle="http://192.168.1.18/Filters.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/Firewall.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/Firewall.asp" LinkTitle="http://192.168.1.18/Firewall.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/ForwardSpec.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/ForwardSpec.asp" LinkTitle="http://192.168.1.18/ForwardSpec.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/Management.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/Management.asp" LinkTitle="http://192.168.1.18/Management.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/Services.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/Services.asp" LinkTitle="http://192.168.1.18/Services.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/Status_Router.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/Status_Router.asp" LinkTitle="http://192.168.1.18/Status_Router.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/Statusinfo.live.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/Statusinfo.live.asp" LinkTitle="http://192.168.1.18/Statusinfo.live.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/Wireless_Basic.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/Wireless_Basic.asp" LinkTitle="http://192.168.1.18/Wireless_Basic.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/default.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/default.asp" LinkTitle="http://192.168.1.18/default.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/index.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/index.asp" LinkTitle="http://192.168.1.18/index.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/apply.cgi" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/apply.cgi" LinkTitle="http://192.168.1.18/apply.cgi"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/printenv" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/printenv" LinkTitle="http://192.168.1.18/cgi-bin/printenv"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/test-cgi" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/test-cgi" LinkTitle="http://192.168.1.18/cgi-bin/test-cgi"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/common.js" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/common.js" LinkTitle="http://192.168.1.18/cgi-bin/common.js"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/lang_pack/english.js" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/lang_pack/english.js" LinkTitle="http://192.168.1.18/cgi-bin/lang_pack/english.js"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/%3f.jsp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/%3f.jsp" LinkTitle="http://192.168.1.18/cgi-bin/%3f.jsp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/default.jsp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/default.jsp" LinkTitle="http://192.168.1.18/cgi-bin/default.jsp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/index.jsp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/index.jsp" LinkTitle="http://192.168.1.18/cgi-bin/index.jsp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/Filters.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/Filters.asp" LinkTitle="http://192.168.1.18/cgi-bin/Filters.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/Firewall.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/Firewall.asp" LinkTitle="http://192.168.1.18/cgi-bin/Firewall.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/ForwardSpec.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/ForwardSpec.asp" LinkTitle="http://192.168.1.18/cgi-bin/ForwardSpec.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/Services.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/Services.asp" LinkTitle="http://192.168.1.18/cgi-bin/Services.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/Wireless_Basic.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/Wireless_Basic.asp" LinkTitle="http://192.168.1.18/cgi-bin/Wireless_Basic.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/Status_Router.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/Status_Router.asp" LinkTitle="http://192.168.1.18/cgi-bin/Status_Router.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/default.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/default.asp" LinkTitle="http://192.168.1.18/cgi-bin/default.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/index.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/index.asp" LinkTitle="http://192.168.1.18/cgi-bin/index.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/default.aspx" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/default.aspx" LinkTitle="http://192.168.1.18/cgi-bin/default.aspx"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/index.aspx" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/index.aspx" LinkTitle="http://192.168.1.18/cgi-bin/index.aspx"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/index.cfm" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/index.cfm" LinkTitle="http://192.168.1.18/cgi-bin/index.cfm"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/apply.cgi" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/apply.cgi" LinkTitle="http://192.168.1.18/cgi-bin/apply.cgi"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/index.cgi" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/index.cgi" LinkTitle="http://192.168.1.18/cgi-bin/index.cgi"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/default.php" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/default.php" LinkTitle="http://192.168.1.18/cgi-bin/default.php"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/index.php" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/index.php" LinkTitle="http://192.168.1.18/cgi-bin/index.php"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/wp-login.php" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/wp-login.php" LinkTitle="http://192.168.1.18/cgi-bin/wp-login.php"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/index.php3" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/index.php3" LinkTitle="http://192.168.1.18/cgi-bin/index.php3"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/default.shtml" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/default.shtml" LinkTitle="http://192.168.1.18/cgi-bin/default.shtml"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/index.shtml" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/index.shtml" LinkTitle="http://192.168.1.18/cgi-bin/index.shtml"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4-" LinkTitle="http://192.168.1.18/cgi-bin/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4-"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/ADw-script AD4-alert(42) ADw-/script AD4-" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/ADw-script AD4-alert(42) ADw-/script AD4-" LinkTitle="http://192.168.1.18/cgi-bin/ADw-script AD4-alert(42) ADw-/script AD4-"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/CVS/Root" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/CVS/Root" LinkTitle="http://192.168.1.18/cgi-bin/CVS/Root"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/DEADJOE" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/DEADJOE" LinkTitle="http://192.168.1.18/cgi-bin/DEADJOE"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/CVS/Entries" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/CVS/Entries" LinkTitle="http://192.168.1.18/cgi-bin/CVS/Entries"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/Filters.asp/&lt;script&gt;xss&lt;/script&gt;" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/Filters.asp/&lt;script&gt;xss&lt;/script&gt;" LinkTitle="http://192.168.1.18/cgi-bin/Filters.asp/&lt;script&gt;xss&lt;/script&gt;"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/.svn/entries" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/.svn/entries" LinkTitle="http://192.168.1.18/cgi-bin/.svn/entries"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/Firewall.asp/&lt;script&gt;xss&lt;/script&gt;" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/Firewall.asp/&lt;script&gt;xss&lt;/script&gt;" LinkTitle="http://192.168.1.18/cgi-bin/Firewall.asp/&lt;script&gt;xss&lt;/script&gt;"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/ForwardSpec.asp/&lt;script&gt;xss&lt;/script&gt;" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/ForwardSpec.asp/&lt;script&gt;xss&lt;/script&gt;" LinkTitle="http://192.168.1.18/cgi-bin/ForwardSpec.asp/&lt;script&gt;xss&lt;/script&gt;"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/Info.htm" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/Info.htm" LinkTitle="http://192.168.1.18/cgi-bin/Info.htm"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/Info.live.htm" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/Info.live.htm" LinkTitle="http://192.168.1.18/cgi-bin/Info.live.htm"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/Info.live.htm/&lt;script&gt;xss&lt;/script&gt;" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/Info.live.htm/&lt;script&gt;xss&lt;/script&gt;" LinkTitle="http://192.168.1.18/cgi-bin/Info.live.htm/&lt;script&gt;xss&lt;/script&gt;"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/Management.asp/&lt;script&gt;xss&lt;/script&gt;" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/Management.asp/&lt;script&gt;xss&lt;/script&gt;" LinkTitle="http://192.168.1.18/cgi-bin/Management.asp/&lt;script&gt;xss&lt;/script&gt;"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/README" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/README" LinkTitle="http://192.168.1.18/cgi-bin/README"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/README.TXT" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/README.TXT" LinkTitle="http://192.168.1.18/cgi-bin/README.TXT"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/Status_Router.asp/&lt;script&gt;xss&lt;/script&gt;" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/Status_Router.asp/&lt;script&gt;xss&lt;/script&gt;" LinkTitle="http://192.168.1.18/cgi-bin/Status_Router.asp/&lt;script&gt;xss&lt;/script&gt;"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/Trace.axd" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/Trace.axd" LinkTitle="http://192.168.1.18/cgi-bin/Trace.axd"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/WS_FTP.LOG" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/WS_FTP.LOG" LinkTitle="http://192.168.1.18/cgi-bin/WS_FTP.LOG"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/Web.sitemap" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/Web.sitemap" LinkTitle="http://192.168.1.18/cgi-bin/Web.sitemap"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/Wireless_Basic.asp/&lt;script&gt;xss&lt;/script&gt;" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/Wireless_Basic.asp/&lt;script&gt;xss&lt;/script&gt;" LinkTitle="http://192.168.1.18/cgi-bin/Wireless_Basic.asp/&lt;script&gt;xss&lt;/script&gt;"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/adojavas.inc" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/adojavas.inc" LinkTitle="http://192.168.1.18/cgi-bin/adojavas.inc"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/adovbs.inc" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/adovbs.inc" LinkTitle="http://192.168.1.18/cgi-bin/adovbs.inc"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/default.htm" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/default.htm" LinkTitle="http://192.168.1.18/cgi-bin/default.htm"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/default.html" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/default.html" LinkTitle="http://192.168.1.18/cgi-bin/default.html"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/default.wml" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/default.wml" LinkTitle="http://192.168.1.18/cgi-bin/default.wml"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/images/common.js" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/images/common.js" LinkTitle="http://192.168.1.18/cgi-bin/images/common.js"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/images/lang_pack/english.js" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/images/lang_pack/english.js" LinkTitle="http://192.168.1.18/cgi-bin/images/lang_pack/english.js"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/images/Filters.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/images/Filters.asp" LinkTitle="http://192.168.1.18/cgi-bin/images/Filters.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/images/Firewall.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/images/Firewall.asp" LinkTitle="http://192.168.1.18/cgi-bin/images/Firewall.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/images/ForwardSpec.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/images/ForwardSpec.asp" LinkTitle="http://192.168.1.18/cgi-bin/images/ForwardSpec.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/images/Management.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/images/Management.asp" LinkTitle="http://192.168.1.18/cgi-bin/images/Management.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/images/Services.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/images/Services.asp" LinkTitle="http://192.168.1.18/cgi-bin/images/Services.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/Services.asp/&lt;script&gt;xss&lt;/script&gt;" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/Services.asp/&lt;script&gt;xss&lt;/script&gt;" LinkTitle="http://192.168.1.18/cgi-bin/Services.asp/&lt;script&gt;xss&lt;/script&gt;"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/images/Status_Router.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/images/Status_Router.asp" LinkTitle="http://192.168.1.18/cgi-bin/images/Status_Router.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/cgi-bin/images/Wireless_Basic.asp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/images/Wireless_Basic.asp" LinkTitle="http://192.168.1.18/cgi-bin/images/Wireless_Basic.asp"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DD-WRT&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-iis-0014" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>Based on the following 3 results:
		<OrderedList>
			<ListItem>
				<Paragraph>
					<ContainerBlockElement></ContainerBlockElement></Paragraph></ListItem>
			<ListItem>
				<Paragraph>
					<ContainerBlockElement>
						<ContainerBlockElement>
							<Paragraph>HTTP GET request to 
							<URLLink LinkURL="http://192.168.1.18/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|" LinkTitle="http://192.168.1.18/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|"></URLLink></Paragraph>HTTP response code was 401 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></ListItem>
			<ListItem>
				<Paragraph>
					<ContainerBlockElement>
						<ContainerBlockElement>
							<Paragraph>HTTP GET request to 
							<URLLink LinkURL="http://192.168.1.18/ASPSamp/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|" LinkTitle="http://192.168.1.18/ASPSamp/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|"></URLLink></Paragraph>HTTP response code was 401 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></ListItem></OrderedList></Paragraph></Paragraph>
</test>

<test id="http-cgi-viewsource-arbitrary-file-access" key="/cgi-bin/view-source?../../../../../../../etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/cgi-bin/view-source?../../../../../../../etc/passwd" LinkTitle="http://192.168.1.18/cgi-bin/view-source?../../../../../../../etc/passwd"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-trace-method-enabled" key="/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-track-method-enabled" key="/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="spider-adobe-flash-permissive-crossdomain-xml" key="/crossdomain.xml" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-03-cve-2013-0631" key="/CFIDE/adminapi/customtags/fusebox.cfm" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-13-cve-2013-3336" key="/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=U" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test" LinkTitle="http://192.168.1.18/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test"></URLLink></Paragraph>HTTP response code was 400 but expected 200HTTP response code was 400 but expected 200HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test" LinkTitle="http://192.168.1.18/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test"></URLLink></Paragraph>HTTP response code was 400 but expected 200HTTP response code was 400 but expected 200HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-asp-dot-net-debug-enabled" key="/cgi-bin/default.aspx" status="error">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/default.aspx" LinkTitle="http://192.168.1.18/cgi-bin/default.aspx"></URLLink></Paragraph></ContainerBlockElement></Paragraph>
	<Paragraph>java.io.EOFException: Peer closed connection before first line could be read</Paragraph></Paragraph>
</test>

<test id="http-asp-dot-net-debug-enabled" key="/cgi-bin/index.aspx" status="error">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/index.aspx" LinkTitle="http://192.168.1.18/cgi-bin/index.aspx"></URLLink></Paragraph></ContainerBlockElement></Paragraph>
	<Paragraph>java.io.EOFException: Peer closed connection before first line could be read</Paragraph></Paragraph>
</test>

<test id="http-awstats-debug-information-disclosure" key="/cgi-bin/awstats/awstats.pl?debug=1" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/cgi-bin/awstats.pl?debug=1" LinkTitle="http://192.168.1.18/cgi-bin/awstats.pl?debug=1"></URLLink></Paragraph>HTTP response code was 401 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/cgi-bin/awstats/awstats.pl?debug=1" LinkTitle="http://192.168.1.18/cgi-bin/awstats/awstats.pl?debug=1"></URLLink></Paragraph>HTTP response code was 401 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-bigbrother-accessible" key="/bb/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/bb/" LinkTitle="http://192.168.1.18/bb/"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-htdig-arbitrary-file-access" key="/cgi-bin/htsearch?Exclude=%60/etc/passwd%60" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/cgi-bin/htsearch?Exclude=%60/etc/passwd%60" LinkTitle="http://192.168.1.18/cgi-bin/htsearch?Exclude=%60/etc/passwd%60"></URLLink></Paragraph>HTTP response code was 401 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-htgrep-arbitrary-file-access" key="/cgi-bin/htgrep/file=index.html&amp;hdr=/etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/cgi-bin/htgrep/file=index.html&amp;hdr=/etc/passwd" LinkTitle="http://192.168.1.18/cgi-bin/htgrep/file=index.html&amp;hdr=/etc/passwd"></URLLink></Paragraph>HTTP response code was 401 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-htmlscript-arbitrary-file-access" key="/cgi-bin/htmlscript?../../../../../../../etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/cgi-bin/htmlscript?../../../../../../../etc/passwd" LinkTitle="http://192.168.1.18/cgi-bin/htmlscript?../../../../../../../etc/passwd"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-testcgi-file-listing" key="/cgi-bin/test-cgi" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.18/cgi-bin/test-cgi" LinkTitle="http://192.168.1.18/cgi-bin/test-cgi"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-generic-propfind-dir-browsing" status="skipped-version">

<Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/lang_pack/" LinkTitle="http://192.168.1.18/cgi-bin/lang_pack/"></URLLink></Paragraph></ContainerBlockElement></Paragraph>
	<Paragraph>Server did not respond to PROPFIND request on: /cgi-bin/lang_pack/</Paragraph>
	<Paragraph>Based on the result of the &quot;WebDAV Extensions are Enabled&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-generic-propfind-dir-browsing" status="skipped-version">

<Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/style/elegant/" LinkTitle="http://192.168.1.18/cgi-bin/style/elegant/"></URLLink></Paragraph></ContainerBlockElement></Paragraph>
	<Paragraph>Server did not respond to PROPFIND request on: /cgi-bin/style/elegant/</Paragraph>
	<Paragraph>Based on the result of the &quot;WebDAV Extensions are Enabled&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-generic-propfind-dir-browsing" status="skipped-version">

<Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/.cobalt/" LinkTitle="http://192.168.1.18/.cobalt/"></URLLink></Paragraph></ContainerBlockElement></Paragraph>
	<Paragraph>Server did not respond to PROPFIND request on: /.cobalt/</Paragraph>
	<Paragraph>Based on the result of the &quot;WebDAV Extensions are Enabled&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-generic-propfind-dir-browsing" status="skipped-version">

<Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/AdminScripts/" LinkTitle="http://192.168.1.18/AdminScripts/"></URLLink></Paragraph></ContainerBlockElement></Paragraph>
	<Paragraph>Server did not respond to PROPFIND request on: /AdminScripts/</Paragraph>
	<Paragraph>Based on the result of the &quot;WebDAV Extensions are Enabled&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-generic-propfind-dir-browsing" status="skipped-version">

<Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/" LinkTitle="http://192.168.1.18/"></URLLink></Paragraph></ContainerBlockElement></Paragraph>
	<Paragraph>Server did not respond to PROPFIND request on: /</Paragraph>
	<Paragraph>Based on the result of the &quot;WebDAV Extensions are Enabled&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-generic-propfind-dir-browsing" status="skipped-version">

<Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/" LinkTitle="http://192.168.1.18/cgi-bin/"></URLLink></Paragraph></ContainerBlockElement></Paragraph>
	<Paragraph>Server did not respond to PROPFIND request on: /cgi-bin/</Paragraph>
	<Paragraph>Based on the result of the &quot;WebDAV Extensions are Enabled&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-generic-propfind-dir-browsing" status="skipped-version">

<Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4-" LinkTitle="http://192.168.1.18/cgi-bin/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4-"></URLLink></Paragraph></ContainerBlockElement></Paragraph>
	<Paragraph>Server did not respond to PROPFIND request on: /cgi-bin/</Paragraph>
	<Paragraph>Based on the result of the &quot;WebDAV Extensions are Enabled&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-generic-propfind-dir-browsing" status="skipped-version">

<Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.18/cgi-bin/images/" LinkTitle="http://192.168.1.18/cgi-bin/images/"></URLLink></Paragraph></ContainerBlockElement></Paragraph>
	<Paragraph>Server did not respond to PROPFIND request on: /cgi-bin/images/</Paragraph>
	<Paragraph>Based on the result of the &quot;WebDAV Extensions are Enabled&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-lighttpd-mod_userdir-info-discl" key="/~bin/true" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-open-proxy" key="http://www.google.com:80/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-php-ini-file-exposed" key="/cgi-bin/php.ini" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/cgi-bin/php.ini" LinkTitle="http://192.168.1.18/cgi-bin/php.ini"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-symantec-scan-engine-file-disclosure" key="/README.txt" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-tomcat-jkstatus-accessible" key="/jkstatus/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/jkstatus/" LinkTitle="http://192.168.1.18/jkstatus/"></URLLink></Paragraph>HTTP response code was an expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-vignette-app-portal-diag" status="not-vulnerable">

<Paragraph>
	<Paragraph>No response returned to diagnostics request</Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-03-cve-2013-0629" key="/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../../license.html" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../license.txt" LinkTitle="http://192.168.1.18/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../license.txt"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.18/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../../license.html" LinkTitle="http://192.168.1.18/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../../license.html"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-0005" key="ftp://ftp.kernel.org/;utf7xss" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/;utf7xss" LinkTitle="ftp://ftp.kernel.org/;utf7xss"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-0005" key="ftp://ftp.kernel.org/;utf7xss" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/;utf7xss" LinkTitle="ftp://ftp.kernel.org/;utf7xss"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-2939" key="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" LinkTitle="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-2939" key="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" LinkTitle="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-adobe-amf-gateway-xxe-cve-2009-3960" key="/flex2gateway/http" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>
</tests>
</service>
</services>
</endpoint>
</endpoints>
</node>

<node address="192.168.1.33" status="alive" device-id="5">
<fingerprints>
<os  certainty="0.80" vendor="Linux" family="Linux" product="Linux" version="2.6.18_pro500-davinci_IPNC_1.00" arch="armv5tejl"/>
<os  certainty="0.70" device-class="General" vendor="Linux" family="Linux" product="Linux" version="2.6.9"/>
<os  certainty="0.60" vendor="Linux" family="Linux" product="Linux"/>
</fingerprints>
<tests>
<test id="tcp-seq-num-approximation" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>TCP reset with incorrect sequence number triggered this fault on 192.168.1.33:443: Connection reset by peer</Paragraph></Paragraph>
</test>

<test id="generic-icmp-netmask" status="not-vulnerable">

<Paragraph>
	<Paragraph>No response</Paragraph></Paragraph>
</test>

<test id="generic-icmp-timestamp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Remote system time: 05:15:22.694 UTC</Paragraph></Paragraph>
</test>

<test id="generic-tcp-timestamp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Apparent system boot time: Sat Nov 23 20:27:00 UTC 2013</Paragraph></Paragraph>
</test>

<test id="udp-ipid-zero" status="vulnerable-version">

<Paragraph>
	<Paragraph>Received UDP packet with IP ID of zero:
		<UnorderedList>
			<ListItem>
				<Paragraph preformat="true">IPv4  SRC[192.168.1.33]  TGT[192.168.1.39]
      TOS[0]  TTL[64]  Flags[40]  Proto[17]  ID[0]  FragOff[0]
      HDR-LENGTH[20]  TOTAL-LENGTH[76]  CKSUM[46856]
UDP   SRC-PORT[123]  TGT-PORT[3037]  CKSUM[59938]
RAW DATA [48]:
1A050AEF0000A7FF00003A4B3D43D2F1  ...&#65533;..&#65533;&#65533;..:K=C&#65533;&#65533;
D63FFC67709A9973C6F15EDB78000000  &#65533;?&#65533;gp&#65533;&#65533;s&#65533;&#65533;^&#65533;x...
D63FFE5FA76C15D2D63FFE5FA77AE579  &#65533;?&#65533;_&#65533;l.&#65533;&#65533;?&#65533;_&#65533;z&#65533;y
</Paragraph></ListItem></UnorderedList></Paragraph></Paragraph>
</test>
</tests>
<endpoints>
<endpoint protocol="tcp" port="80" status="open">
<services>
<service name="HTTP">
<tests>
<test id="adobe-apsb13-03-cve-2013-0632" key="/CFIDE/adminapi/administrator.cfc?" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/adminapi/administrator.cfc" LinkTitle="http://192.168.1.33/CFIDE/adminapi/administrator.cfc"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-13-cve-2013-1389" status="skipped-version">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>Based on the result of the &quot;APSB13-13: Security updates available for Adobe ColdFusion (CVE-2013-3336)&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-3com-wap-default-admin-password" key="/index.htm" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/index.htm" LinkTitle="http://192.168.1.33/index.htm"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-drac-default-login" key="/data/login" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/data/login" LinkTitle="http://192.168.1.33/data/login"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-drac-default-login" key="/cgi/login" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/cgi/login" LinkTitle="http://192.168.1.33/cgi/login"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-glassfish-default-admin-password" key="/common/index.jsf" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/common/index.jsf" LinkTitle="http://192.168.1.33/common/index.jsf"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-nokia-firewall-default-admin-password" key="/cgi-bin/home.tcl" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/cgi-bin/home.tcl" LinkTitle="http://192.168.1.33/cgi-bin/home.tcl"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-phpmyadmin-account-pma-password-empty" key="/phpmyadmin/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/phpmyadmin/" LinkTitle="http://192.168.1.33/phpmyadmin/"></URLLink></Paragraph>HTTP response code was 404 but expected 401</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-struts-cve-2013-2251" key="/struts2-blank/example/HelloWorld.action" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/struts2-blank/example/HelloWorld.action" LinkTitle="http://192.168.1.33/struts2-blank/example/HelloWorld.action"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-struts-cve-2013-2251" key="/struts2-showcase/employee/save.action" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/struts2-showcase/employee/save.action" LinkTitle="http://192.168.1.33/struts2-showcase/employee/save.action"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="checkpoint-ess-info-disclosure-sk57881" key="/conf/ssl/apache/integrity-smartcenter.key" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/conf/ssl/apache/integrity.key" LinkTitle="http://192.168.1.33/conf/ssl/apache/integrity.key"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/conf/ssl/apache/integrity-smartcenter.key" LinkTitle="http://192.168.1.33/conf/ssl/apache/integrity-smartcenter.key"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb10-18-cve-2010-2861" key="/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en" LinkTitle="http://192.168.1.33/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en"></URLLink></Paragraph>HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-awstats-remote-code-execution" key="/cgi-bin/awstats/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/cgi-bin/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;" LinkTitle="http://192.168.1.33/cgi-bin/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/cgi-bin/awstats/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;" LinkTitle="http://192.168.1.33/cgi-bin/awstats/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-faxsurvey-command-execution" key="/cgi-bin/faxquery?/bin/cat%20/etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd" LinkTitle="http://192.168.1.33/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/cgi-bin/faxquery?/bin/cat%20/etc/passwd" LinkTitle="http://192.168.1.33/cgi-bin/faxquery?/bin/cat%20/etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/orm/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/orm/" LinkTitle="http://192.168.1.33/CFIDE/orm/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/administrator/enter.cfm" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/administrator/" LinkTitle="http://192.168.1.33/CFIDE/administrator/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/administrator/enter.cfm" LinkTitle="http://192.168.1.33/CFIDE/administrator/enter.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/AIR/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/AIR/" LinkTitle="http://192.168.1.33/CFIDE/AIR/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/appdeployment/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/appdeployment/" LinkTitle="http://192.168.1.33/CFIDE/appdeployment/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/componentutils/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/componentutils/" LinkTitle="http://192.168.1.33/CFIDE/componentutils/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/scheduler/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/scheduler/" LinkTitle="http://192.168.1.33/CFIDE/scheduler/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/servermanager/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/servermanager/" LinkTitle="http://192.168.1.33/CFIDE/servermanager/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/services/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/services/" LinkTitle="http://192.168.1.33/CFIDE/services/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/adminapi/base.cfc?wsdl" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/adminapi/base.cfc?wsdl" LinkTitle="http://192.168.1.33/CFIDE/adminapi/base.cfc?wsdl"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/wizards/common/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/wizards/common/" LinkTitle="http://192.168.1.33/CFIDE/wizards/common/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/adminiapi/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/adminiapi/" LinkTitle="http://192.168.1.33/CFIDE/adminiapi/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/wizards/common/utils.cfc?method=verifyldapserver&amp;vserver=localhost&amp;vport=22&amp;vstart=&amp;vusername=&amp;vpassword=&amp;returnformat=json" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/wizards/common/utils.cfc?method=verifyldapserver&amp;vserver=localhost&amp;vport=22&amp;vstart=&amp;vusername=&amp;vpassword=&amp;returnformat=json" LinkTitle="http://192.168.1.33/CFIDE/wizards/common/utils.cfc?method=verifyldapserver&amp;vserver=localhost&amp;vport=22&amp;vstart=&amp;vusername=&amp;vpassword=&amp;returnformat=json"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/websocket/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/websocket/" LinkTitle="http://192.168.1.33/CFIDE/websocket/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/portlets/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/portlets/" LinkTitle="http://192.168.1.33/CFIDE/portlets/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-frontpage-unprotected" key="/_vti_bin/_vti_aut/author.dll" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/_vti_bin/_vti_aut/author.dll" LinkTitle="http://192.168.1.33/_vti_bin/_vti_aut/author.dll"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-php-xmlrpc-code-injection" key="/script/xmlrpc.php" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/xmlrpc.php" LinkTitle="http://192.168.1.33/xmlrpc.php"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/serendipity/serendipity_xmlrpc.php" LinkTitle="http://192.168.1.33/serendipity/serendipity_xmlrpc.php"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/serendipity/xmlrpc.php" LinkTitle="http://192.168.1.33/serendipity/xmlrpc.php"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/drupal/xmlrpc.php" LinkTitle="http://192.168.1.33/drupal/xmlrpc.php"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/bblog/xmlrpc.php" LinkTitle="http://192.168.1.33/bblog/xmlrpc.php"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/blogs/xmlsrv/xmlrpc.php" LinkTitle="http://192.168.1.33/blogs/xmlsrv/xmlrpc.php"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/xmlsrv/xmlrpc.php" LinkTitle="http://192.168.1.33/xmlsrv/xmlrpc.php"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/xmlrpc/xmlrpc.php" LinkTitle="http://192.168.1.33/xmlrpc/xmlrpc.php"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/script/xmlrpc.php" LinkTitle="http://192.168.1.33/script/xmlrpc.php"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-03-cve-2013-0625" status="skipped-version">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>Based on the result of the &quot;APSB13-03: Security updates available for Adobe ColdFusion (CVE-2013-0629)&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<Paragraph>HTTP request to 
			<URLLink LinkURL="http://192.168.1.33/" LinkTitle="http://192.168.1.33/"></URLLink></Paragraph>HTTP response code was an expected 401
			<Paragraph preformat="true">1: Basic realm=&quot;DCS-2132L&quot;</Paragraph>
			<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/" LinkTitle="http://192.168.1.33/"></URLLink></Paragraph>HTTP response code was an expected 401
				<Paragraph preformat="true">1: Basic realm=&quot;DCS-2132L&quot;</Paragraph>
				<Paragraph>HTTP header &#39;WWW-Authenticate&#39; was present and matched expectation</Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-iis-0014" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>Based on the following 3 results:
		<OrderedList>
			<ListItem>
				<Paragraph>
					<ContainerBlockElement>
						<ContainerBlockElement>
							<Paragraph>HTTP GET request to 
							<URLLink LinkURL="http://192.168.1.33/scripts/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&amp;dsn=Web%20SQL&amp;dbq=c:\temp\xyz.mdb&amp;newdb=CREATE_DB&amp;attr=" LinkTitle="http://192.168.1.33/scripts/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&amp;dsn=Web%20SQL&amp;dbq=c:\temp\xyz.mdb&amp;newdb=CREATE_DB&amp;attr="></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></ListItem>
			<ListItem>
				<Paragraph>
					<ContainerBlockElement>
						<ContainerBlockElement>
							<Paragraph>HTTP GET request to 
							<URLLink LinkURL="http://192.168.1.33/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|" LinkTitle="http://192.168.1.33/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></ListItem>
			<ListItem>
				<Paragraph>
					<ContainerBlockElement>
						<ContainerBlockElement>
							<Paragraph>HTTP GET request to 
							<URLLink LinkURL="http://192.168.1.33/ASPSamp/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|" LinkTitle="http://192.168.1.33/ASPSamp/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></ListItem></OrderedList></Paragraph></Paragraph>
</test>

<test id="http-cgi-viewsource-arbitrary-file-access" key="/cgi-bin/view-source?../../../../../../../etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/cgi-bin/view-source?../../../../../../../etc/passwd" LinkTitle="http://192.168.1.33/cgi-bin/view-source?../../../../../../../etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-trace-method-enabled" key="/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP TRACE request to 
				<URLLink LinkURL="http://192.168.1.33/" LinkTitle="http://192.168.1.33/"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-track-method-enabled" key="/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP TRACK request to 
				<URLLink LinkURL="http://192.168.1.33/" LinkTitle="http://192.168.1.33/"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="spider-adobe-flash-permissive-crossdomain-xml" key="/crossdomain.xml" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/crossdomain.xml" LinkTitle="http://192.168.1.33/crossdomain.xml"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-03-cve-2013-0631" key="/CFIDE/r.cfm" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/adminapi/customtags/fusebox.cfm" LinkTitle="http://192.168.1.33/CFIDE/adminapi/customtags/fusebox.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/adminapi/customtags/adss.cfm" LinkTitle="http://192.168.1.33/CFIDE/adminapi/customtags/adss.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/h.cfm" LinkTitle="http://192.168.1.33/CFIDE/h.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/h9.cfm" LinkTitle="http://192.168.1.33/CFIDE/h9.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/help.cfm" LinkTitle="http://192.168.1.33/CFIDE/help.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/i.cfm" LinkTitle="http://192.168.1.33/CFIDE/i.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/r.cfm" LinkTitle="http://192.168.1.33/CFIDE/r.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-13-cve-2013-3336" key="/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=U" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test" LinkTitle="http://192.168.1.33/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test"></URLLink></Paragraph>HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test" LinkTitle="http://192.168.1.33/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test"></URLLink></Paragraph>HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-awstats-debug-information-disclosure" key="/cgi-bin/awstats/awstats.pl?debug=1" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/cgi-bin/awstats.pl?debug=1" LinkTitle="http://192.168.1.33/cgi-bin/awstats.pl?debug=1"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/cgi-bin/awstats/awstats.pl?debug=1" LinkTitle="http://192.168.1.33/cgi-bin/awstats/awstats.pl?debug=1"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-bigbrother-accessible" key="/bb/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/bb/" LinkTitle="http://192.168.1.33/bb/"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-htdig-arbitrary-file-access" key="/cgi-bin/htsearch?Exclude=%60/etc/passwd%60" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/cgi-bin/htsearch?Exclude=%60/etc/passwd%60" LinkTitle="http://192.168.1.33/cgi-bin/htsearch?Exclude=%60/etc/passwd%60"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-htgrep-arbitrary-file-access" key="/cgi-bin/htgrep/file=index.html&amp;hdr=/etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/cgi-bin/htgrep/file=index.html&amp;hdr=/etc/passwd" LinkTitle="http://192.168.1.33/cgi-bin/htgrep/file=index.html&amp;hdr=/etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-htmlscript-arbitrary-file-access" key="/cgi-bin/htmlscript?../../../../../../../etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/cgi-bin/htmlscript?../../../../../../../etc/passwd" LinkTitle="http://192.168.1.33/cgi-bin/htmlscript?../../../../../../../etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-testcgi-file-listing" key="/cgi-bin/test-cgi" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/cgi-bin/test-cgi" LinkTitle="http://192.168.1.33/cgi-bin/test-cgi"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-lighttpd-mod_userdir-info-discl" key="/~bin/true" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/~bin/true" LinkTitle="http://192.168.1.33/~bin/true"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-open-proxy" key="http://www.google.com:80/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP HEAD request to 
				<URLLink LinkURL="http://www.google.com/" LinkTitle="http://www.google.com/"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-php-ini-file-exposed" key="/cgi-bin/php.ini" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/cgi-bin/php.ini" LinkTitle="http://192.168.1.33/cgi-bin/php.ini"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-symantec-scan-engine-file-disclosure" key="/README.txt" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/README.txt" LinkTitle="http://192.168.1.33/README.txt"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-tomcat-jkstatus-accessible" key="/jkstatus/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/jkstatus/" LinkTitle="http://192.168.1.33/jkstatus/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-03-cve-2013-0629" key="/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../../license.html" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../license.txt" LinkTitle="http://192.168.1.33/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../license.txt"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.33/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../../license.html" LinkTitle="http://192.168.1.33/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../../license.html"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-0005" key="ftp://ftp.kernel.org/;utf7xss" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/;utf7xss" LinkTitle="ftp://ftp.kernel.org/;utf7xss"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-0005" key="ftp://ftp.kernel.org/;utf7xss" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/;utf7xss" LinkTitle="ftp://ftp.kernel.org/;utf7xss"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-2939" key="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" LinkTitle="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-2939" key="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" LinkTitle="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-adobe-amf-gateway-xxe-cve-2009-3960" key="/lcds-samples/messagebroker/httpsecure" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/flex2gateway/http" LinkTitle="http://192.168.1.33/flex2gateway/http"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/flex2gateway/httpsecure" LinkTitle="http://192.168.1.33/flex2gateway/httpsecure"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/messagebroker/http" LinkTitle="http://192.168.1.33/messagebroker/http"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/messagebroker/httpsecure" LinkTitle="http://192.168.1.33/messagebroker/httpsecure"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/blazeds/messagebroker/http" LinkTitle="http://192.168.1.33/blazeds/messagebroker/http"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/blazeds/messagebroker/httpsecure" LinkTitle="http://192.168.1.33/blazeds/messagebroker/httpsecure"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/samples/messagebroker/http" LinkTitle="http://192.168.1.33/samples/messagebroker/http"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/samples/messagebroker/httpsecure" LinkTitle="http://192.168.1.33/samples/messagebroker/httpsecure"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/lcds/messagebroker/http" LinkTitle="http://192.168.1.33/lcds/messagebroker/http"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/lcds/messagebroker/httpsecure" LinkTitle="http://192.168.1.33/lcds/messagebroker/httpsecure"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/lcds-samples/messagebroker/http" LinkTitle="http://192.168.1.33/lcds-samples/messagebroker/http"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="http://192.168.1.33/lcds-samples/messagebroker/httpsecure" LinkTitle="http://192.168.1.33/lcds-samples/messagebroker/httpsecure"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>
</tests>
</service>
</services>
</endpoint>

<endpoint protocol="udp" port="123" status="open">
<services>
<service name="NTP">
<fingerprints>
<fingerprint  certainty="0.90" family="NTP" product="NTP" version="4.2.0a@1:4.2.0a+stable-8-r"/>
</fingerprints>
<configuration>
<config name="ntp.variables">version=&quot;ntpd 4.2.0a@1:4.2.0a+stable-8-r Sat Aug 30 06:44:03 EDT 2008 (1)&quot;,
processor=&quot;armv5tejl&quot;, system=&quot;Linux/2.6.18_pro500-davinci_IPNC_1.00&quot;,
leap=0, stratum=5, precision=-17, rootdelay=663.555,
rootdispersion=223.836, peer=16948, refid=61.67.210.241,
reftime=0xd63ff867.7092ee84, poll=9, clock=0xd63ffb99.954b167e, state=4,
offset=-29.969, frequency=6.641, noise=9.203, jitter=5.336,
stability=21.220
</config>
</configuration>
<tests>
<test id="ntpd-crypto-recv-buffer-overflow" status="vulnerable-version">

<Paragraph>
	<Paragraph>Running vulnerable NTP service: NTP 4.2.0a@1:4.2.0a+stable-8-r.</Paragraph></Paragraph>
</test>

<test id="ntp-clock-variables-disclosure" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>The following NTP variables were found from a readvar request: version=&quot;ntpd 4.2.0a@1:4.2.0a+stable-8-r Sat Aug 30 06:44:03 EDT 2008 (1)&quot;,
processor=&quot;armv5tejl&quot;, system=&quot;Linux/2.6.18_pro500-davinci_IPNC_1.00&quot;,
leap=0, stratum=5, precision=-17, rootdelay=663.555,
rootdispersion=223.836, peer=16948, refid=61.67.210.241,
reftime=0xd63ff867.7092ee84, poll=9, clock=0xd63ffb99.954b167e, state=4,
offset=-29.969, frequency=6.641, noise=9.203, jitter=5.336,
stability=21.220
</Paragraph></Paragraph>
</test>
</tests>
</service>
</services>
</endpoint>

<endpoint protocol="tcp" port="443" status="open">
<services>
<service name="HTTPS">
<configuration>
<config name="ssl">true</config>
<config name="ssl.cert.issuer.dn">CN=www.dlink.com.tw, OU=R&amp;D Dept., O=D-Link Taiwan, L=Taipei, ST=Taiwan, C=TW</config>
<config name="ssl.cert.key.alg.name">RSA</config>
<config name="ssl.cert.key.rsa.modulusBits">1024</config>
<config name="ssl.cert.not.valid.after">Sat, 11 Mar 2023 10:43:06 UTC</config>
<config name="ssl.cert.not.valid.before">Wed, 13 Mar 2013 10:43:06 UTC</config>
<config name="ssl.cert.selfsigned">true</config>
<config name="ssl.cert.serial.number">11340214068356762790</config>
<config name="ssl.cert.sig.alg.name">SHA1withRSA</config>
<config name="ssl.cert.subject.dn">CN=www.dlink.com.tw, OU=R&amp;D Dept., O=D-Link Taiwan, L=Taipei, ST=Taiwan, C=TW</config>
<config name="ssl.cert.validsignature">true</config>
<config name="ssl.version.ssl20">true</config>
</configuration>
<tests>
<test id="adobe-apsb13-03-cve-2013-0632" key="/CFIDE/adminapi/administrator.cfc?" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/adminapi/administrator.cfc" LinkTitle="https://192.168.1.33/CFIDE/adminapi/administrator.cfc"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-13-cve-2013-1389" status="skipped-version">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>Based on the result of the &quot;APSB13-13: Security updates available for Adobe ColdFusion (CVE-2013-3336)&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-3com-wap-default-admin-password" key="/index.htm" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/index.htm" LinkTitle="https://192.168.1.33/index.htm"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-drac-default-login" key="/data/login" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/data/login" LinkTitle="https://192.168.1.33/data/login"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-drac-default-login" key="/cgi/login" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/cgi/login" LinkTitle="https://192.168.1.33/cgi/login"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-glassfish-default-admin-password" key="/common/index.jsf" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/common/index.jsf" LinkTitle="https://192.168.1.33/common/index.jsf"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-nokia-firewall-default-admin-password" key="/cgi-bin/home.tcl" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/cgi-bin/home.tcl" LinkTitle="https://192.168.1.33/cgi-bin/home.tcl"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-phpmyadmin-account-pma-password-empty" key="/phpmyadmin/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/phpmyadmin/" LinkTitle="https://192.168.1.33/phpmyadmin/"></URLLink></Paragraph>HTTP response code was 404 but expected 401</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-struts-cve-2013-2251" key="/struts2-showcase/employee/save.action" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/struts2-showcase/employee/save.action" LinkTitle="https://192.168.1.33/struts2-showcase/employee/save.action"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-struts-cve-2013-2251" key="/struts2-blank/example/HelloWorld.action" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/struts2-blank/example/HelloWorld.action" LinkTitle="https://192.168.1.33/struts2-blank/example/HelloWorld.action"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="checkpoint-ess-info-disclosure-sk57881" key="/conf/ssl/apache/integrity-smartcenter.key" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/conf/ssl/apache/integrity.key" LinkTitle="https://192.168.1.33/conf/ssl/apache/integrity.key"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/conf/ssl/apache/integrity-smartcenter.key" LinkTitle="https://192.168.1.33/conf/ssl/apache/integrity-smartcenter.key"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb10-18-cve-2010-2861" key="/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en" LinkTitle="https://192.168.1.33/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en"></URLLink></Paragraph>HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-awstats-remote-code-execution" key="/cgi-bin/awstats/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/cgi-bin/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;" LinkTitle="https://192.168.1.33/cgi-bin/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/cgi-bin/awstats/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;" LinkTitle="https://192.168.1.33/cgi-bin/awstats/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-faxsurvey-command-execution" key="/cgi-bin/faxquery?/bin/cat%20/etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd" LinkTitle="https://192.168.1.33/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/cgi-bin/faxquery?/bin/cat%20/etc/passwd" LinkTitle="https://192.168.1.33/cgi-bin/faxquery?/bin/cat%20/etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/administrator/enter.cfm" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/administrator/" LinkTitle="https://192.168.1.33/CFIDE/administrator/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/administrator/enter.cfm" LinkTitle="https://192.168.1.33/CFIDE/administrator/enter.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/appdeployment/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/appdeployment/" LinkTitle="https://192.168.1.33/CFIDE/appdeployment/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/adminiapi/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/adminiapi/" LinkTitle="https://192.168.1.33/CFIDE/adminiapi/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/componentutils/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/componentutils/" LinkTitle="https://192.168.1.33/CFIDE/componentutils/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/adminapi/base.cfc?wsdl" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/adminapi/base.cfc?wsdl" LinkTitle="https://192.168.1.33/CFIDE/adminapi/base.cfc?wsdl"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/orm/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/orm/" LinkTitle="https://192.168.1.33/CFIDE/orm/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/AIR/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/AIR/" LinkTitle="https://192.168.1.33/CFIDE/AIR/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/scheduler/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/scheduler/" LinkTitle="https://192.168.1.33/CFIDE/scheduler/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/servermanager/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/servermanager/" LinkTitle="https://192.168.1.33/CFIDE/servermanager/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/services/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/services/" LinkTitle="https://192.168.1.33/CFIDE/services/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/websocket/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/websocket/" LinkTitle="https://192.168.1.33/CFIDE/websocket/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/wizards/common/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/wizards/common/" LinkTitle="https://192.168.1.33/CFIDE/wizards/common/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/wizards/common/utils.cfc?method=verifyldapserver&amp;vserver=localhost&amp;vport=22&amp;vstart=&amp;vusername=&amp;vpassword=&amp;returnformat=json" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/wizards/common/utils.cfc?method=verifyldapserver&amp;vserver=localhost&amp;vport=22&amp;vstart=&amp;vusername=&amp;vpassword=&amp;returnformat=json" LinkTitle="https://192.168.1.33/CFIDE/wizards/common/utils.cfc?method=verifyldapserver&amp;vserver=localhost&amp;vport=22&amp;vstart=&amp;vusername=&amp;vpassword=&amp;returnformat=json"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/portlets/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/portlets/" LinkTitle="https://192.168.1.33/CFIDE/portlets/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-frontpage-unprotected" key="/_vti_bin/_vti_aut/author.dll" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-php-xmlrpc-code-injection" key="/script/xmlrpc.php" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/xmlrpc.php" LinkTitle="https://192.168.1.33/xmlrpc.php"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/serendipity/serendipity_xmlrpc.php" LinkTitle="https://192.168.1.33/serendipity/serendipity_xmlrpc.php"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/serendipity/xmlrpc.php" LinkTitle="https://192.168.1.33/serendipity/xmlrpc.php"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/drupal/xmlrpc.php" LinkTitle="https://192.168.1.33/drupal/xmlrpc.php"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/bblog/xmlrpc.php" LinkTitle="https://192.168.1.33/bblog/xmlrpc.php"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/blogs/xmlsrv/xmlrpc.php" LinkTitle="https://192.168.1.33/blogs/xmlsrv/xmlrpc.php"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/xmlsrv/xmlrpc.php" LinkTitle="https://192.168.1.33/xmlsrv/xmlrpc.php"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/xmlrpc/xmlrpc.php" LinkTitle="https://192.168.1.33/xmlrpc/xmlrpc.php"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/script/xmlrpc.php" LinkTitle="https://192.168.1.33/script/xmlrpc.php"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-03-cve-2013-0625" status="skipped-version">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>Based on the result of the &quot;APSB13-03: Security updates available for Adobe ColdFusion (CVE-2013-0629)&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="certificate-common-name-mismatch" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>The subject common name found in the X.509 certificate (&#39;CN=www.dlink.com.tw&#39;) does not seem to match the scan target &#39;192.168.1.33&#39;:
		<UnorderedList>
			<ListItem>Subject CN &#39;www.dlink.com.tw&#39; does not match node name &#39;192.168.1.33&#39;</ListItem>
			<ListItem>Subject CN&#39;s resolved IP address &#39;www.dlink.com.tw/58.86.33.135&#39; differs from node IP address &#39;/192.168.1.33&#39;</ListItem></UnorderedList></Paragraph></Paragraph>
</test>

<test id="http-iis-0014" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>Based on the following 3 results:
		<OrderedList>
			<ListItem>
				<Paragraph>
					<ContainerBlockElement>
						<ContainerBlockElement>
							<Paragraph>HTTP GET request to 
							<URLLink LinkURL="https://192.168.1.33/scripts/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&amp;dsn=Web%20SQL&amp;dbq=c:\temp\xyz.mdb&amp;newdb=CREATE_DB&amp;attr=" LinkTitle="https://192.168.1.33/scripts/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&amp;dsn=Web%20SQL&amp;dbq=c:\temp\xyz.mdb&amp;newdb=CREATE_DB&amp;attr="></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></ListItem>
			<ListItem>
				<Paragraph>
					<ContainerBlockElement>
						<ContainerBlockElement>
							<Paragraph>HTTP GET request to 
							<URLLink LinkURL="https://192.168.1.33/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|" LinkTitle="https://192.168.1.33/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></ListItem>
			<ListItem>
				<Paragraph>
					<ContainerBlockElement>
						<ContainerBlockElement>
							<Paragraph>HTTP GET request to 
							<URLLink LinkURL="https://192.168.1.33/ASPSamp/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|" LinkTitle="https://192.168.1.33/ASPSamp/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></ListItem></OrderedList></Paragraph></Paragraph>
</test>

<test id="tls-server-cert-expired" status="not-vulnerable">

<Paragraph>
	<Paragraph>Certificate valid from Wed, 13 Mar 2013 10:43:06 UTC to Sat, 11 Mar 2023 10:43:06 UTC</Paragraph></Paragraph>
</test>

<test id="http-cgi-viewsource-arbitrary-file-access" key="/cgi-bin/view-source?../../../../../../../etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/cgi-bin/view-source?../../../../../../../etc/passwd" LinkTitle="https://192.168.1.33/cgi-bin/view-source?../../../../../../../etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-trace-method-enabled" key="/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-track-method-enabled" key="/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="spider-adobe-flash-permissive-crossdomain-xml" key="/crossdomain.xml" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/crossdomain.xml" LinkTitle="https://192.168.1.33/crossdomain.xml"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="ssl-weak-ciphers" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Negotiated with the following insecure cipher suites. SSLv2 ciphers: 
		<UnorderedList>
			<ListItem>SSL_CK_RC4_128_WITH_MD5</ListItem>
			<ListItem>SSL_CK_RC4_128_EXPORT40_WITH_MD5</ListItem>
			<ListItem>SSL_CK_RC2_128_CBC_WITH_MD5</ListItem>
			<ListItem>SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5</ListItem>
			<ListItem>SSL_CK_DES_64_CBC_WITH_MD5</ListItem>
			<ListItem>SSL_CK_DES_192_EDE3_CBC_WITH_MD5</ListItem></UnorderedList>SSLv3 ciphers: 
		<UnorderedList>
			<ListItem>SSL_RSA_WITH_DES_CBC_SHA</ListItem></UnorderedList></Paragraph></Paragraph>
</test>

<test id="sslv2-and-up-enabled" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>SSLv2 is supported</Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-03-cve-2013-0631" key="/CFIDE/r.cfm" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/adminapi/customtags/fusebox.cfm" LinkTitle="https://192.168.1.33/CFIDE/adminapi/customtags/fusebox.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/adminapi/customtags/adss.cfm" LinkTitle="https://192.168.1.33/CFIDE/adminapi/customtags/adss.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/h.cfm" LinkTitle="https://192.168.1.33/CFIDE/h.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/h9.cfm" LinkTitle="https://192.168.1.33/CFIDE/h9.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/help.cfm" LinkTitle="https://192.168.1.33/CFIDE/help.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/i.cfm" LinkTitle="https://192.168.1.33/CFIDE/i.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/r.cfm" LinkTitle="https://192.168.1.33/CFIDE/r.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-13-cve-2013-3336" key="/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=U" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test" LinkTitle="https://192.168.1.33/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test"></URLLink></Paragraph>HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test" LinkTitle="https://192.168.1.33/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test"></URLLink></Paragraph>HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-awstats-debug-information-disclosure" key="/cgi-bin/awstats/awstats.pl?debug=1" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/cgi-bin/awstats.pl?debug=1" LinkTitle="https://192.168.1.33/cgi-bin/awstats.pl?debug=1"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/cgi-bin/awstats/awstats.pl?debug=1" LinkTitle="https://192.168.1.33/cgi-bin/awstats/awstats.pl?debug=1"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-bigbrother-accessible" key="/bb/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/bb/" LinkTitle="https://192.168.1.33/bb/"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-htdig-arbitrary-file-access" key="/cgi-bin/htsearch?Exclude=%60/etc/passwd%60" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/cgi-bin/htsearch?Exclude=%60/etc/passwd%60" LinkTitle="https://192.168.1.33/cgi-bin/htsearch?Exclude=%60/etc/passwd%60"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-htgrep-arbitrary-file-access" key="/cgi-bin/htgrep/file=index.html&amp;hdr=/etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/cgi-bin/htgrep/file=index.html&amp;hdr=/etc/passwd" LinkTitle="https://192.168.1.33/cgi-bin/htgrep/file=index.html&amp;hdr=/etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-htmlscript-arbitrary-file-access" key="/cgi-bin/htmlscript?../../../../../../../etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/cgi-bin/htmlscript?../../../../../../../etc/passwd" LinkTitle="https://192.168.1.33/cgi-bin/htmlscript?../../../../../../../etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-testcgi-file-listing" key="/cgi-bin/test-cgi" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/cgi-bin/test-cgi" LinkTitle="https://192.168.1.33/cgi-bin/test-cgi"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-lighttpd-mod_userdir-info-discl" key="/~bin/true" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/~bin/true" LinkTitle="https://192.168.1.33/~bin/true"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-open-proxy" key="http://www.google.com:80/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP HEAD request to 
				<URLLink LinkURL="http://www.google.com/" LinkTitle="http://www.google.com/"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-php-ini-file-exposed" key="/cgi-bin/php.ini" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/cgi-bin/php.ini" LinkTitle="https://192.168.1.33/cgi-bin/php.ini"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-symantec-scan-engine-file-disclosure" key="/README.txt" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/README.txt" LinkTitle="https://192.168.1.33/README.txt"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-tomcat-jkstatus-accessible" key="/jkstatus/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/jkstatus/" LinkTitle="https://192.168.1.33/jkstatus/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="tls-server-cert-sig-alg-md5" status="not-vulnerable">

<Paragraph>
	<Paragraph>SSL certificate is signed with SHA1withRSA</Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-03-cve-2013-0629" key="/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../../license.html" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../license.txt" LinkTitle="https://192.168.1.33/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../license.txt"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="https://192.168.1.33/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../../license.html" LinkTitle="https://192.168.1.33/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../../license.html"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-0005" key="ftp://ftp.kernel.org/;utf7xss" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/;utf7xss" LinkTitle="ftp://ftp.kernel.org/;utf7xss"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-0005" key="ftp://ftp.kernel.org/;utf7xss" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/;utf7xss" LinkTitle="ftp://ftp.kernel.org/;utf7xss"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-2939" key="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" LinkTitle="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-2939" key="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" LinkTitle="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-adobe-amf-gateway-xxe-cve-2009-3960" key="/lcds-samples/messagebroker/httpsecure" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTPS service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/flex2gateway/http" LinkTitle="https://192.168.1.33/flex2gateway/http"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/flex2gateway/httpsecure" LinkTitle="https://192.168.1.33/flex2gateway/httpsecure"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/messagebroker/http" LinkTitle="https://192.168.1.33/messagebroker/http"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/messagebroker/httpsecure" LinkTitle="https://192.168.1.33/messagebroker/httpsecure"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/blazeds/messagebroker/http" LinkTitle="https://192.168.1.33/blazeds/messagebroker/http"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/blazeds/messagebroker/httpsecure" LinkTitle="https://192.168.1.33/blazeds/messagebroker/httpsecure"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/samples/messagebroker/http" LinkTitle="https://192.168.1.33/samples/messagebroker/http"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/samples/messagebroker/httpsecure" LinkTitle="https://192.168.1.33/samples/messagebroker/httpsecure"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/lcds/messagebroker/http" LinkTitle="https://192.168.1.33/lcds/messagebroker/http"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/lcds/messagebroker/httpsecure" LinkTitle="https://192.168.1.33/lcds/messagebroker/httpsecure"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/lcds-samples/messagebroker/http" LinkTitle="https://192.168.1.33/lcds-samples/messagebroker/http"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP POST request to 
				<URLLink LinkURL="https://192.168.1.33/lcds-samples/messagebroker/httpsecure" LinkTitle="https://192.168.1.33/lcds-samples/messagebroker/httpsecure"></URLLink></Paragraph>HTTP response code was 400 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="ssl-self-signed-certificate" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>TLS/SSL certificate is self-signed.</Paragraph></Paragraph>
</test>

<test id="weak-crypto-key" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Length of RSA modulus in X.509 certificate: 1024 bits (less than 2047 bits)</Paragraph></Paragraph>
</test>

<test id="tls-server-cert-to-expire" status="not-vulnerable">

<Paragraph>
	<Paragraph>Certificate valid from Wed, 13 Mar 2013 10:43:06 UTC to Sat, 11 Mar 2023 10:43:06 UTC</Paragraph></Paragraph>
</test>
</tests>
</service>
</services>
</endpoint>

<endpoint protocol="tcp" port="554" status="open">
<services>
<service name="RTSP">
<configuration>
<config name="verbs-1">DESCRIBE</config>
<config name="verbs-2">GET_PARAMETER</config>
<config name="verbs-3">OPTIONS</config>
<config name="verbs-4">PAUSE</config>
<config name="verbs-5">PLAY</config>
<config name="verbs-6">SETUP</config>
<config name="verbs-7">SET_PARAMETER</config>
<config name="verbs-8">TEARDOWN</config>
<config name="verbs-count">8</config>
</configuration>
<tests>
</tests>
</service>
</services>
</endpoint>

<endpoint protocol="tcp" port="1010" status="open">
<services>
<service name="&lt;unknown&gt;">
<tests>
</tests>
</service>
</services>
</endpoint>

<endpoint protocol="tcp" port="7777" status="open">
<services>
<service name="&lt;unknown&gt;">
<tests>
</tests>
</service>
</services>
</endpoint>
</endpoints>
</node>

<node address="192.168.1.34" status="alive" device-id="4">
<fingerprints>
<os  certainty="0.70" device-class="Specialized" vendor="Apple" family="Mac OS X" product="Mac OS X" version="10.8.0" cpe="cpe:/o:apple:mac_os_x:10.0"/>
<os  certainty="0.70" device-class="VoIP" vendor="Apple" family="Mac OS X" product="Mac OS X" version="10.8.0" cpe="cpe:/o:apple:mac_os_x:10.0"/>
</fingerprints>
<tests>
<test id="http-upnp-0001" status="skipped-version">

<Paragraph>
	<Paragraph>Based on the result of the &quot;Windows XP UPnP  NOTIFY LOCATION Denial of Service&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="tcp-seq-num-approximation" status="not-vulnerable">

<Paragraph>
	<Paragraph>TCP reset with incorrect sequence number did not trigger fault on 192.168.1.34:5000 (TCP read returned no data)</Paragraph></Paragraph>
</test>

<test id="generic-icmp-netmask" status="not-vulnerable">

<Paragraph>
	<Paragraph>No response</Paragraph></Paragraph>
</test>

<test id="generic-icmp-timestamp" status="not-vulnerable">

<Paragraph>
	<Paragraph>No response</Paragraph></Paragraph>
</test>

<test id="generic-tcp-timestamp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Apparent system boot time: Thu Nov 14 01:50:04 UTC 2013</Paragraph></Paragraph>
</test>

<test id="udp-ipid-zero" status="unknown"/>
</tests>
<endpoints>
<endpoint protocol="tcp" port="5000" status="open">
<services>
<service name="UPnP-HTTPU">
<configuration>
<config name="upnp.headers.server">AirTunes/190.9</config>
</configuration>
<tests>
<test id="http-upnp-0002" status="not-vulnerable">

<Paragraph>
	<Paragraph>DoS attacks are not possible, server closes the connection</Paragraph></Paragraph>
</test>
</tests>
</service>
</services>
</endpoint>

<endpoint protocol="udp" port="5353" status="open">
<services>
<service name="zeroconf (Rendezvous)">
<tests>
</tests>
</service>
</services>
</endpoint>

<endpoint protocol="tcp" port="7100" status="open">
<services>
<service name="XFS">
<tests>
</tests>
</service>
</services>
</endpoint>
</endpoints>
</node>

<node address="192.168.1.35" status="alive" device-id="8">
<fingerprints>
<os  certainty="0.68" device-class="General" vendor="Apple" family="Mac OS X" product="Mac OS X" version="10.5.6" cpe="cpe:/o:apple:mac_os_x:10.0"/>
<os  certainty="0.66" device-class="General" vendor="FreeBSD" family="FreeBSD" product="FreeBSD" version="5.5-STABLE"/>
<os  certainty="0.65" device-class="General" vendor="FreeBSD" family="FreeBSD" product="FreeBSD" version="6.1-RELEASE"/>
<os  certainty="0.65" device-class="General" vendor="FreeBSD" family="FreeBSD" product="FreeBSD" version="8.0-STABLE"/>
<os  certainty="0.64" device-class="General" vendor="Caldera" family="Open Unix" product="UNIX" version="7.1.0"/>
<os  certainty="0.64" device-class="General" vendor="HP" family="VMS" product="VMS" version="5.1B"/>
<os  certainty="0.64" device-class="General" vendor="HP" family="VMS" product="VMS" version="8.2"/>
<os  certainty="0.64" device-class="General" vendor="HP" family="VMS" product="VMS" version="8.3" cpe="cpe:/o:hp:openvms:8.3"/>
<os  certainty="0.64" device-class="Printer" vendor="Lexmark" family="embedded" product="embedded"/>
<os  certainty="0.64" device-class="General" vendor="OpenBSD" family="OpenBSD" product="OpenBSD" version="4.3"/>
</fingerprints>
<tests>
<test id="generic-icmp-netmask" status="not-vulnerable">

<Paragraph>
	<Paragraph>No response</Paragraph></Paragraph>
</test>

<test id="generic-icmp-timestamp" status="not-vulnerable">

<Paragraph>
	<Paragraph>No response</Paragraph></Paragraph>
</test>
</tests>
</node>

<node address="192.168.1.37" status="alive" hardware-address="E4CE8F490D7C" device-id="2">
<names>
<name>MACBOOKPRO-C9A7</name>
</names>
<tests>
<test id="generic-icmp-netmask" status="not-vulnerable">

<Paragraph>
	<Paragraph>No response</Paragraph></Paragraph>
</test>

<test id="generic-icmp-timestamp" status="not-vulnerable">

<Paragraph>
	<Paragraph>No response</Paragraph></Paragraph>
</test>

<test id="udp-ipid-zero" status="not-vulnerable">

<Paragraph>
	<Paragraph>No UDP replies had an IP ID of zero</Paragraph></Paragraph>
</test>
</tests>
<endpoints>
<endpoint protocol="udp" port="123" status="open">
<services>
<service name="NTP">
<tests>
<test id="ntp-clock-variables-disclosure" status="not-vulnerable">

<Paragraph>
	<Paragraph>No NTP variables were found from a readvar request</Paragraph></Paragraph>
</test>
</tests>
</service>
</services>
</endpoint>

<endpoint protocol="udp" port="137" status="open">
<services>
<service name="CIFS Name Service">
<configuration>
<config name="advertised-name-1">MACBOOKPRO-C9A7 (Computer Name)</config>
<config name="advertised-name-count">1</config>
<config name="mac-address">E4CE8F490D7C</config>
</configuration>
<tests>
</tests>
</service>
</services>
</endpoint>
</endpoints>
</node>

<node address="192.168.1.38" status="alive" device-id="9">
<tests>
<test id="generic-icmp-netmask" status="not-vulnerable">

<Paragraph>
	<Paragraph>No response</Paragraph></Paragraph>
</test>

<test id="generic-icmp-timestamp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Remote system time: 05:03:21.216 UTC</Paragraph></Paragraph>
</test>
</tests>
</node>

<node address="192.168.1.40" status="alive" device-id="3">
<fingerprints>
<os  certainty="0.70" device-class="VoIP" vendor="Microsoft" family="Windows" product="Windows" version="7.5"/>
<os  certainty="0.70" device-class="General" vendor="Microsoft" family="Windows" product="Windows Server 2008" version="3"/>
<os  certainty="0.70" device-class="General" vendor="Microsoft" family="Windows" product="Windows Server 2008" version="7"/>
</fingerprints>
<tests>
<test id="cifs-insecure-acct-lockout-limit" key="Microsoft Windows Phone 7.5" status="skipped-version">

<Paragraph>
	<Paragraph>Skipped OS: Microsoft Windows Phone 7.5
		<Paragraph>
			<UnorderedList>
				<ListItem>The property &quot;account-lockout-failure-threshold is empty.</ListItem></UnorderedList></Paragraph></Paragraph></Paragraph>
</test>

<test id="cifs-insecure-password-length-min" key="Microsoft Windows Phone 7.5" status="skipped-version">

<Paragraph>
	<Paragraph>Skipped OS: Microsoft Windows Phone 7.5
		<Paragraph>
			<UnorderedList>
				<ListItem>The property &quot;password-minimum-length is empty.</ListItem></UnorderedList></Paragraph></Paragraph></Paragraph>
</test>

<test id="cifs-no-acct-lockout-limit" key="Microsoft Windows Phone 7.5" status="skipped-version">

<Paragraph>
	<Paragraph>Skipped OS: Microsoft Windows Phone 7.5
		<Paragraph>
			<UnorderedList>
				<ListItem>The property &quot;account-lockout-failure-threshold is empty.</ListItem></UnorderedList></Paragraph></Paragraph></Paragraph>
</test>

<test id="cifs-no-password-length-min" key="Microsoft Windows Phone 7.5" status="skipped-version">

<Paragraph>
	<Paragraph>Skipped OS: Microsoft Windows Phone 7.5
		<Paragraph>
			<UnorderedList>
				<ListItem>The property &quot;password-minimum-length is empty.</ListItem></UnorderedList></Paragraph></Paragraph></Paragraph>
</test>

<test id="tcp-seq-num-approximation" status="not-vulnerable">

<Paragraph>
	<Paragraph>TCP reset with incorrect sequence number did not trigger fault on 192.168.1.40:80 (TCP read returned no data)</Paragraph></Paragraph>
</test>

<test id="generic-icmp-netmask" status="not-vulnerable">

<Paragraph>
	<Paragraph>No response</Paragraph></Paragraph>
</test>

<test id="generic-icmp-timestamp" status="not-vulnerable">

<Paragraph>
	<Paragraph>No response</Paragraph></Paragraph>
</test>

<test id="generic-tcp-timestamp" status="vulnerable-exploited">

<Paragraph>
	<Paragraph>Apparent system boot time: Wed Nov 27 04:31:19 UTC 2013</Paragraph></Paragraph>
</test>
</tests>
<endpoints>
<endpoint protocol="tcp" port="80" status="open">
<services>
<service name="HTTP">
<tests>
<test id="adobe-apsb13-03-cve-2013-0632" key="/CFIDE/adminapi/administrator.cfc?" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-13-cve-2013-1389" status="skipped-version">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>Based on the result of the &quot;APSB13-13: Security updates available for Adobe ColdFusion (CVE-2013-3336)&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-3com-wap-default-admin-password" key="/index.htm" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-drac-default-login" key="/cgi/login" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-drac-default-login" status="error">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>java.lang.StringIndexOutOfBoundsException: String index out of range: 55
	at java.lang.String.substring(String.java:1907)
	at com.rapid7.net.http.HTTPResponseParser.parseFirstLine(Unknown Source)
	at com.rapid7.net.http.HTTPMessageParser.parse(Unknown Source)
	at com.rapid7.net.http.HTTPResponseParser.parseResponse(Unknown Source)
	at com.rapid7.net.http.HTTPSession.parseResponse(Unknown Source)
	at com.rapid7.net.http.HTTPSession.doReceiveResponse(Unknown Source)
	at com.rapid7.net.http.HTTPSession.getResponseFor(Unknown Source)
	at com.rapid7.net.http.HTTPSession.sendRequest(Unknown Source)
	at com.rapid7.net.http.HTTPClient.request(Unknown Source)
	at com.rapid7.net.http.HTTPClient.request(Unknown Source)
	at com.rapid7.net.http.HTTPClient.request(Unknown Source)
	at com.rapid7.nexpose.plugin.http.HTTPCheckHandler$HTTPReqRespTest.isMatch(Unknown Source)
	at com.rapid7.nexpose.plugin.http.HTTPCheckHandler$HTTPCheckTest.performCheck(Unknown Source)
	at com.rapid7.nexpose.plugin.http.HTTPCheckHandler.handle(Unknown Source)
	at com.rapid7.nexpose.plugin.BaseCheckContext.invokeTest(Unknown Source)
	at com.rapid7.nexpose.nse.VulnerabilityCheckContext.performTests(Unknown Source)
	at sun.reflect.GeneratedMethodAccessor252.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at com.rapid7.thread.ThreadedCall.invokeCall(Unknown Source)
	at com.rapid7.thread.ThreadedCall.execute(Unknown Source)
	at com.rapid7.thread.ThreadedCallRunner.executeCall(Unknown Source)
	at com.rapid7.thread.ThreadedCallRunner.run(Unknown Source)
</Paragraph></Paragraph>
</test>

<test id="http-glassfish-default-admin-password" key="/common/index.jsf" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/common/index.jsf" LinkTitle="http://192.168.1.40/common/index.jsf"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-nokia-firewall-default-admin-password" key="/cgi-bin/home.tcl" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-phpmyadmin-account-pma-password-empty" key="/phpmyadmin/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/phpmyadmin/" LinkTitle="http://192.168.1.40/phpmyadmin/"></URLLink></Paragraph>HTTP response code was 404 but expected 401</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-struts-cve-2013-2251" key="/struts2-blank/example/HelloWorld.action" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/struts2-blank/example/HelloWorld.action" LinkTitle="http://192.168.1.40/struts2-blank/example/HelloWorld.action"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-struts-cve-2013-2251" key="/struts2-showcase/employee/save.action" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/struts2-showcase/employee/save.action" LinkTitle="http://192.168.1.40/struts2-showcase/employee/save.action"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="checkpoint-ess-info-disclosure-sk57881" key="/conf/ssl/apache/integrity-smartcenter.key" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/conf/ssl/apache/integrity.key" LinkTitle="http://192.168.1.40/conf/ssl/apache/integrity.key"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/conf/ssl/apache/integrity-smartcenter.key" LinkTitle="http://192.168.1.40/conf/ssl/apache/integrity-smartcenter.key"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb10-18-cve-2010-2861" key="/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en" LinkTitle="http://192.168.1.40/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en"></URLLink></Paragraph>HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-awstats-remote-code-execution" key="/cgi-bin/awstats/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/cgi-bin/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;" LinkTitle="http://192.168.1.40/cgi-bin/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/cgi-bin/awstats/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;" LinkTitle="http://192.168.1.40/cgi-bin/awstats/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-faxsurvey-command-execution" key="/cgi-bin/faxquery?/bin/cat%20/etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd" LinkTitle="http://192.168.1.40/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/cgi-bin/faxquery?/bin/cat%20/etc/passwd" LinkTitle="http://192.168.1.40/cgi-bin/faxquery?/bin/cat%20/etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/servermanager/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/servermanager/" LinkTitle="http://192.168.1.40/CFIDE/servermanager/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/AIR/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/AIR/" LinkTitle="http://192.168.1.40/CFIDE/AIR/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/administrator/enter.cfm" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/administrator/" LinkTitle="http://192.168.1.40/CFIDE/administrator/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/administrator/enter.cfm" LinkTitle="http://192.168.1.40/CFIDE/administrator/enter.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/adminiapi/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/adminiapi/" LinkTitle="http://192.168.1.40/CFIDE/adminiapi/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/adminapi/base.cfc?wsdl" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/adminapi/base.cfc?wsdl" LinkTitle="http://192.168.1.40/CFIDE/adminapi/base.cfc?wsdl"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/wizards/common/utils.cfc?method=verifyldapserver&amp;vserver=localhost&amp;vport=22&amp;vstart=&amp;vusername=&amp;vpassword=&amp;returnformat=json" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/wizards/common/utils.cfc?method=verifyldapserver&amp;vserver=localhost&amp;vport=22&amp;vstart=&amp;vusername=&amp;vpassword=&amp;returnformat=json" LinkTitle="http://192.168.1.40/CFIDE/wizards/common/utils.cfc?method=verifyldapserver&amp;vserver=localhost&amp;vport=22&amp;vstart=&amp;vusername=&amp;vpassword=&amp;returnformat=json"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/scheduler/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/scheduler/" LinkTitle="http://192.168.1.40/CFIDE/scheduler/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/wizards/common/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/wizards/common/" LinkTitle="http://192.168.1.40/CFIDE/wizards/common/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/appdeployment/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/appdeployment/" LinkTitle="http://192.168.1.40/CFIDE/appdeployment/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/componentutils/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/componentutils/" LinkTitle="http://192.168.1.40/CFIDE/componentutils/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/websocket/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/websocket/" LinkTitle="http://192.168.1.40/CFIDE/websocket/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/services/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/services/" LinkTitle="http://192.168.1.40/CFIDE/services/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/orm/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/orm/" LinkTitle="http://192.168.1.40/CFIDE/orm/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/portlets/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/portlets/" LinkTitle="http://192.168.1.40/CFIDE/portlets/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-frontpage-unprotected" key="/_vti_bin/_vti_aut/author.dll" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/_vti_bin/_vti_aut/author.dll" LinkTitle="http://192.168.1.40/_vti_bin/_vti_aut/author.dll"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-php-xmlrpc-code-injection" key="/xmlrpc.php" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-03-cve-2013-0625" status="skipped-version">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>Based on the result of the &quot;APSB13-03: Security updates available for Adobe ColdFusion (CVE-2013-0629)&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/" LinkTitle="http://192.168.1.40/"></URLLink></Paragraph>HTTP response code was 404 but expected 401</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-iis-0014" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>Based on the following 3 results:
		<OrderedList>
			<ListItem>
				<Paragraph>
					<ContainerBlockElement>
						<ContainerBlockElement>
							<Paragraph>HTTP GET request to 
							<URLLink LinkURL="http://192.168.1.40/scripts/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&amp;dsn=Web%20SQL&amp;dbq=c:\temp\xyz.mdb&amp;newdb=CREATE_DB&amp;attr=" LinkTitle="http://192.168.1.40/scripts/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&amp;dsn=Web%20SQL&amp;dbq=c:\temp\xyz.mdb&amp;newdb=CREATE_DB&amp;attr="></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></ListItem>
			<ListItem>
				<Paragraph>
					<ContainerBlockElement>
						<ContainerBlockElement>
							<Paragraph>HTTP GET request to 
							<URLLink LinkURL="http://192.168.1.40/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|" LinkTitle="http://192.168.1.40/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></ListItem>
			<ListItem>
				<Paragraph>
					<ContainerBlockElement>
						<ContainerBlockElement>
							<Paragraph>HTTP GET request to 
							<URLLink LinkURL="http://192.168.1.40/ASPSamp/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|" LinkTitle="http://192.168.1.40/ASPSamp/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></ListItem></OrderedList></Paragraph></Paragraph>
</test>

<test id="http-cgi-viewsource-arbitrary-file-access" key="/cgi-bin/view-source?../../../../../../../etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/cgi-bin/view-source?../../../../../../../etc/passwd" LinkTitle="http://192.168.1.40/cgi-bin/view-source?../../../../../../../etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-trace-method-enabled" key="/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-track-method-enabled" key="/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="spider-adobe-flash-permissive-crossdomain-xml" key="/crossdomain.xml" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/crossdomain.xml" LinkTitle="http://192.168.1.40/crossdomain.xml"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-03-cve-2013-0631" key="/CFIDE/r.cfm" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/adminapi/customtags/fusebox.cfm" LinkTitle="http://192.168.1.40/CFIDE/adminapi/customtags/fusebox.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/adminapi/customtags/adss.cfm" LinkTitle="http://192.168.1.40/CFIDE/adminapi/customtags/adss.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/h.cfm" LinkTitle="http://192.168.1.40/CFIDE/h.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/h9.cfm" LinkTitle="http://192.168.1.40/CFIDE/h9.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/help.cfm" LinkTitle="http://192.168.1.40/CFIDE/help.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/i.cfm" LinkTitle="http://192.168.1.40/CFIDE/i.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/r.cfm" LinkTitle="http://192.168.1.40/CFIDE/r.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-13-cve-2013-3336" key="/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=U" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test" LinkTitle="http://192.168.1.40/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test"></URLLink></Paragraph>HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test" LinkTitle="http://192.168.1.40/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test"></URLLink></Paragraph>HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-awstats-debug-information-disclosure" key="/cgi-bin/awstats/awstats.pl?debug=1" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/cgi-bin/awstats.pl?debug=1" LinkTitle="http://192.168.1.40/cgi-bin/awstats.pl?debug=1"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/cgi-bin/awstats/awstats.pl?debug=1" LinkTitle="http://192.168.1.40/cgi-bin/awstats/awstats.pl?debug=1"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-bigbrother-accessible" key="/bb/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/bb/" LinkTitle="http://192.168.1.40/bb/"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-htdig-arbitrary-file-access" key="/cgi-bin/htsearch?Exclude=%60/etc/passwd%60" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/cgi-bin/htsearch?Exclude=%60/etc/passwd%60" LinkTitle="http://192.168.1.40/cgi-bin/htsearch?Exclude=%60/etc/passwd%60"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-htgrep-arbitrary-file-access" key="/cgi-bin/htgrep/file=index.html&amp;hdr=/etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/cgi-bin/htgrep/file=index.html&amp;hdr=/etc/passwd" LinkTitle="http://192.168.1.40/cgi-bin/htgrep/file=index.html&amp;hdr=/etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-htmlscript-arbitrary-file-access" key="/cgi-bin/htmlscript?../../../../../../../etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/cgi-bin/htmlscript?../../../../../../../etc/passwd" LinkTitle="http://192.168.1.40/cgi-bin/htmlscript?../../../../../../../etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-testcgi-file-listing" key="/cgi-bin/test-cgi" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-lighttpd-mod_userdir-info-discl" key="/~bin/true" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/~bin/true" LinkTitle="http://192.168.1.40/~bin/true"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-open-proxy" key="http://www.google.com:80/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-php-ini-file-exposed" key="/cgi-bin/php.ini" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/cgi-bin/php.ini" LinkTitle="http://192.168.1.40/cgi-bin/php.ini"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-symantec-scan-engine-file-disclosure" key="/README.txt" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/README.txt" LinkTitle="http://192.168.1.40/README.txt"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-tomcat-jkstatus-accessible" key="/jkstatus/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/jkstatus/" LinkTitle="http://192.168.1.40/jkstatus/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-03-cve-2013-0629" key="/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../../license.html" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../license.txt" LinkTitle="http://192.168.1.40/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../license.txt"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../../license.html" LinkTitle="http://192.168.1.40/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../../license.html"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-0005" key="ftp://ftp.kernel.org/;utf7xss" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/;utf7xss" LinkTitle="ftp://ftp.kernel.org/;utf7xss"></URLLink></Paragraph>HTTP response code was 501 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-0005" key="ftp://ftp.kernel.org/;utf7xss" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/;utf7xss" LinkTitle="ftp://ftp.kernel.org/;utf7xss"></URLLink></Paragraph>HTTP response code was 501 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-2939" key="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" LinkTitle="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;"></URLLink></Paragraph>HTTP response code was 501 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-2939" key="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" LinkTitle="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;"></URLLink></Paragraph>HTTP response code was 501 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-adobe-amf-gateway-xxe-cve-2009-3960" key="/flex2gateway/http" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>
</tests>
</service>
</services>
</endpoint>

<endpoint protocol="tcp" port="443" status="open">
<services>
<service name="HTTP">
<tests>
<test id="adobe-apsb13-03-cve-2013-0632" key="/CFIDE/adminapi/administrator.cfc?" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-13-cve-2013-1389" status="skipped-version">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>Based on the result of the &quot;APSB13-13: Security updates available for Adobe ColdFusion (CVE-2013-3336)&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-3com-wap-default-admin-password" key="/index.htm" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-drac-default-login" key="/cgi/login" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-drac-default-login" key="/data/login" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-glassfish-default-admin-password" key="/common/index.jsf" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/common/index.jsf" LinkTitle="http://192.168.1.40:443/common/index.jsf"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-nokia-firewall-default-admin-password" key="/cgi-bin/home.tcl" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-phpmyadmin-account-pma-password-empty" key="/phpmyadmin/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/phpmyadmin/" LinkTitle="http://192.168.1.40:443/phpmyadmin/"></URLLink></Paragraph>HTTP response code was 404 but expected 401</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-struts-cve-2013-2251" key="/struts2-showcase/employee/save.action" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/struts2-showcase/employee/save.action" LinkTitle="http://192.168.1.40:443/struts2-showcase/employee/save.action"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-struts-cve-2013-2251" key="/struts2-blank/example/HelloWorld.action" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/struts2-blank/example/HelloWorld.action" LinkTitle="http://192.168.1.40:443/struts2-blank/example/HelloWorld.action"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="checkpoint-ess-info-disclosure-sk57881" key="/conf/ssl/apache/integrity-smartcenter.key" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/conf/ssl/apache/integrity.key" LinkTitle="http://192.168.1.40:443/conf/ssl/apache/integrity.key"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/conf/ssl/apache/integrity-smartcenter.key" LinkTitle="http://192.168.1.40:443/conf/ssl/apache/integrity-smartcenter.key"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb10-18-cve-2010-2861" key="/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en" LinkTitle="http://192.168.1.40:443/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en"></URLLink></Paragraph>HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-awstats-remote-code-execution" key="/cgi-bin/awstats/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/cgi-bin/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;" LinkTitle="http://192.168.1.40:443/cgi-bin/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/cgi-bin/awstats/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;" LinkTitle="http://192.168.1.40:443/cgi-bin/awstats/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22;"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-faxsurvey-command-execution" key="/cgi-bin/faxquery?/bin/cat%20/etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd" LinkTitle="http://192.168.1.40:443/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/cgi-bin/faxquery?/bin/cat%20/etc/passwd" LinkTitle="http://192.168.1.40:443/cgi-bin/faxquery?/bin/cat%20/etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/componentutils/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/componentutils/" LinkTitle="http://192.168.1.40:443/CFIDE/componentutils/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/wizards/common/utils.cfc?method=verifyldapserver&amp;vserver=localhost&amp;vport=22&amp;vstart=&amp;vusername=&amp;vpassword=&amp;returnformat=json" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/wizards/common/utils.cfc?method=verifyldapserver&amp;vserver=localhost&amp;vport=22&amp;vstart=&amp;vusername=&amp;vpassword=&amp;returnformat=json" LinkTitle="http://192.168.1.40:443/CFIDE/wizards/common/utils.cfc?method=verifyldapserver&amp;vserver=localhost&amp;vport=22&amp;vstart=&amp;vusername=&amp;vpassword=&amp;returnformat=json"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/wizards/common/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/wizards/common/" LinkTitle="http://192.168.1.40:443/CFIDE/wizards/common/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/websocket/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/websocket/" LinkTitle="http://192.168.1.40:443/CFIDE/websocket/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/services/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/services/" LinkTitle="http://192.168.1.40:443/CFIDE/services/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/servermanager/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/servermanager/" LinkTitle="http://192.168.1.40:443/CFIDE/servermanager/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/scheduler/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/scheduler/" LinkTitle="http://192.168.1.40:443/CFIDE/scheduler/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/portlets/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/portlets/" LinkTitle="http://192.168.1.40:443/CFIDE/portlets/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/orm/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/orm/" LinkTitle="http://192.168.1.40:443/CFIDE/orm/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/appdeployment/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/appdeployment/" LinkTitle="http://192.168.1.40:443/CFIDE/appdeployment/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/AIR/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/AIR/" LinkTitle="http://192.168.1.40:443/CFIDE/AIR/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/administrator/enter.cfm" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/administrator/" LinkTitle="http://192.168.1.40:443/CFIDE/administrator/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/administrator/enter.cfm" LinkTitle="http://192.168.1.40:443/CFIDE/administrator/enter.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/adminiapi/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/adminiapi/" LinkTitle="http://192.168.1.40:443/CFIDE/adminiapi/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-coldfusion-cfide-unprotected" key="/CFIDE/adminapi/base.cfc?wsdl" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/adminapi/base.cfc?wsdl" LinkTitle="http://192.168.1.40:443/CFIDE/adminapi/base.cfc?wsdl"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-frontpage-unprotected" key="/_vti_bin/_vti_aut/author.dll" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-php-xmlrpc-code-injection" key="/xmlrpc.php" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-03-cve-2013-0625" status="skipped-version">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>Based on the result of the &quot;APSB13-03: Security updates available for Adobe ColdFusion (CVE-2013-0629)&quot; test, this node is not vulnerable to this issue.</Paragraph></Paragraph>
</test>

<test id="http-basic-auth-cleartext" key="/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/" LinkTitle="http://192.168.1.40:443/"></URLLink></Paragraph>HTTP response code was 404 but expected 401</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-iis-0014" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>Based on the following 3 results:
		<OrderedList>
			<ListItem>
				<Paragraph>
					<ContainerBlockElement>
						<ContainerBlockElement>
							<Paragraph>HTTP GET request to 
							<URLLink LinkURL="http://192.168.1.40:443/scripts/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&amp;dsn=Web%20SQL&amp;dbq=c:\temp\xyz.mdb&amp;newdb=CREATE_DB&amp;attr=" LinkTitle="http://192.168.1.40:443/scripts/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&amp;dsn=Web%20SQL&amp;dbq=c:\temp\xyz.mdb&amp;newdb=CREATE_DB&amp;attr="></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></ListItem>
			<ListItem>
				<Paragraph>
					<ContainerBlockElement>
						<ContainerBlockElement>
							<Paragraph>HTTP GET request to 
							<URLLink LinkURL="http://192.168.1.40:443/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|" LinkTitle="http://192.168.1.40:443/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></ListItem>
			<ListItem>
				<Paragraph>
					<ContainerBlockElement>
						<ContainerBlockElement>
							<Paragraph>HTTP GET request to 
							<URLLink LinkURL="http://192.168.1.40:443/ASPSamp/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|" LinkTitle="http://192.168.1.40:443/ASPSamp/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(&quot;c:cmd.exe&quot;)|"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></ListItem></OrderedList></Paragraph></Paragraph>
</test>

<test id="http-cgi-viewsource-arbitrary-file-access" key="/cgi-bin/view-source?../../../../../../../etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/cgi-bin/view-source?../../../../../../../etc/passwd" LinkTitle="http://192.168.1.40:443/cgi-bin/view-source?../../../../../../../etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-trace-method-enabled" key="/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-track-method-enabled" key="/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="spider-adobe-flash-permissive-crossdomain-xml" key="/crossdomain.xml" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/crossdomain.xml" LinkTitle="http://192.168.1.40:443/crossdomain.xml"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-03-cve-2013-0631" key="/CFIDE/r.cfm" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/adminapi/customtags/fusebox.cfm" LinkTitle="http://192.168.1.40:443/CFIDE/adminapi/customtags/fusebox.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/adminapi/customtags/adss.cfm" LinkTitle="http://192.168.1.40:443/CFIDE/adminapi/customtags/adss.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/h.cfm" LinkTitle="http://192.168.1.40:443/CFIDE/h.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/h9.cfm" LinkTitle="http://192.168.1.40:443/CFIDE/h9.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/help.cfm" LinkTitle="http://192.168.1.40:443/CFIDE/help.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/i.cfm" LinkTitle="http://192.168.1.40:443/CFIDE/i.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/r.cfm" LinkTitle="http://192.168.1.40:443/CFIDE/r.cfm"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-13-cve-2013-3336" key="/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=U" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test" LinkTitle="http://192.168.1.40:443/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test"></URLLink></Paragraph>HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test" LinkTitle="http://192.168.1.40:443/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&amp;attributes.file=../../administrator/mail/download.cfm&amp;filename=../lib/password.properties&amp;attributes.locale=it&amp;attributes.var=it&amp;attributes.jscript=false&amp;attributes.type=text/html&amp;attributes.charset=UTF-8&amp;thisTag.executionmode=end&amp;thisTag.generatedContent=test"></URLLink></Paragraph>HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-awstats-debug-information-disclosure" key="/cgi-bin/awstats/awstats.pl?debug=1" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/cgi-bin/awstats.pl?debug=1" LinkTitle="http://192.168.1.40:443/cgi-bin/awstats.pl?debug=1"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/cgi-bin/awstats/awstats.pl?debug=1" LinkTitle="http://192.168.1.40:443/cgi-bin/awstats/awstats.pl?debug=1"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-bigbrother-accessible" key="/bb/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/bb/" LinkTitle="http://192.168.1.40:443/bb/"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-htdig-arbitrary-file-access" key="/cgi-bin/htsearch?Exclude=%60/etc/passwd%60" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/cgi-bin/htsearch?Exclude=%60/etc/passwd%60" LinkTitle="http://192.168.1.40:443/cgi-bin/htsearch?Exclude=%60/etc/passwd%60"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-htgrep-arbitrary-file-access" key="/cgi-bin/htgrep/file=index.html&amp;hdr=/etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/cgi-bin/htgrep/file=index.html&amp;hdr=/etc/passwd" LinkTitle="http://192.168.1.40:443/cgi-bin/htgrep/file=index.html&amp;hdr=/etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-htmlscript-arbitrary-file-access" key="/cgi-bin/htmlscript?../../../../../../../etc/passwd" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/cgi-bin/htmlscript?../../../../../../../etc/passwd" LinkTitle="http://192.168.1.40:443/cgi-bin/htmlscript?../../../../../../../etc/passwd"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-cgi-testcgi-file-listing" key="/cgi-bin/test-cgi" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-lighttpd-mod_userdir-info-discl" key="/~bin/true" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/~bin/true" LinkTitle="http://192.168.1.40:443/~bin/true"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-open-proxy" key="http://www.google.com:80/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-php-ini-file-exposed" key="/cgi-bin/php.ini" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/cgi-bin/php.ini" LinkTitle="http://192.168.1.40:443/cgi-bin/php.ini"></URLLink></Paragraph></ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-symantec-scan-engine-file-disclosure" key="/README.txt" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/README.txt" LinkTitle="http://192.168.1.40:443/README.txt"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-tomcat-jkstatus-accessible" key="/jkstatus/" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/jkstatus/" LinkTitle="http://192.168.1.40:443/jkstatus/"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="adobe-apsb13-03-cve-2013-0629" key="/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../../license.html" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../license.txt" LinkTitle="http://192.168.1.40:443/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../license.txt"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="http://192.168.1.40:443/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../../license.html" LinkTitle="http://192.168.1.40:443/CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&amp;name=CFIDE.componentutils.cfcexplorer&amp;path=../../../../license.html"></URLLink></Paragraph>HTTP response code was 404 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-0005" key="ftp://ftp.kernel.org/;utf7xss" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/;utf7xss" LinkTitle="ftp://ftp.kernel.org/;utf7xss"></URLLink></Paragraph>HTTP response code was 501 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-0005" key="ftp://ftp.kernel.org/;utf7xss" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/;utf7xss" LinkTitle="ftp://ftp.kernel.org/;utf7xss"></URLLink></Paragraph>HTTP response code was 501 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-2939" key="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" LinkTitle="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;"></URLLink></Paragraph>HTTP response code was 501 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="apache-httpd-cve-2008-2939" key="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement>
			<ContainerBlockElement>
				<Paragraph>HTTP GET request to 
				<URLLink LinkURL="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;" LinkTitle="ftp://ftp.kernel.org/*&lt;img%20src=&quot;&quot;%20onerror=&quot;alert(42)&quot;&gt;"></URLLink></Paragraph>HTTP response code was 501 but expected 200</ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>

<test id="http-adobe-amf-gateway-xxe-cve-2009-3960" key="/flex2gateway/http" status="not-vulnerable">

<Paragraph>
	<Paragraph>Running vulnerable HTTP service.</Paragraph>
	<Paragraph>
		<ContainerBlockElement></ContainerBlockElement></Paragraph></Paragraph>
</test>
</tests>
</service>
</services>
</endpoint>
</endpoints>
</node>
</nodes><VulnerabilityDefinitions>
<vulnerability id="adobe-apsb10-18-CVE-2010-2861" title="APSB10-18: Security updates available for Adobe ColdFusion (CVE-2010-2861)" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="20100811T000000000" added="20130414T000000000" modified="20131031T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-2010-2861</reference>
<reference source="URL">http://www.adobe.com/support/security/bulletins/apsb10-18.html</reference>
</references><tags>
<tag>Adobe</tag>
<tag>Adobe ColdFusion</tag>
<tag>Directory Traversal</tag>
<tag>Web</tag>
<tag>IAVM</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Adobe recommends affected ColdFusion customers update their installation using the instructions provided in the technote: http://kb2.adobe.com/cps/857/cpsid_85766.html.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="adobe-apsb13-03-CVE-2013-0625" title="APSB13-03: Security updates available for Adobe ColdFusion (CVE-2013-0625)" severity="7" pciSeverity="4" cvssScore="6.8" cvssVector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" published="20130115T000000000" added="20130327T000000000" modified="20131031T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">57164</reference>
<reference source="CVE">CVE-2013-0625</reference>
<reference source="URL">http://www.adobe.com/support/security/bulletins/apsb13-03.html</reference>
</references><tags>
<tag>Adobe</tag>
<tag>Adobe ColdFusion</tag>
<tag>Remote Execution</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
      Adobe recommends ColdFusion customers update their installation using the
      instructions provided in the technote
      
		<URLLink LinkURL="http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html" LinkTitle="http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html" href="http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html">APSB13-03 technote</URLLink>.
    </Paragraph>
		<Paragraph>
      Customers should also inspect files and scheduled tasks of unknown origin
      located in the CFIDE, CFIDE/adminapi or webroot directories, and remove
      any suspicious files (some examples of malicious file names include
      h.cfm, i.cfm, h9.cfm, r.cfm, adss.cfm or fusebox.cfm).
    </Paragraph>
		<Paragraph>
      Additionally, Adobe recommends that customers follow security best
      practices, which include the following steps to harden their ColdFusion
      server:
      
			<UnorderedList>
				<ListItem>
          Configure a username and password for Remote Development Services (RDS)
          that is different from the Administrator account. After configuring the
          RDS account, users should disable RDS if not needed.
        </ListItem>
				<ListItem>
          Disable external access to the following directories for all hosted
          sites:
          
					<UnorderedList>
						<ListItem>/CFIDE/administrator</ListItem>
						<ListItem>/CFIDE/adminapi</ListItem>
						<ListItem>/CFIDE/componentutils</ListItem></UnorderedList></ListItem>
				<ListItem>
          Implement access control restrictions for the Administrator interface and
          internal applications via the Administrator Console (in ColdFusion
          version 10) or within your web server&#39;s access control mechanisms for
          versions 9.0.2 and below.
        </ListItem>
				<ListItem>
          Ensure your ColdFusion product has the latest hotfix applied.
        </ListItem>
				<ListItem>
          Refer to the ColdFusion 9 Lockdown Guide and ColdFusion 10 Lockdown Guide
          for security best practices and further information on these hardening
          techniques.
        </ListItem></UnorderedList></Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="adobe-apsb13-03-CVE-2013-0629" title="APSB13-03: Security updates available for Adobe ColdFusion (CVE-2013-0629)" severity="4" pciSeverity="3" cvssScore="4.3" cvssVector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" published="20130115T000000000" added="20130327T000000000" modified="20131031T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">57165</reference>
<reference source="CVE">CVE-2013-0629</reference>
<reference source="URL">http://www.adobe.com/support/security/bulletins/apsb13-03.html</reference>
</references><tags>
<tag>Adobe</tag>
<tag>Adobe ColdFusion</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
      Adobe recommends ColdFusion customers update their installation using the
      instructions provided in the technote
      
		<URLLink LinkURL="http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html" LinkTitle="http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html" href="http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html">APSB13-03 technote</URLLink>.
    </Paragraph>
		<Paragraph>
      Customers should also inspect files and scheduled tasks of unknown origin
      located in the CFIDE, CFIDE/adminapi or webroot directories, and remove
      any suspicious files (some examples of malicious file names include
      h.cfm, i.cfm, h9.cfm, r.cfm, adss.cfm or fusebox.cfm).
    </Paragraph>
		<Paragraph>
      Additionally, Adobe recommends that customers follow security best
      practices, which include the following steps to harden their ColdFusion
      server:
      
			<UnorderedList>
				<ListItem>
          Configure a username and password for Remote Development Services (RDS)
          that is different from the Administrator account. After configuring the
          RDS account, users should disable RDS if not needed.
        </ListItem>
				<ListItem>
          Disable external access to the following directories for all hosted
          sites:
          
					<UnorderedList>
						<ListItem>/CFIDE/administrator</ListItem>
						<ListItem>/CFIDE/adminapi</ListItem>
						<ListItem>/CFIDE/componentutils</ListItem></UnorderedList></ListItem>
				<ListItem>
          Implement access control restrictions for the Administrator interface and
          internal applications via the Administrator Console (in ColdFusion
          version 10) or within your web server&#39;s access control mechanisms for
          versions 9.0.2 and below.
        </ListItem>
				<ListItem>
          Ensure your ColdFusion product has the latest hotfix applied.
        </ListItem>
				<ListItem>
          Refer to the ColdFusion 9 Lockdown Guide and ColdFusion 10 Lockdown Guide
          for security best practices and further information on these hardening
          techniques.
        </ListItem></UnorderedList></Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="adobe-apsb13-03-CVE-2013-0631" title="APSB13-03: Security updates available for Adobe ColdFusion (CVE-2013-0631)" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" published="20130115T000000000" added="20130327T000000000" modified="20131031T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-2013-0631</reference>
<reference source="URL">http://www.adobe.com/support/security/bulletins/apsb13-03.html</reference>
</references><tags>
<tag>Adobe</tag>
<tag>Adobe ColdFusion</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
      Adobe recommends ColdFusion customers update their installation using the
      instructions provided in the technote
      
		<URLLink LinkURL="http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html" LinkTitle="http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html" href="http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html">APSB13-03 technote</URLLink>.
    </Paragraph>
		<Paragraph>
      Customers should also inspect files and scheduled tasks of unknown origin
      located in the CFIDE, CFIDE/adminapi or webroot directories, and remove
      any suspicious files (some examples of malicious file names include
      h.cfm, i.cfm, h9.cfm, r.cfm, adss.cfm or fusebox.cfm).
    </Paragraph>
		<Paragraph>
      Additionally, Adobe recommends that customers follow security best
      practices, which include the following steps to harden their ColdFusion
      server:
      
			<UnorderedList>
				<ListItem>
          Configure a username and password for Remote Development Services (RDS)
          that is different from the Administrator account. After configuring the
          RDS account, users should disable RDS if not needed.
        </ListItem>
				<ListItem>
          Disable external access to the following directories for all hosted
          sites:
          
					<UnorderedList>
						<ListItem>/CFIDE/administrator</ListItem>
						<ListItem>/CFIDE/adminapi</ListItem>
						<ListItem>/CFIDE/componentutils</ListItem></UnorderedList></ListItem>
				<ListItem>
          Implement access control restrictions for the Administrator interface and
          internal applications via the Administrator Console (in ColdFusion
          version 10) or within your web server&#39;s access control mechanisms for
          versions 9.0.2 and below.
        </ListItem>
				<ListItem>
          Ensure your ColdFusion product has the latest hotfix applied.
        </ListItem>
				<ListItem>
          Refer to the ColdFusion 9 Lockdown Guide and ColdFusion 10 Lockdown Guide
          for security best practices and further information on these hardening
          techniques.
        </ListItem></UnorderedList></Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="adobe-apsb13-03-CVE-2013-0632" title="APSB13-03: Security updates available for Adobe ColdFusion (CVE-2013-0632)" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20130115T000000000" added="20130327T000000000" modified="20131031T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-2013-0632</reference>
<reference source="URL">http://www.adobe.com/support/security/bulletins/apsb13-03.html</reference>
</references><tags>
<tag>Adobe</tag>
<tag>Adobe ColdFusion</tag>
<tag>Remote Execution</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
      Adobe recommends ColdFusion customers update their installation using the
      instructions provided in the technote
      
		<URLLink LinkURL="http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html" LinkTitle="http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html" href="http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html">APSB13-03 technote</URLLink>.
    </Paragraph>
		<Paragraph>
      Customers should also inspect files and scheduled tasks of unknown origin
      located in the CFIDE, CFIDE/adminapi or webroot directories, and remove
      any suspicious files (some examples of malicious file names include
      h.cfm, i.cfm, h9.cfm, r.cfm, adss.cfm or fusebox.cfm).
    </Paragraph>
		<Paragraph>
      Additionally, Adobe recommends that customers follow security best
      practices, which include the following steps to harden their ColdFusion
      server:
      
			<UnorderedList>
				<ListItem>
          Configure a username and password for Remote Development Services (RDS)
          that is different from the Administrator account. After configuring the
          RDS account, users should disable RDS if not needed.
        </ListItem>
				<ListItem>
          Disable external access to the following directories for all hosted
          sites:
          
					<UnorderedList>
						<ListItem>/CFIDE/administrator</ListItem>
						<ListItem>/CFIDE/adminapi</ListItem>
						<ListItem>/CFIDE/componentutils</ListItem></UnorderedList></ListItem>
				<ListItem>
          Implement access control restrictions for the Administrator interface and
          internal applications via the Administrator Console (in ColdFusion
          version 10) or within your web server&#39;s access control mechanisms for
          versions 9.0.2 and below.
        </ListItem>
				<ListItem>
          Ensure your ColdFusion product has the latest hotfix applied.
        </ListItem>
				<ListItem>
          Refer to the ColdFusion 9 Lockdown Guide and ColdFusion 10 Lockdown Guide
          for security best practices and further information on these hardening
          techniques.
        </ListItem></UnorderedList></Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="adobe-apsb13-13-CVE-2013-1389" title="APSB13-13: Security updates available for Adobe ColdFusion (CVE-2013-1389)" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20130514T000000000" added="20130516T000000000" modified="20131031T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before Update 10 allows remote attackers to execute arbitrary code via unknown vectors.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-2013-1389</reference>
<reference source="URL">http://www.adobe.com/support/security/bulletins/apsb13-13.html</reference>
</references><tags>
<tag>Adobe</tag>
<tag>Adobe ColdFusion</tag>
<tag>Remote Execution</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here: 
        http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-13.html
        Customers should also apply the security configuration settings as outlined on the ColdFusion Security page, as well as review the ColdFusion 9 Lockdown Guide and ColdFusion 10 Lockdown Guide.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="adobe-apsb13-13-CVE-2013-3336" title="APSB13-13: Security updates available for Adobe ColdFusion (CVE-2013-3336)" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" published="20100811T000000000" added="20130414T000000000" modified="20131031T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-2013-3336</reference>
<reference source="URL">http://www.adobe.com/support/security/bulletins/apsb13-13.html</reference>
</references><tags>
<tag>Adobe</tag>
<tag>Adobe ColdFusion</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here: 
        http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-13.html
        Customers should also apply the security configuration settings as outlined on the ColdFusion Security page, as well as review the ColdFusion 9 Lockdown Guide and ColdFusion 10 Lockdown Guide.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="apache-httpd-cve-2008-0005" title="Apache HTTPD: mod_proxy_ftp UTF-7 XSS (CVE-2008-0005)" severity="4" pciSeverity="3" cvssScore="4.3" cvssVector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" published="20080111T000000000" added="20120412T000000000" modified="20130822T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The affected asset is vulnerable to this vulnerability ONLY if it is running one of the following modules: mod_proxy_ftp.  Review your web server configuration for validation.  A workaround was added in the mod_proxy_ftp module. On sites where mod_proxy_ftp is enabled and a forward proxy is configured, a cross-site scripting attack is possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="APPLE">APPLE-SA-2008-03-18</reference>
<reference source="BID">27234</reference>
<reference source="CVE">CVE-2008-0005</reference>
<reference source="OVAL">OVAL10812</reference>
<reference source="REDHAT">RHSA-2008:0004</reference>
<reference source="REDHAT">RHSA-2008:0005</reference>
<reference source="REDHAT">RHSA-2008:0006</reference>
<reference source="REDHAT">RHSA-2008:0007</reference>
<reference source="REDHAT">RHSA-2008:0008</reference>
<reference source="REDHAT">RHSA-2008:0009</reference>
<reference source="SECUNIA">28467</reference>
<reference source="SECUNIA">28471</reference>
<reference source="SECUNIA">28526</reference>
<reference source="SECUNIA">28607</reference>
<reference source="SECUNIA">28749</reference>
<reference source="SECUNIA">28977</reference>
<reference source="SECUNIA">29348</reference>
<reference source="SECUNIA">29420</reference>
<reference source="SECUNIA">29640</reference>
<reference source="SECUNIA">30732</reference>
<reference source="SECUNIA">35650</reference>
<reference source="SUSE">SUSE-SA:2008:021</reference>
<reference source="URL">http://httpd.apache.org/security/vulnerabilities_20.html</reference>
<reference source="URL">http://httpd.apache.org/security/vulnerabilities_22.html</reference>
<reference source="XF">39615</reference>
</references><tags>
<tag>Apache</tag>
<tag>Apache HTTP Server</tag>
<tag>Web</tag>
<tag>XSS</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>Apache HTTPD &gt;= 2.0 and &lt; 2.0.63</Paragraph>
			<Paragraph>Download and apply the upgrade from: 
			<URLLink LinkURL="http://archive.apache.org/dist/httpd/httpd-2.0.63.tar.gz" LinkTitle="http://archive.apache.org/dist/httpd/httpd-2.0.63.tar.gz"></URLLink></Paragraph>
			<Paragraph>
				<Paragraph>Many platforms and distributions provide pre-built binary packages for Apache HTTP server.  These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system.</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Apache HTTPD &gt;= 2.2 and &lt; 2.2.8</Paragraph>
			<Paragraph>Download and apply the upgrade from: 
			<URLLink LinkURL="http://archive.apache.org/dist/httpd/httpd-2.2.8.tar.gz" LinkTitle="http://archive.apache.org/dist/httpd/httpd-2.2.8.tar.gz"></URLLink></Paragraph>
			<Paragraph>
				<Paragraph>Many platforms and distributions provide pre-built binary packages for Apache HTTP server.  These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system.</Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="apache-httpd-cve-2008-2939" title="Apache HTTPD: mod_proxy_ftp globbing XSS (CVE-2008-2939)" severity="4" pciSeverity="3" cvssScore="4.3" cvssVector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" published="20080806T000000000" added="20120412T000000000" modified="20130822T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The affected asset is vulnerable to this vulnerability ONLY if it is running one of the following modules: mod_proxy_ftp.  Review your web server configuration for validation.  A flaw was found in the handling of wildcards in the path of a FTP URL with mod_proxy_ftp.  If mod_proxy_ftp is enabled to support FTP-over-HTTP, requests containing globbing characters could lead to cross-site scripting (XSS) attacks.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="APPLE">APPLE-SA-2009-05-12</reference>
<reference source="BID">30560</reference>
<reference source="CERT">TA09-133A</reference>
<reference source="CERT-VN">663763</reference>
<reference source="CVE">CVE-2008-2939</reference>
<reference source="OVAL">OVAL11316</reference>
<reference source="OVAL">OVAL7716</reference>
<reference source="REDHAT">RHSA-2008:0966</reference>
<reference source="REDHAT">RHSA-2008:0967</reference>
<reference source="SECUNIA">31384</reference>
<reference source="SECUNIA">31673</reference>
<reference source="SECUNIA">32685</reference>
<reference source="SECUNIA">32838</reference>
<reference source="SECUNIA">33156</reference>
<reference source="SECUNIA">33797</reference>
<reference source="SECUNIA">34219</reference>
<reference source="SECUNIA">35074</reference>
<reference source="URL">http://httpd.apache.org/security/vulnerabilities_20.html</reference>
<reference source="URL">http://httpd.apache.org/security/vulnerabilities_22.html</reference>
<reference source="XF">44223</reference>
</references><tags>
<tag>Apache</tag>
<tag>Apache HTTP Server</tag>
<tag>FTP</tag>
<tag>Web</tag>
<tag>XSS</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>Apache HTTPD &gt;= 2.0 and &lt; 2.0.64</Paragraph>
			<Paragraph>Download and apply the upgrade from: 
			<URLLink LinkURL="http://archive.apache.org/dist/httpd/httpd-2.0.64.tar.gz" LinkTitle="http://archive.apache.org/dist/httpd/httpd-2.0.64.tar.gz"></URLLink></Paragraph>
			<Paragraph>
				<Paragraph>Many platforms and distributions provide pre-built binary packages for Apache HTTP server.  These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system.</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Apache HTTPD &gt;= 2.2 and &lt; 2.2.10</Paragraph>
			<Paragraph>Download and apply the upgrade from: 
			<URLLink LinkURL="http://archive.apache.org/dist/httpd/httpd-2.2.10.tar.gz" LinkTitle="http://archive.apache.org/dist/httpd/httpd-2.2.10.tar.gz"></URLLink></Paragraph>
			<Paragraph>
				<Paragraph>Many platforms and distributions provide pre-built binary packages for Apache HTTP server.  These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system.</Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="apache-struts-CVE-2013-2251" title="Apache Struts DefaultActionMapper OGNL arbitrary command execution (CVE-2013-2251)" severity="9" pciSeverity="5" cvssScore="9.3" cvssVector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" published="20130720T000000000" added="20130725T000000000" modified="20131105T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-2013-2251</reference>
<reference source="OSVDB">98445</reference>
<reference source="URL">http://struts.apache.org/release/2.3.x/docs/s2-016.html</reference>
</references><tags>
<tag>Apache</tag>
<tag>Apache Struts</tag>
<tag>Remote Execution</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="certificate-common-name-mismatch" title="X.509 Certificate Subject CN Does Not Match the Entity Name" severity="7" pciSeverity="5" cvssScore="7.1" cvssVector="(AV:N/AC:H/Au:N/C:C/I:C/A:N)" published="20070803T000000000" added="20070803T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The subject common name (CN) field in the X.509 certificate does not match
the name of the entity presenting the certificate.</Paragraph>


	<Paragraph>Before issuing a certificate, a Certification Authority (CA) must check the
identity of the entity requesting the certificate, as specified in the CA&#39;s
Certification Practice Statement (CPS). Thus, standard certificate validation
procedures require the subject CN field of a certificate to match the actual
name of the entity presenting the certificate. For example, in a certificate
presented by &quot;https://www.example.com/&quot;, the CN should be &quot;www.example.com&quot;.
</Paragraph>


	<Paragraph>In order to detect and prevent active eavesdropping attacks, the validity of
a certificate must be verified, or else an attacker could then launch a
man-in-the-middle attack and gain full control of the data stream. Of
particular importance is the validity of the subject&#39;s CN, that should match
the name of the entity (hostname).</Paragraph>


	<Paragraph>A CN mismatch most often occurs due to a configuration error, though it can
also indicate that a man-in-the-middle attack is being conducted.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>HTTP</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
      The subject&#39;s common name (CN) field in the X.509 certificate should be fixed
to reflect the name of the entity presenting the certificate (e.g., the
hostname). This is done by generating a new certificate usually signed by a
Certification Authority (CA) trusted by both the client and server.
      </Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="checkpoint-ess-info-disclosure-sk57881" title="CheckPoint Endpoint Security Server Information Disclosure" severity="9" pciSeverity="5" cvssScore="9.4" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:N)" published="20101215T000000000" added="20110117T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
      The web interface of CheckPoint Endpoint Security Server 7.x (R71,
      R72 and R73) ships with an improperly protected configuration that
      allows remote, unauthenticated users to access arbitrary files in the
      &#39;bin&#39;, &#39;conf&#39;, &#39;templates&#39;, &#39;install&#39; and &#39;logs&#39; directories within
      the Tomcat directory.  While the full extent of this vulnerability is
      not currently understood, at a minimum it allows attackers to obtain
      the private keys used to encrypt communication with the Endpoint
      Security Server management interface, making a man-in-the-middle
      attack considerably easier.
    </Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="URL">http://www.rapid7.com/security-center/advisories/R7-0038.jsp</reference>
<reference source="URL">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk57881</reference>
</references><tags>
<tag>HTTP</tag>
<tag>Information Gathering</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
      Apply the hotfix as described in CheckPoint Solution ID 
        
	<URLLink LinkURL="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk57881" LinkTitle="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk57881" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk57881">
          SK57881</URLLink>, which will prevent the contents of these sensitive files
        from being disclosed with an HTTP GET request, however this solution
        does not prevent the size or presence of these files from being obtained
        with an HTTP HEAD request, which is an information disclosure.
      </Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="cifs-insecure-acct-lockout-limit" title="CIFS Account Lockout Policy Allows Password Brute Forcing" severity="7" pciSeverity="4" cvssScore="6.8" cvssVector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" published="20041101T000000000" added="20041101T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The account lockout threshold of the CIFS/Samba (SMB) server is
      too high.  This is a security risk.  Having a high account
      lockout threshold allows a hacker to launch an effective
      brute force attack to guess users&#39; passwords.  Using
      a lower account lockout threshold will greatly limit the
      effectiveness of any brute forcing attempts.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>CIFS</tag>
<tag>Policy Violation</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>Microsoft Windows Vista, Microsoft Windows Vista Home, Basic Edition, Microsoft Windows Vista Home, Basic N Edition, Microsoft Windows Vista Home, Premium Edition, Microsoft Windows Vista Ultimate Edition, Microsoft Windows Vista Enterprise Edition, Microsoft Windows Vista Business Edition, Microsoft Windows Vista Business N Edition, Microsoft Windows Vista Starter Edition, Microsoft Windows Server 2008, Microsoft Windows Server 2008 Standard Edition, Microsoft Windows Server 2008 Enterprise Edition, Microsoft Windows Server 2008 Datacenter Edition, Microsoft Windows Server 2008 HPC Edition, Microsoft Windows Server 2008 Web Edition, Microsoft Windows Server 2008 Storage Edition, Microsoft Windows Small Business Server 2008, Microsoft Windows Essential Business Server 2008, Microsoft Windows Server 2012, Microsoft Windows Server 2012 Essentials Edition, Microsoft Windows Server 2012 Standard Edition, Microsoft Windows Server 2012 Datacenter Edition, Microsoft Windows Server 2012 Foundation Edition, Microsoft Windows Storage Server 2012, Microsoft Windows 7, Microsoft Windows 7 Home, Basic Edition, Microsoft Windows 7 Home, Basic N Edition, Microsoft Windows 7 Home, Premium Edition, Microsoft Windows 7 Home, Premium N Edition, Microsoft Windows 7 Ultimate Edition, Microsoft Windows 7 Ultimate N Edition, Microsoft Windows 7 Enterprise Edition, Microsoft Windows 7 Enterprise N Edition, Microsoft Windows 7 Professional Edition, Microsoft Windows 7 Starter Edition, Microsoft Windows 7 Starter N Edition, Microsoft Windows Embedded Standard 7, Microsoft Windows Server 2008 R2, Microsoft Windows Server 2008 R2, Enterprise Edition, Microsoft Windows Server 2008 R2, Standard Edition, Microsoft Windows Server 2008 R2, Datacenter Edition, Microsoft Windows Server 2008 R2, Web Edition, Microsoft Windows 8, Microsoft Windows 8 Enterprise Edition, Microsoft Windows 8 Professional Edition, Microsoft Windows RT</Paragraph>
			<Paragraph>
				<OrderedList>
					<ListItem>Open the Windows Control Panel.</ListItem>
					<ListItem>Select &quot;Administrative Tools&quot;.</ListItem>
					<ListItem>To change the domain-wide lockout policy, select &quot;Domain
      Security Policy&quot; (or &quot;Domain Controller Security Policy&quot; if
      the computer is a Domain Controller).  Otherwise, to change
      the policy for this computer only, select &quot;Local Security
      Policy.&quot;</ListItem>
					<ListItem>Expand the &quot;Account Policies&quot; folder and select
      &quot;Account Lockout Policy&quot;.</ListItem>
					<ListItem>Set the Account Lockout Duration.  This setting
      controls the amount of time an account will remain
      locked after repeated failed login attempts.  To keep
      accounts locked until the Administrator intervenes,
      set the lockout duration to 0.  Otherwise, be sure to
      use a reasonable value, preferably 1440 minutes (1 day)
      or greater.</ListItem>
					<ListItem>Set the Account Lockout Threshold.  This setting
      determines the number of successive failed login attempts
      that will cause the account to be locked.  Set the
      lockout threshold to 3 or fewer.</ListItem>
					<ListItem>Restart the system for the changes to take effect.</ListItem></OrderedList></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows XP, Microsoft Windows XP Home, Microsoft Windows XP Professional, Microsoft Windows Server 2003, Microsoft Windows Server 2003, Standard Edition, Microsoft Windows Server 2003, Enterprise Edition, Microsoft Windows Server 2003, Datacenter Edition, Microsoft Windows Server 2003, Web Edition, Microsoft Windows Small Business Server 2003</Paragraph>
			<Paragraph>
				<OrderedList>
					<ListItem>Open the &quot;Performance and Maintenance&quot; control panel.</ListItem>
					<ListItem>Select &quot;Administrative Tools&quot;.</ListItem>
					<ListItem>To change the domain-wide lockout policy, select &quot;Domain
      Security Policy&quot; (or &quot;Domain Controller Security Policy&quot; if
      the computer is a Domain Controller).  Otherwise, to change
      the policy for this computer only, select &quot;Local Security
      Policy.&quot;</ListItem>
					<ListItem>Expand the &quot;Account Policies&quot; folder and select
      &quot;Account Lockout Policy&quot;.</ListItem>
					<ListItem>Set the Account Lockout Duration.  This setting
      controls the amount of time an account will remain
      locked after repeated failed login attempts.  To keep
      accounts locked until the Administrator intervenes,
      set the lockout duration to 0.  Otherwise, be sure to
      use a reasonable value, preferably 1440 minutes (1 day)
      or greater.</ListItem>
					<ListItem>Set the Account Lockout Threshold.  This setting
      determines the number of successive failed login attempts
      that will cause the account to be locked.  Set the
      lockout threshold to 3 or fewer.</ListItem>
					<ListItem>Restart the system for the changes to take effect.</ListItem></OrderedList></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows 2000, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Datacenter Server</Paragraph>
			<Paragraph>
				<OrderedList>
					<ListItem>Open the &quot;Administrative Tools&quot; control panel.</ListItem>
					<ListItem>To change the domain-wide lockout policy, select &quot;Domain
      Security Policy&quot; (or &quot;Domain Controller Security Policy&quot; if
      the computer is a Domain Controller).  Otherwise, to change
      the policy for this computer only, select &quot;Local Security
      Policy.&quot;</ListItem>
					<ListItem>Expand the &quot;Account Policies&quot; folder and select
      &quot;Account Lockout Policy&quot;.</ListItem>
					<ListItem>Set the Account Lockout Duration.  This setting
      controls the amount of time an account will remain
      locked after repeated failed login attempts.  To keep
      accounts locked until the Administrator intervenes,
      set the lockout duration to 0.  Otherwise, be sure to
      use a reasonable value, preferably 1440 minutes (1 day)
      or greater.</ListItem>
					<ListItem>Set the Account Lockout Threshold.  This setting
      determines the number of successive failed login attempts
      that will cause the account to be locked.  Set the
      lockout threshold to 3 or fewer.</ListItem>
					<ListItem>Restart the system for the changes to take effect.</ListItem></OrderedList></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows NT, Microsoft Windows NT Workstation, Microsoft Windows NT Server, Microsoft Windows NT Advanced Server, Microsoft Windows NT Server, Enterprise Edition, Microsoft Windows NT Server, Terminal Server Edition</Paragraph>
			<Paragraph>
				<OrderedList>
					<ListItem>Click on the &quot;Start&quot; button from the Task Bar</ListItem>
					<ListItem>Select &quot;Programs&quot;</ListItem>
					<ListItem>Select &quot;Administrative Tools&quot;</ListItem>
					<ListItem>To change the domain-wide lockout policy, select
      &quot;User Manager for Domains&quot;.  Otherwise, to change
      the policy for this computer only, select &quot;User Manager&quot;.</ListItem>
					<ListItem>From the &quot;Policies&quot; menu, select &quot;Account...&quot;</ListItem>
					<ListItem>Click on the &quot;Account Lockout&quot; radio button to enable
      use of the account lockout policy feature.</ListItem>
					<ListItem>&quot;Lockout after [n] bad logon attempts&quot; determines how many
      successive failed logins attempts will trigger the lockout.
      This should be set to a reasonably low value such as 3, which
      would cause the account to get locked after 3 failed login
      attempts.</ListItem>
					<ListItem>&quot;Reset count after [30] minutes&quot; is the amount of time
      to track failed logins for. This should be set to a reasonably
      high value, such as 1440 minutes (1 day).</ListItem>
					<ListItem>&quot;Lockout Duration&quot; is used to define how long the account
      remains locked. To keep the account locked until the
      administrator intervenes, select the &quot;Forever (until admin
      unlocks)&quot; radio button. Otherwise, be sure to use a reasonably
      high value, preferably 1440 minutes (1 day) or greater.</ListItem>
					<ListItem>Restart the system for the changes to take effect</ListItem></OrderedList></Paragraph></ListItem>
		<ListItem>
			<Paragraph>IBM OS/400</Paragraph>
			<Paragraph>
				<Paragraph>OS/400 V4R2 and later include a feature called
    
				<URLLink LinkURL="http://www-1.ibm.com/servers/eserver/iseries/netserver/" LinkTitle="http://www-1.ibm.com/servers/eserver/iseries/netserver/" href="http://www-1.ibm.com/servers/eserver/iseries/netserver/">NetServer</URLLink>
    which provides Windows compatible file and printer sharing.  Early
    versions of NetServer relied on the underlying OS/400 user authentication
    system.  However, starting with V5R1 and V5R2, NetServer can be integrated
    into your Windows Domain or Active Directory via Kerberos, NetBIOS, or
    LDAP.  This integration allows the NetServer to inherit the domain&#39;s account
    lockout policies. Refer to the NetServer documentation for more information.</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Samba</Paragraph>
			<Paragraph>
				<Paragraph>The Samba server uses the host operating system&#39;s authentication
    mechanism to control access.  If you want to integrate
    Samba into your NT4 domain or Win2k Active Directory, you can
    use Samba 2.2.2 or later with winbind to achieve &quot;single sign-on&quot;.
    However, integrating Samba with LDAP/Kerberos/Active Directory is
    not a trivial task and should only be undertaken with caution.</Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="cifs-insecure-password-length-min" title="CIFS Minimum Password Length Policy Allows Password Brute Forcing" severity="7" pciSeverity="4" cvssScore="6.8" cvssVector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" published="20041101T000000000" added="20041101T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The minimum password length on the CIFS/Samba server is too low.
      This is a security risk.  If the account policy does not
      enforce a reasonable minimum password length, an attacker
      will stand a much better chance of guessing or brute forcing
      users&#39; passwords.  Enforcing a higher minimum password length
      will limit the effectiveness of any brute forcing attempts.</Paragraph>
    

	<Paragraph>The default password length is typically set to 0, which
      allows empty passwords.  Most policies recommend setting the
      minimum to 6 or more characters.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>CIFS</tag>
<tag>Default Account</tag>
<tag>Policy Violation</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>Microsoft Windows Vista, Microsoft Windows Vista Home, Basic Edition, Microsoft Windows Vista Home, Basic N Edition, Microsoft Windows Vista Home, Premium Edition, Microsoft Windows Vista Ultimate Edition, Microsoft Windows Vista Enterprise Edition, Microsoft Windows Vista Business Edition, Microsoft Windows Vista Business N Edition, Microsoft Windows Vista Starter Edition, Microsoft Windows Server 2008, Microsoft Windows Server 2008 Standard Edition, Microsoft Windows Server 2008 Enterprise Edition, Microsoft Windows Server 2008 Datacenter Edition, Microsoft Windows Server 2008 HPC Edition, Microsoft Windows Server 2008 Web Edition, Microsoft Windows Server 2008 Storage Edition, Microsoft Windows Small Business Server 2008, Microsoft Windows Essential Business Server 2008, Microsoft Windows Server 2012, Microsoft Windows Server 2012 Essentials Edition, Microsoft Windows Server 2012 Standard Edition, Microsoft Windows Server 2012 Datacenter Edition, Microsoft Windows Server 2012 Foundation Edition, Microsoft Windows Storage Server 2012, Microsoft Windows 7, Microsoft Windows 7 Home, Basic Edition, Microsoft Windows 7 Home, Basic N Edition, Microsoft Windows 7 Home, Premium Edition, Microsoft Windows 7 Home, Premium N Edition, Microsoft Windows 7 Ultimate Edition, Microsoft Windows 7 Ultimate N Edition, Microsoft Windows 7 Enterprise Edition, Microsoft Windows 7 Enterprise N Edition, Microsoft Windows 7 Professional Edition, Microsoft Windows 7 Starter Edition, Microsoft Windows 7 Starter N Edition, Microsoft Windows Embedded Standard 7, Microsoft Windows Server 2008 R2, Microsoft Windows Server 2008 R2, Enterprise Edition, Microsoft Windows Server 2008 R2, Standard Edition, Microsoft Windows Server 2008 R2, Datacenter Edition, Microsoft Windows Server 2008 R2, Web Edition, Microsoft Windows 8, Microsoft Windows 8 Enterprise Edition, Microsoft Windows 8 Professional Edition, Microsoft Windows RT</Paragraph>
			<Paragraph>
				<OrderedList>
					<ListItem>Open the Windows Control Panel.</ListItem>
					<ListItem>Select &quot;Administrative Tools&quot;.</ListItem>
					<ListItem>To change the domain-wide lockout policy, select &quot;Domain
      Security Policy&quot; (or &quot;Domain Controller Security Policy&quot; if
      the computer is a Domain Controller).  Otherwise, to change
      the policy for this computer only, select &quot;Local Security
      Policy.&quot;</ListItem>
					<ListItem>Expand the &quot;Account Policies&quot; folder and select
      &quot;Password Policy&quot;.</ListItem>
					<ListItem>Set the Minimum Password Length.  This setting
      enforces a minimum length for new or changed passwords.
      A value of 6 or higher is recommended.</ListItem>
					<ListItem>Note that this policy does not affect existing
      passwords.  It will only take effect when an existing
      user changes his password.</ListItem></OrderedList></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows XP, Microsoft Windows XP Home, Microsoft Windows XP Professional, Microsoft Windows Server 2003, Microsoft Windows Server 2003, Standard Edition, Microsoft Windows Server 2003, Enterprise Edition, Microsoft Windows Server 2003, Datacenter Edition, Microsoft Windows Server 2003, Web Edition, Microsoft Windows Small Business Server 2003</Paragraph>
			<Paragraph>
				<OrderedList>
					<ListItem>Open the &quot;Performance and Maintenance&quot; control panel.</ListItem>
					<ListItem>Select &quot;Administrative Tools&quot;.</ListItem>
					<ListItem>To change the domain-wide lockout policy, select &quot;Domain
      Security Policy&quot; (or &quot;Domain Controller Security Policy&quot; if
      the computer is a Domain Controller).  Otherwise, to change
      the policy for this computer only, select &quot;Local Security
      Policy.&quot;</ListItem>
					<ListItem>Expand the &quot;Account Policies&quot; folder and select
      &quot;Password Policy&quot;.</ListItem>
					<ListItem>Set the Minimum Password Length.  This setting
      enforces a minimum length for new or changed passwords.
      A value of 6 or higher is recommended.</ListItem>
					<ListItem>Note that this policy does not affect existing
      passwords.  It will only take effect when an existing
      user changes his password.</ListItem></OrderedList></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows 2000, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Datacenter Server</Paragraph>
			<Paragraph>
				<OrderedList>
					<ListItem>Open the &quot;Administrative Tools&quot; control panel.</ListItem>
					<ListItem>To change the domain-wide lockout policy, select &quot;Domain
      Security Policy&quot; (or &quot;Domain Controller Security Policy&quot; if
      the computer is a Domain Controller).  Otherwise, to change
      the policy for this computer only, select &quot;Local Security
      Policy.&quot;</ListItem>
					<ListItem>Expand the &quot;Account Policies&quot; folder and select
      &quot;Password Policy&quot;.</ListItem>
					<ListItem>Set the Minimum Password Length.  This setting
      enforces a minimum length for new or changed passwords.
      A value of 6 or higher is recommended.</ListItem>
					<ListItem>Note that this policy does not affect existing
      passwords.  It will only take effect when an existing
      user changes his password.</ListItem></OrderedList></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows NT, Microsoft Windows NT Workstation, Microsoft Windows NT Server, Microsoft Windows NT Advanced Server, Microsoft Windows NT Server, Enterprise Edition, Microsoft Windows NT Server, Terminal Server Edition</Paragraph>
			<Paragraph>
				<OrderedList>
					<ListItem>Click on the &quot;Start&quot; button from the Task Bar</ListItem>
					<ListItem>Select &quot;Programs&quot;</ListItem>
					<ListItem>Select &quot;Administrative Tools&quot;</ListItem>
					<ListItem>To change the domain-wide lockout policy, select
      &quot;User Manager for Domains&quot;.  Otherwise, to change
      the policy for this computer only, select &quot;User Manager&quot;.</ListItem>
					<ListItem>From the &quot;Policies&quot; menu, select &quot;Account...&quot;</ListItem>
					<ListItem>Set the Minimum Password Length.  This setting
      enforces a minimum length for new or changed passwords.
      A value of 6 or higher is recommended.</ListItem>
					<ListItem>Note that this policy does not affect existing
      passwords.  It will only take effect when an existing
      user changes his password.</ListItem></OrderedList></Paragraph></ListItem>
		<ListItem>
			<Paragraph>IBM OS/400</Paragraph>
			<Paragraph>
				<Paragraph>OS/400 V4R2 and later include a feature called 
    
				<URLLink LinkURL="http://www-1.ibm.com/servers/eserver/iseries/netserver/" LinkTitle="http://www-1.ibm.com/servers/eserver/iseries/netserver/" href="http://www-1.ibm.com/servers/eserver/iseries/netserver/">NetServer</URLLink>
    which provides Windows compatible file and printer sharing.  Early
    versions of NetServer relied on the underlying OS/400 user authentication
    system.  However, starting with V5R1 and V5R2, NetServer can be integrated
    into your Windows Domain or Active Directory via Kerberos, NetBIOS, or
    LDAP.  This integration allows the NetServer to inherit the domain&#39;s account
    lockout policies. Refer to the NetServer documentation for more information.</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Samba</Paragraph>
			<Paragraph>
				<Paragraph>The Samba server uses the host operating system&#39;s authentication
    mechanism to control access.  If you want to integrate
    Samba into your NT4 domain or Win2k Active Directory, you can
    use Samba 2.2.2 or later with winbind to achieve &quot;single sign-on&quot;.
    However, integrating Samba with LDAP/Kerberos/Active Directory is
    not a trivial task and should only be undertaken with caution.</Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="cifs-no-acct-lockout-limit" title="CIFS Account Lockout Policy Not Enforced" severity="7" pciSeverity="4" cvssScore="6.8" cvssVector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" published="20041101T000000000" added="20041101T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The CIFS server is not using an account lockout threshold.
      This is a security risk.  Having no lockout threshold
      allows a hacker to launch a very effective brute force
      attack to guess users&#39; passwords.  Using an account lockout
      threshold of 3 or lower will greatly limit the effectiveness
      of any brute forcing attempts.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>CIFS</tag>
<tag>Policy Violation</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>Microsoft Windows Vista, Microsoft Windows Vista Home, Basic Edition, Microsoft Windows Vista Home, Basic N Edition, Microsoft Windows Vista Home, Premium Edition, Microsoft Windows Vista Ultimate Edition, Microsoft Windows Vista Enterprise Edition, Microsoft Windows Vista Business Edition, Microsoft Windows Vista Business N Edition, Microsoft Windows Vista Starter Edition, Microsoft Windows Server 2008, Microsoft Windows Server 2008 Standard Edition, Microsoft Windows Server 2008 Enterprise Edition, Microsoft Windows Server 2008 Datacenter Edition, Microsoft Windows Server 2008 HPC Edition, Microsoft Windows Server 2008 Web Edition, Microsoft Windows Server 2008 Storage Edition, Microsoft Windows Small Business Server 2008, Microsoft Windows Essential Business Server 2008, Microsoft Windows Server 2012, Microsoft Windows Server 2012 Essentials Edition, Microsoft Windows Server 2012 Standard Edition, Microsoft Windows Server 2012 Datacenter Edition, Microsoft Windows Server 2012 Foundation Edition, Microsoft Windows Storage Server 2012, Microsoft Windows 7, Microsoft Windows 7 Home, Basic Edition, Microsoft Windows 7 Home, Basic N Edition, Microsoft Windows 7 Home, Premium Edition, Microsoft Windows 7 Home, Premium N Edition, Microsoft Windows 7 Ultimate Edition, Microsoft Windows 7 Ultimate N Edition, Microsoft Windows 7 Enterprise Edition, Microsoft Windows 7 Enterprise N Edition, Microsoft Windows 7 Professional Edition, Microsoft Windows 7 Starter Edition, Microsoft Windows 7 Starter N Edition, Microsoft Windows Embedded Standard 7, Microsoft Windows Server 2008 R2, Microsoft Windows Server 2008 R2, Enterprise Edition, Microsoft Windows Server 2008 R2, Standard Edition, Microsoft Windows Server 2008 R2, Datacenter Edition, Microsoft Windows Server 2008 R2, Web Edition, Microsoft Windows 8, Microsoft Windows 8 Enterprise Edition, Microsoft Windows 8 Professional Edition, Microsoft Windows RT</Paragraph>
			<Paragraph>
				<OrderedList>
					<ListItem>Open the Windows Control Panel.</ListItem>
					<ListItem>Select &quot;Administrative Tools&quot;.</ListItem>
					<ListItem>To change the domain-wide lockout policy, select &quot;Domain
      Security Policy&quot; (or &quot;Domain Controller Security Policy&quot; if
      the computer is a Domain Controller).  Otherwise, to change
      the policy for this computer only, select &quot;Local Security
      Policy.&quot;</ListItem>
					<ListItem>Expand the &quot;Account Policies&quot; folder and select
      &quot;Account Lockout Policy&quot;.</ListItem>
					<ListItem>Set the Account Lockout Duration.  This setting
      controls the amount of time an account will remain
      locked after repeated failed login attempts.  To keep
      accounts locked until the Administrator intervenes,
      set the lockout duration to 0.  Otherwise, be sure to
      use a reasonable value, preferably 1440 minutes (1 day)
      or greater.</ListItem>
					<ListItem>Set the Account Lockout Threshold.  This setting
      determines the number of successive failed login attempts
      that will cause the account to be locked.  Set the
      lockout threshold to 3 or fewer.</ListItem>
					<ListItem>Restart the system for the changes to take effect.</ListItem></OrderedList></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows XP, Microsoft Windows XP Home, Microsoft Windows XP Professional, Microsoft Windows Server 2003, Microsoft Windows Server 2003, Standard Edition, Microsoft Windows Server 2003, Enterprise Edition, Microsoft Windows Server 2003, Datacenter Edition, Microsoft Windows Server 2003, Web Edition, Microsoft Windows Small Business Server 2003</Paragraph>
			<Paragraph>
				<OrderedList>
					<ListItem>Open the &quot;Performance and Maintenance&quot; control panel.</ListItem>
					<ListItem>Select &quot;Administrative Tools&quot;.</ListItem>
					<ListItem>To change the domain-wide lockout policy, select &quot;Domain
      Security Policy&quot; (or &quot;Domain Controller Security Policy&quot; if
      the computer is a Domain Controller).  Otherwise, to change
      the policy for this computer only, select &quot;Local Security
      Policy.&quot;</ListItem>
					<ListItem>Expand the &quot;Account Policies&quot; folder and select
      &quot;Account Lockout Policy&quot;.</ListItem>
					<ListItem>Set the Account Lockout Duration.  This setting
      controls the amount of time an account will remain
      locked after repeated failed login attempts.  To keep
      accounts locked until the Administrator intervenes,
      set the lockout duration to 0.  Otherwise, be sure to
      use a reasonable value, preferably 1440 minutes (1 day)
      or greater.</ListItem>
					<ListItem>Set the Account Lockout Threshold.  This setting
      determines the number of successive failed login attempts
      that will cause the account to be locked.  Set the
      lockout threshold to 3 or fewer.</ListItem>
					<ListItem>Restart the system for the changes to take effect.</ListItem></OrderedList></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows 2000, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Datacenter Server</Paragraph>
			<Paragraph>
				<OrderedList>
					<ListItem>Open the &quot;Administrative Tools&quot; control panel.</ListItem>
					<ListItem>To change the domain-wide lockout policy, select &quot;Domain
      Security Policy&quot; (or &quot;Domain Controller Security Policy&quot; if
      the computer is a Domain Controller).  Otherwise, to change
      the policy for this computer only, select &quot;Local Security
      Policy.&quot;</ListItem>
					<ListItem>Expand the &quot;Account Policies&quot; folder and select
      &quot;Account Lockout Policy&quot;.</ListItem>
					<ListItem>Set the Account Lockout Duration.  This setting
      controls the amount of time an account will remain
      locked after repeated failed login attempts.  To keep
      accounts locked until the Administrator intervenes,
      set the lockout duration to 0.  Otherwise, be sure to
      use a reasonable value, preferably 1440 minutes (1 day)
      or greater.</ListItem>
					<ListItem>Set the Account Lockout Threshold.  This setting
      determines the number of successive failed login attempts
      that will cause the account to be locked.  Set the
      lockout threshold to 3 or fewer.</ListItem>
					<ListItem>Restart the system for the changes to take effect.</ListItem></OrderedList></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows NT, Microsoft Windows NT Workstation, Microsoft Windows NT Server, Microsoft Windows NT Advanced Server, Microsoft Windows NT Server, Enterprise Edition, Microsoft Windows NT Server, Terminal Server Edition</Paragraph>
			<Paragraph>
				<OrderedList>
					<ListItem>Click on the &quot;Start&quot; button from the Task Bar</ListItem>
					<ListItem>Select &quot;Programs&quot;</ListItem>
					<ListItem>Select &quot;Administrative Tools&quot;</ListItem>
					<ListItem>To change the domain-wide lockout policy, select
      &quot;User Manager for Domains&quot;.  Otherwise, to change
      the policy for this computer only, select &quot;User Manager&quot;.</ListItem>
					<ListItem>From the &quot;Policies&quot; menu, select &quot;Account...&quot;</ListItem>
					<ListItem>Click on the &quot;Account Lockout&quot; radio button to enable
      use of the account lockout policy feature.</ListItem>
					<ListItem>&quot;Lockout after [n] bad logon attempts&quot; determines how many
      successive failed logins attempts will trigger the lockout.
      This should be set to a reasonably low value such as 3, which
      would cause the account to get locked after 3 failed login
      attempts.</ListItem>
					<ListItem>&quot;Reset count after [30] minutes&quot; is the amount of time
      to track failed logins for. This should be set to a reasonably
      high value, such as 1440 minutes (1 day).</ListItem>
					<ListItem>&quot;Lockout Duration&quot; is used to define how long the account
      remains locked. To keep the account locked until the
      administrator intervenes, select the &quot;Forever (until admin
      unlocks)&quot; radio button. Otherwise, be sure to use a reasonably
      high value, preferably 1440 minutes (1 day) or greater.</ListItem>
					<ListItem>Restart the system for the changes to take effect</ListItem></OrderedList></Paragraph></ListItem>
		<ListItem>
			<Paragraph>IBM OS/400</Paragraph>
			<Paragraph>
				<Paragraph>OS/400 V4R2 and later include a feature called
    
				<URLLink LinkURL="http://www-1.ibm.com/servers/eserver/iseries/netserver/" LinkTitle="http://www-1.ibm.com/servers/eserver/iseries/netserver/" href="http://www-1.ibm.com/servers/eserver/iseries/netserver/">NetServer</URLLink>
    which provides Windows compatible file and printer sharing.  Early
    versions of NetServer relied on the underlying OS/400 user authentication
    system.  However, starting with V5R1 and V5R2, NetServer can be integrated
    into your Windows Domain or Active Directory via Kerberos, NetBIOS, or
    LDAP.  This integration allows the NetServer to inherit the domain&#39;s account
    lockout policies. Refer to the NetServer documentation for more information.</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Samba</Paragraph>
			<Paragraph>
				<Paragraph>The Samba server uses the host operating system&#39;s authentication
    mechanism to control access.  If you want to integrate
    Samba into your NT4 domain or Win2k Active Directory, you can
    use Samba 2.2.2 or later with winbind to achieve &quot;single sign-on&quot;.
    However, integrating Samba with LDAP/Kerberos/Active Directory is
    not a trivial task and should only be undertaken with caution.</Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="cifs-no-password-length-min" title="CIFS Minimum Password Length Policy Not Enforced" severity="7" pciSeverity="4" cvssScore="6.8" cvssVector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" published="20041101T000000000" added="20041101T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The minimum password length on the CIFS server is set
      to 0, which allows accounts with no password and accounts
      with very short passwords.  This is a security risk.  If the
      account policy does not enforce a reasonable minimum password
      length, an attacker will stand a much better chance of
      guessing or brute forcing users&#39; passwords.  Enforcing a higher
      minimum password length will limit the effectiveness of
      any brute forcing attempts.</Paragraph>
    

	<Paragraph>The default password length is typically set to 0, which
      allows empty passwords.  Most policies recommend setting the
      minimum to 6 or more characters.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>CIFS</tag>
<tag>Default Account</tag>
<tag>Policy Violation</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>Microsoft Windows Vista, Microsoft Windows Vista Home, Basic Edition, Microsoft Windows Vista Home, Basic N Edition, Microsoft Windows Vista Home, Premium Edition, Microsoft Windows Vista Ultimate Edition, Microsoft Windows Vista Enterprise Edition, Microsoft Windows Vista Business Edition, Microsoft Windows Vista Business N Edition, Microsoft Windows Vista Starter Edition, Microsoft Windows Server 2008, Microsoft Windows Server 2008 Standard Edition, Microsoft Windows Server 2008 Enterprise Edition, Microsoft Windows Server 2008 Datacenter Edition, Microsoft Windows Server 2008 HPC Edition, Microsoft Windows Server 2008 Web Edition, Microsoft Windows Server 2008 Storage Edition, Microsoft Windows Small Business Server 2008, Microsoft Windows Essential Business Server 2008, Microsoft Windows Server 2012, Microsoft Windows Server 2012 Essentials Edition, Microsoft Windows Server 2012 Standard Edition, Microsoft Windows Server 2012 Datacenter Edition, Microsoft Windows Server 2012 Foundation Edition, Microsoft Windows Storage Server 2012, Microsoft Windows 7, Microsoft Windows 7 Home, Basic Edition, Microsoft Windows 7 Home, Basic N Edition, Microsoft Windows 7 Home, Premium Edition, Microsoft Windows 7 Home, Premium N Edition, Microsoft Windows 7 Ultimate Edition, Microsoft Windows 7 Ultimate N Edition, Microsoft Windows 7 Enterprise Edition, Microsoft Windows 7 Enterprise N Edition, Microsoft Windows 7 Professional Edition, Microsoft Windows 7 Starter Edition, Microsoft Windows 7 Starter N Edition, Microsoft Windows Embedded Standard 7, Microsoft Windows Server 2008 R2, Microsoft Windows Server 2008 R2, Enterprise Edition, Microsoft Windows Server 2008 R2, Standard Edition, Microsoft Windows Server 2008 R2, Datacenter Edition, Microsoft Windows Server 2008 R2, Web Edition, Microsoft Windows 8, Microsoft Windows 8 Enterprise Edition, Microsoft Windows 8 Professional Edition, Microsoft Windows RT</Paragraph>
			<Paragraph>
				<OrderedList>
					<ListItem>Open the Windows Control Panel.</ListItem>
					<ListItem>Select &quot;Administrative Tools&quot;.</ListItem>
					<ListItem>To change the domain-wide lockout policy, select &quot;Domain
      Security Policy&quot; (or &quot;Domain Controller Security Policy&quot; if
      the computer is a Domain Controller).  Otherwise, to change
      the policy for this computer only, select &quot;Local Security
      Policy.&quot;</ListItem>
					<ListItem>Expand the &quot;Account Policies&quot; folder and select
      &quot;Password Policy&quot;.</ListItem>
					<ListItem>Set the Minimum Password Length.  This setting
      enforces a minimum length for new or changed passwords.
      A value of 6 or higher is recommended.</ListItem>
					<ListItem>Note that this policy does not affect existing
      passwords.  It will only take effect when an existing
      user changes his password.</ListItem></OrderedList></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows XP, Microsoft Windows XP Home, Microsoft Windows XP Professional, Microsoft Windows Server 2003, Microsoft Windows Server 2003, Standard Edition, Microsoft Windows Server 2003, Enterprise Edition, Microsoft Windows Server 2003, Datacenter Edition, Microsoft Windows Server 2003, Web Edition, Microsoft Windows Small Business Server 2003</Paragraph>
			<Paragraph>
				<OrderedList>
					<ListItem>Open the &quot;Performance and Maintenance&quot; control panel.</ListItem>
					<ListItem>Select &quot;Administrative Tools&quot;.</ListItem>
					<ListItem>To change the domain-wide lockout policy, select &quot;Domain
      Security Policy&quot; (or &quot;Domain Controller Security Policy&quot; if
      the computer is a Domain Controller).  Otherwise, to change
      the policy for this computer only, select &quot;Local Security
      Policy.&quot;</ListItem>
					<ListItem>Expand the &quot;Account Policies&quot; folder and select
      &quot;Password Policy&quot;.</ListItem>
					<ListItem>Set the Minimum Password Length.  This setting
      enforces a minimum length for new or changed passwords.
      A value of 6 or higher is recommended.</ListItem>
					<ListItem>Note that this policy does not affect existing
      passwords.  It will only take effect when an existing
      user changes his password.</ListItem></OrderedList></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows 2000, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Datacenter Server</Paragraph>
			<Paragraph>
				<OrderedList>
					<ListItem>Open the &quot;Administrative Tools&quot; control panel.</ListItem>
					<ListItem>To change the domain-wide lockout policy, select &quot;Domain
      Security Policy&quot; (or &quot;Domain Controller Security Policy&quot; if
      the computer is a Domain Controller).  Otherwise, to change
      the policy for this computer only, select &quot;Local Security
      Policy.&quot;</ListItem>
					<ListItem>Expand the &quot;Account Policies&quot; folder and select
      &quot;Password Policy&quot;.</ListItem>
					<ListItem>Set the Minimum Password Length.  This setting
      enforces a minimum length for new or changed passwords.
      A value of 6 or higher is recommended.</ListItem>
					<ListItem>Note that this policy does not affect existing
      passwords.  It will only take effect when an existing
      user changes his password.</ListItem></OrderedList></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows NT, Microsoft Windows NT Workstation, Microsoft Windows NT Server, Microsoft Windows NT Advanced Server, Microsoft Windows NT Server, Enterprise Edition, Microsoft Windows NT Server, Terminal Server Edition</Paragraph>
			<Paragraph>
				<OrderedList>
					<ListItem>Click on the &quot;Start&quot; button from the Task Bar</ListItem>
					<ListItem>Select &quot;Programs&quot;</ListItem>
					<ListItem>Select &quot;Administrative Tools&quot;</ListItem>
					<ListItem>To change the domain-wide lockout policy, select
      &quot;User Manager for Domains&quot;.  Otherwise, to change
      the policy for this computer only, select &quot;User Manager&quot;.</ListItem>
					<ListItem>From the &quot;Policies&quot; menu, select &quot;Account...&quot;</ListItem>
					<ListItem>Set the Minimum Password Length.  This setting
      enforces a minimum length for new or changed passwords.
      A value of 6 or higher is recommended.</ListItem>
					<ListItem>Note that this policy does not affect existing
      passwords.  It will only take effect when an existing
      user changes his password.</ListItem></OrderedList></Paragraph></ListItem>
		<ListItem>
			<Paragraph>IBM OS/400</Paragraph>
			<Paragraph>
				<Paragraph>OS/400 V4R2 and later include a feature called 
    
				<URLLink LinkURL="http://www-1.ibm.com/servers/eserver/iseries/netserver/" LinkTitle="http://www-1.ibm.com/servers/eserver/iseries/netserver/" href="http://www-1.ibm.com/servers/eserver/iseries/netserver/">NetServer</URLLink>
    which provides Windows compatible file and printer sharing.  Early
    versions of NetServer relied on the underlying OS/400 user authentication
    system.  However, starting with V5R1 and V5R2, NetServer can be integrated
    into your Windows Domain or Active Directory via Kerberos, NetBIOS, or
    LDAP.  This integration allows the NetServer to inherit the domain&#39;s account
    lockout policies. Refer to the NetServer documentation for more information.</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Samba</Paragraph>
			<Paragraph>
				<Paragraph>The Samba server uses the host operating system&#39;s authentication
    mechanism to control access.  If you want to integrate
    Samba into your NT4 domain or Win2k Active Directory, you can
    use Samba 2.2.2 or later with winbind to achieve &quot;single sign-on&quot;.
    However, integrating Samba with LDAP/Kerberos/Active Directory is
    not a trivial task and should only be undertaken with caution.</Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="DNS-0004" title="Unrestricted DNS Zone Transfer (CVE-1999-0532)" severity="1" pciSeverity="3" cvssScore="0.0" cvssVector="(AV:N/AC:L/Au:N/C:N/I:N/A:N)" published="19970701T000000000" added="20041101T000000000" modified="20130718T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>A DNS server allows zone transfers.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-1999-0532</reference>
</references><tags>
<tag>DNS</tag>
<tag>ISC</tag>
<tag>ISC BIND</tag>
<tag>Zone Transfer</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
Restrict zone transfers to slave servers only.


		<UnorderedList>
			<ListItem>For BIND, use the


			<URLLink LinkURL="http://www.isc.org/products/BIND/docs/bog-4.9.4/bog-sh-5.html#sh-5.1.13" LinkTitle="http://www.isc.org/products/BIND/docs/bog-4.9.4/bog-sh-5.html#sh-5.1.13" href="http://www.isc.org/products/BIND/docs/bog-4.9.4/bog-sh-5.html#sh-5.1.13">&quot;xfernets&quot; directive</URLLink>
( http://www.isc.org/products/BIND/docs/bog-4.9.4/bog-sh-5.html#sh-5.1.13 ) .</ListItem>
			<ListItem>For djbdns/tinydns, see


			<URLLink LinkURL="http://cr.yp.to/djbdns/faq/axfrdns.html" LinkTitle="http://cr.yp.to/djbdns/faq/axfrdns.html" href="http://cr.yp.to/djbdns/faq/axfrdns.html">http://cr.yp.to/djbdns/faq/axfrdns.html</URLLink> ( http://cr.yp.to/djbdns/faq/axfrdns.html ) .</ListItem>
			<ListItem>For Microsoft DNS, make sure that your DNS services are integrated
with Active Directory, and then use Active Directory&#39;s built-in
object security mechanisms to place restrictions on the data.  If you
are using Active Directory exclusively, you can disable zone transfer
in favor of Active Directory replication.  This will only allow
designated domain controllers to obtain the Active Directory information.</ListItem></UnorderedList></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="dns-allows-cache-snooping" title="DNS server allows cache snooping" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" published="19900101T000000000" added="20110401T000000000" modified="20121023T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
      This DNS server is susceptible to DNS cache snooping, whereby an attacker
      can make non-recursive queries to a DNS server, looking for records
      potentially already resolved by this DNS server for other clients.
      Depending on the response, an attacker can use this information to
      potentially launch other attacks.
    </Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="URL">http://www.rootsecure.net/content/downloads/pdf/dns_cache_snooping.pdf</reference>
</references><tags>
<tag>DNS</tag>
<tag>ISC</tag>
<tag>ISC BIND</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
          Restrict the processing of DNS queries to only systems that should
          be allowed to use this nameserver.
        </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="dns-processes-recursive-queries" title="Nameserver Processes Recursive Queries" severity="5" pciSeverity="2" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" published="19900101T000000000" added="20100226T000000000" modified="20121023T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
        Allowing nameservers to process recursive queries coming from any system
        may, in certain situations, help attackers conduct denial of service or
        cache poisoning attacks.
     </Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="URL">http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf</reference>
</references><tags>
<tag>DNS</tag>
<tag>Denial of Service</tag>
<tag>ISC</tag>
<tag>ISC BIND</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
            Restrict the processing of recursive queries to only systems that
            should be allowed to use this nameserver.
         </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="dns-unrestricted-reverse-zone-transfer" title="Unrestricted Reverse DNS Zone Transfer" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" published="20071126T000000000" added="20071126T000000000" modified="20121023T000000000">
<description>

<ContainerBlockElement>
    Allowing unrestricted reverse zone transfers gives anonymous users access to information about
     all hostnames defined in a particular domain. This information can aid further attacks on
     vulnerable systems.
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>DNS</tag>
<tag>ISC</tag>
<tag>ISC BIND</tag>
<tag>Zone Transfer</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
            See the documentation of your DNS server to disable or restrict reverse zone transfers.
         </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ftp-anonymous-writeable-directories" title="Anonymous FTP Writeable Directories" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="19990101T000000000" added="20041101T000000000" modified="20120713T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Anonymous users can upload files to the FTP server. This can often be used
      in combination with other services, such as HTTP, to compromise the server.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-1999-0527</reference>
</references><tags>
<tag>FTP</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Disable write access (upload) for anonymous users. It is also best
      to restrict world writeable permissions to any directory or file
      accessible via FTP.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ftp-default-login-admin-null" title="FTP access with admin/null credentials" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="19990101T000000000" added="20100715T000000000" modified="20120927T000000000">
<description>

<ContainerBlockElement>
    Access to the FTP server was gained using the user account &quot;admin&quot; and password &quot;&quot;.
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>FTP</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Remove or disable the account if it is not critical for the
    system to function. Otherwise, the password should be changed
    to a non-default value.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ftp-default-login-admin-passwd" title="FTP access with admin/passwd credentials" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="19990101T000000000" added="20100715T000000000" modified="20120927T000000000">
<description>

<ContainerBlockElement>
    Access to the FTP server was gained using the user account &quot;admin&quot; and password &quot;passwd&quot;.
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>FTP</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Remove or disable the account if it is not critical for the
    system to function. Otherwise, the password should be changed
    to a non-default value.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ftp-default-login-admin-password" title="FTP access with admin/password credentials" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="19990101T000000000" added="20100715T000000000" modified="20120927T000000000">
<description>

<ContainerBlockElement>
    Access to the FTP server was gained using the user account &quot;admin&quot; and password &quot;password&quot;.
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>FTP</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Remove or disable the account if it is not critical for the
    system to function. Otherwise, the password should be changed
    to a non-default value.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ftp-default-login-administrator-null" title="FTP access with administrator/null credentials" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="19990101T000000000" added="20100715T000000000" modified="20120927T000000000">
<description>

<ContainerBlockElement>
    Access to the FTP server was gained using the user account &quot;administrator&quot; and password &quot;&quot;.
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>FTP</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Remove or disable the account if it is not critical for the
    system to function. Otherwise, the password should be changed
    to a non-default value.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ftp-default-login-administrator-passwd" title="FTP access with administrator/passwd credentials" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="19990101T000000000" added="20100715T000000000" modified="20120927T000000000">
<description>

<ContainerBlockElement>
    Access to the FTP server was gained using the user account &quot;administrator&quot; and password &quot;passwd&quot;.
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>FTP</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Remove or disable the account if it is not critical for the
    system to function. Otherwise, the password should be changed
    to a non-default value.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ftp-default-login-administrator-password" title="FTP access with administrator/password credentials" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="19990101T000000000" added="20100715T000000000" modified="20120927T000000000">
<description>

<ContainerBlockElement>
    Access to the FTP server was gained using the user account &quot;administrator&quot; and password &quot;password&quot;.
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>FTP</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Remove or disable the account if it is not critical for the
    system to function. Otherwise, the password should be changed
    to a non-default value.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="FTP-GENERIC-0001" title="FTP access with ftp account" severity="1" pciSeverity="3" cvssScore="0.0" cvssVector="(AV:N/AC:L/Au:N/C:N/I:N/A:N)" published="19990101T000000000" added="20041101T000000000" modified="20130718T000000000">
<description>

<ContainerBlockElement>
    Many FTP servers support a default account with the user ID &quot;ftp&quot; and password &quot;ftp&quot;. It is best practice to remove default accounts, if possible. For accounts required by the system, the default password should be changed.
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-1999-0497</reference>
</references><tags>
<tag>Default Account</tag>
<tag>FTP</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Remove or disable the account if it is not critical for the
    system to function. Otherwise, the password should be changed
    to a non-default value.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="FTP-GENERIC-0002" title="FTP access with anonymous account" severity="1" pciSeverity="3" cvssScore="0.0" cvssVector="(AV:N/AC:L/Au:N/C:N/I:N/A:N)" published="19990101T000000000" added="20041101T000000000" modified="20130718T000000000">
<description>

<ContainerBlockElement>
    Many FTP servers support a default account with the user ID &quot;anonymous&quot; and password &quot;ftp@&quot;. It is best practice to remove default accounts, if possible. For accounts required by the system, the default password should be changed.
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-1999-0497</reference>
</references><tags>
<tag>Default Account</tag>
<tag>FTP</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Remove or disable the account if it is not critical for the
    system to function. Otherwise, the password should be changed
    to a non-default value.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="FTP-GENERIC-0003" title="FTP access with guest account" severity="1" pciSeverity="3" cvssScore="0.0" cvssVector="(AV:N/AC:L/Au:N/C:N/I:N/A:N)" published="19990101T000000000" added="20041101T000000000" modified="20130718T000000000">
<description>

<ContainerBlockElement>
    Many FTP servers support a default account with the user ID &quot;guest&quot; and password &quot;&quot;. It is best practice to remove default accounts, if possible. For accounts required by the system, the default password should be changed.
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-1999-0497</reference>
</references><tags>
<tag>Default Account</tag>
<tag>FTP</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Remove or disable the account if it is not critical for the
    system to function. Otherwise, the password should be changed
    to a non-default value.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="FTP-GENERIC-0004" title="FTP access without authentication" severity="1" pciSeverity="1" cvssScore="0.0" cvssVector="(AV:N/AC:L/Au:N/C:N/I:N/A:N)" published="19990101T000000000" added="20041101T000000000" modified="20120713T000000000">
<description>

<ContainerBlockElement>
    Some FTP servers allow users to specify any user ID and password to gain access.
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-1999-0497</reference>
</references><tags>
<tag>FTP</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Password protected accounts should always be used
    to protect file access.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="FTP-GENERIC-0005" title="FTP access with blank account and password" severity="1" pciSeverity="1" cvssScore="0.0" cvssVector="(AV:N/AC:L/Au:N/C:N/I:N/A:N)" published="19990101T000000000" added="20041101T000000000" modified="20120713T000000000">
<description>

<ContainerBlockElement>
    Some FTP servers permit access with the user ID &quot;&quot; and password &quot;&quot;.
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-1999-0497</reference>
</references><tags>
<tag>FTP</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Password protected accounts should always be used
    to protect file access.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="FTP-GENERIC-0006" title="FTP access with no account and password" severity="1" pciSeverity="1" cvssScore="0.0" cvssVector="(AV:N/AC:L/Au:N/C:N/I:N/A:N)" published="19990101T000000000" added="20041101T000000000" modified="20120713T000000000">
<description>

<ContainerBlockElement>
    Some FTP servers permit access with the user ID &quot;&quot; and password &quot;&quot;.
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-1999-0497</reference>
</references><tags>
<tag>FTP</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Password protected accounts should always be used
    to protect file access.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="FTP-GENERIC-0007" title="FTP server does not support AUTH command" severity="6" pciSeverity="3" cvssScore="5.8" cvssVector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" published="20041101T000000000" added="20041101T000000000" modified="20120709T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
        FTP clients send credentials (user ID and password) in clear text to
        the FTP server by default. This allows malicious users to intercept the
        credentials if they can eavesdrop on the connection.
     </Paragraph>
     
	<Paragraph>
        Newer FTP servers support the AUTH command, which provides enhanced
        authentication options such as TLS, Kerberos, GSSAPI, etc. This
        should be used to prevent eavesdropping on FTP connections.
     </Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>FTP</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Upgrade/migrate to a FTP server that supports the AUTH command.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ftp-proftpd-1-3-3c-backdoor" title="ProFTPD 1.3.3c backdoor" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20101202T000000000" added="20101203T000000000" modified="20120713T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
      Version 1.3.3c of ProFTPD, if downloaded and installed between
      November 28, 2010 and December 2, 2010, contains a backdoor that
      allows remote, unauthenticated attackers to execute arbitrary
      code as the user running the ProFTPD service.
    </Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="URL">http://sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org</reference>
</references><tags>
<tag>Backdoor</tag>
<tag>FTP</tag>
<tag>Remote Execution</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
          All users who run versions of ProFTPD which have been downloaded and
          compiled in this time window are strongly advised to check their
          systems for security compromises and install unmodified versions of
          ProFTPD.  To verify the integrity of your source files, use the PGP
          signatures which can be found here as well as on the FTP servers.
        </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="generic-icmp-netmask" title="ICMP netmask response" severity="1" pciSeverity="1" cvssScore="0.0" cvssVector="(AV:L/AC:L/Au:N/C:N/I:N/A:N)" published="19970801T000000000" added="20041101T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    The remote host responded to an ICMP netmask request.  The ICMP netmask response      contains the remote host&#39;s network mask (on the interface that processed the      request).  This information can be used by a hacker to accurately map your      subnet structures, determining the broadcast addresses in use, and which routers      are responsible for which subnets.  This may make it easier for them to launch      a &quot;SMURF attack&quot; using broadcast-directed ICMP ping packets.
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-1999-0524</reference>
<reference source="OSVDB">95</reference>
<reference source="XF">icmp-netmask(306)</reference>
<reference source="XF">icmp-timestamp(322)</reference>
</references><tags>
<tag>Network</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>IBM AIX</Paragraph>
			<Paragraph>
				<Paragraph>Execute the following command:</Paragraph>
				<Paragraph preFormat="true">   /usr/sbin/no -o icmpaddressmask=0</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 17 (netmask request) and 18 (netmask response).</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>OpenBSD, FreeBSD, NetBSD</Paragraph>
			<Paragraph>
				<Paragraph>Set the &quot;net.inet.icmp.maskrepl&quot; sysctl variable to 0.</Paragraph>
				<Paragraph preformat="true">   sysctl -w net.inet.icmp.maskrepl=0</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 17 (netmask request) and 18 (netmask response).</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>
				<Paragraph>Configure your firewall to block incoming and outgoing ICMP packets 
    with ICMP types 17 (netmask request) and 18 (netmask response), 
    respectively.</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>HP-UX</Paragraph>
			<Paragraph>
				<Paragraph>Execute the following command:</Paragraph>
				<Paragraph preFormat="true">   ndd -set /dev/ip ip_respond_to_address_mask_broadcast 0</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 17 (netmask request) and 18 (netmask response).</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Cisco IOS</Paragraph>
			<Paragraph>
				<Paragraph>Issue the &quot;no ip mask-reply&quot; command for each affected
    interface.  For example:</Paragraph>
				<Paragraph preformat="true">   config t</Paragraph>
				<Paragraph preformat="true">      interface fastethernet0/0</Paragraph>
				<Paragraph preformat="true">         no ip mask-reply</Paragraph>
				<Paragraph preformat="true">         exit</Paragraph>
				<Paragraph>Don&#39;t forget to save the configuration when you are finished.</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 17 (netmask request) and 18 (netmask response).</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>SGI Irix</Paragraph>
			<Paragraph>
				<Paragraph>IRIX does not offer a way to disable ICMP netmask responses.
    Therefore, you should block ICMP on the affected host using
    ipfilterd, and/or block it at the firewall.</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 17 (netmask request) and 18 (netmask response).</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Linux</Paragraph>
			<Paragraph>
				<Paragraph>Linux offers neither a sysctl nor a /proc/sys/net/ipv4 interface to
    disable ICMP netmask responses.  Therefore, you should block ICMP on
    the affected host using iptables, and/or block it at the firewall.
    For example:</Paragraph>
				<Paragraph preformat="true">   ipchains -A input -p icmp --icmp-type address-mask-request -j DROP</Paragraph>
				<Paragraph preformat="true">   ipchains -A output -p icmp --icmp-type address-mask-reply -j DROP</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 17 (netmask request) and 18 (netmask response).</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows NT, Microsoft Windows NT Workstation, Microsoft Windows NT Server, Microsoft Windows NT Advanced Server, Microsoft Windows NT Server, Enterprise Edition, Microsoft Windows NT Server, Terminal Server Edition</Paragraph>
			<Paragraph>
				<Paragraph>Windows NT 4 does not provide a way to block ICMP packets.
    Therefore, you should block it at the firewall.</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 17 (netmask request) and 18 (netmask response).</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Cisco PIX</Paragraph>
			<Paragraph>
				<Paragraph>A properly configured PIX firewall should never respond to ICMP
    packets on its external interface.  In PIX Software versions 4.1(6)
    until 5.2.1, ICMP traffic to the PIX&#39;s internal interface is
    always permitted; the PIX cannot be configured to NOT respond.
    Beginning in PIX Software version 5.2.1, ICMP is still permitted on
    the internal interface by default, but ICMP netmask responses from
    its internal interfaces can be disabled with the icmp command, as
    follows, where &lt;inside&gt; is the name of the internal interface:</Paragraph>
				<Paragraph preformat="true">   icmp deny any 17 &lt;inside&gt;</Paragraph>
				<Paragraph preformat="true">   icmp deny any 18 &lt;inside&gt;</Paragraph>
				<Paragraph>Don&#39;t forget to save the configuration when you are finished.</Paragraph>
				<Paragraph>See Cisco&#39;s support document 
    
				<URLLink LinkURL="http://www.cisco.com/warp/public/110/31.html" LinkTitle="http://www.cisco.com/warp/public/110/31.html" href="http://www.cisco.com/warp/public/110/31.html">Handling ICMP Pings with the PIX Firewall</URLLink>
    for more information.</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 17 (netmask request) and 18 (netmask response).</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Sun Solaris</Paragraph>
			<Paragraph>
				<Paragraph>Solaris does not offer a way to disable responses to unicast ICMP
    netmask requests.  The following command will block responses to
    broadcast ICMP netmask requests:</Paragraph>
				<Paragraph preformat="true">   /usr/sbin/ndd -set /dev/ip ip_respond_to_address_mask_broadcast 0</Paragraph>
				<Paragraph>However, the Solaris host will always respond to ICMP netmask
    requests directed to the host.  In order to completely disable ICMP
    netmask responses, the ICMP requests and responses must be blocked at
    the firewall.  Alternately, firewall software could be installed on
    the host itself.  Sun&#39;s SunScreen firewall suite is available for
    Solaris 9 and Trusted Solaris 8.  Solaris 10 will offer a more tightly
    integrated SunScreen firewall.  Other open source firewall packages such as
    
				<URLLink LinkURL="http://coombs.anu.edu.au/~avalon/" LinkTitle="http://coombs.anu.edu.au/~avalon/" href="http://coombs.anu.edu.au/~avalon/">IPFilter</URLLink>
    are available for Solaris.</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 17 (netmask request) and 18 (netmask response).</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows 2000, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Datacenter Server, Microsoft Windows XP, Microsoft Windows XP Home, Microsoft Windows XP Professional, Microsoft Windows Server 2003, Microsoft Windows Server 2003, Standard Edition, Microsoft Windows Server 2003, Enterprise Edition, Microsoft Windows Server 2003, Datacenter Edition, Microsoft Windows Server 2003, Web Edition, Microsoft Windows Small Business Server 2003</Paragraph>
			<Paragraph>
				<Paragraph>Use the IPSec filter feature to define and apply an IP filter list
    that blocks ICMP types 17 and 18.  Note that the standard TCP/IP
    blocking capability under the &quot;Networking and Dialup
    Connections&quot; control panel is NOT capable of blocking ICMP (only
    TCP and UDP). The IPSec filter features, while they may seem strictly
    related to the IPSec standards, will allow you to selectively block
    these ICMP packets.  See
    
				<URLLink LinkURL="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/askus/au091100.asp" LinkTitle="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/askus/au091100.asp" href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/askus/au091100.asp"></URLLink>
    for more information.</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 17 (netmask request) and 18 (netmask response).</Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="generic-icmp-timestamp" title="ICMP timestamp response" severity="1" pciSeverity="1" cvssScore="0.0" cvssVector="(AV:L/AC:L/Au:N/C:N/I:N/A:N)" published="19970801T000000000" added="20041101T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The remote host responded to an ICMP timestamp request.  The ICMP timestamp response
      contains the remote host&#39;s date and time.  This information could theoretically be
      used against some systems to exploit weak time-based random number generators in
      other services.</Paragraph>
    

	<Paragraph>In addition, the versions of some operating systems can be accurately fingerprinted
      by analyzing their responses to invalid ICMP timestamp requests.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-1999-0524</reference>
<reference source="OSVDB">95</reference>
<reference source="XF">icmp-netmask(306)</reference>
<reference source="XF">icmp-timestamp(322)</reference>
</references><tags>
<tag>Network</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>HP-UX</Paragraph>
			<Paragraph>
				<Paragraph>Execute the following command:</Paragraph>
				<Paragraph preFormat="true">   ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 13 (timestamp request) and 14 (timestamp response).</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Cisco IOS</Paragraph>
			<Paragraph>
				<Paragraph>Use ACLs to block ICMP types 13 and 14.  For example:</Paragraph>
				<Paragraph preformat="true">   deny icmp any any 13</Paragraph>
				<Paragraph preformat="true">   deny icmp any any 14</Paragraph>
				<Paragraph>Note that it is generally preferable to use ACLs that block everything
    by default and then selectively allow certain types of traffic in.  For
    example, block everything and then only allow ICMP unreachable, ICMP
    echo reply, ICMP time exceeded, and ICMP source quench:</Paragraph>
				<Paragraph preformat="true">   permit icmp any any unreachable</Paragraph>
				<Paragraph preformat="true">   permit icmp any any echo-reply</Paragraph>
				<Paragraph preformat="true">   permit icmp any any time-exceeded</Paragraph>
				<Paragraph preformat="true">   permit icmp any any source-quench</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 13 (timestamp request) and 14 (timestamp response).</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>SGI Irix</Paragraph>
			<Paragraph>
				<Paragraph>IRIX does not offer a way to disable ICMP timestamp responses.
    Therefore, you should block ICMP on the affected host using ipfilterd,
    and/or block it at any external firewalls.</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 13 (timestamp request) and 14 (timestamp response).</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Linux</Paragraph>
			<Paragraph>
				<Paragraph>Linux offers neither a sysctl nor a /proc/sys/net/ipv4 interface
    to disable ICMP timestamp responses.  Therefore, you should block
    ICMP on the affected host using iptables, and/or block it at the
    firewall. For example:</Paragraph>
				<Paragraph preformat="true">   ipchains -A input -p icmp --icmp-type timestamp-request -j DROP</Paragraph>
				<Paragraph preformat="true">   ipchains -A output -p icmp --icmp-type timestamp-reply -j DROP</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 13 (timestamp request) and 14 (timestamp response).</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows NT, Microsoft Windows NT Workstation, Microsoft Windows NT Server, Microsoft Windows NT Advanced Server, Microsoft Windows NT Server, Enterprise Edition, Microsoft Windows NT Server, Terminal Server Edition</Paragraph>
			<Paragraph>
				<Paragraph>Windows NT 4 does not provide a way to block ICMP packets.
    Therefore, you should block them at the firewall.</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 13 (timestamp request) and 14 (timestamp response).</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>OpenBSD</Paragraph>
			<Paragraph>
				<Paragraph>Set the &quot;net.inet.icmp.tstamprepl&quot; sysctl variable to 0.</Paragraph>
				<Paragraph preformat="true">   sysctl -w net.inet.icmp.tstamprepl=0</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 13 (timestamp request) and 14 (timestamp response).</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Cisco PIX</Paragraph>
			<Paragraph>
				<Paragraph>A properly configured PIX firewall should never respond to ICMP
    packets on its external interface.  In PIX Software versions 4.1(6)
    until 5.2.1, ICMP traffic to the PIX&#39;s internal interface is
    permitted; the PIX cannot be configured to NOT respond.  Beginning in
    PIX Software version 5.2.1, ICMP is still permitted on the internal
    interface by default, but ICMP responses from its internal interfaces
    can be disabled with the icmp command, as follows, where &lt;inside&gt;
    is the name of the internal interface:</Paragraph>
				<Paragraph preformat="true">   icmp deny any 13 &lt;inside&gt;</Paragraph>
				<Paragraph preformat="true">   icmp deny any 14 &lt;inside&gt;</Paragraph>
				<Paragraph>Don&#39;t forget to save the configuration when you are finished.</Paragraph>
				<Paragraph>See Cisco&#39;s support document
    
				<URLLink LinkURL="http://www.cisco.com/warp/public/110/31.html" LinkTitle="http://www.cisco.com/warp/public/110/31.html" href="http://www.cisco.com/warp/public/110/31.html">Handling ICMP Pings with the PIX Firewall</URLLink>
    for more information.</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 13 (timestamp request) and 14 (timestamp response).</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Sun Solaris</Paragraph>
			<Paragraph>
				<Paragraph>Execute the following commands:</Paragraph>
				<Paragraph preformat="true">   /usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp 0</Paragraph>
				<Paragraph preformat="true">   /usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 13 (timestamp request) and 14 (timestamp response).</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows 2000, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Datacenter Server</Paragraph>
			<Paragraph>
				<Paragraph>Use the IPSec filter feature to define and apply an IP filter list
    that blocks ICMP types 13 and 14.  Note that the standard TCP/IP
    blocking capability under the &quot;Networking and Dialup
    Connections&quot; control panel is NOT capable of blocking ICMP (only
    TCP and UDP). The IPSec filter features, while they may seem strictly
    related to the IPSec standards, will allow you to selectively block
    these ICMP packets.  See
    
				<URLLink LinkURL="http://support.microsoft.com/kb/313190" LinkTitle="http://support.microsoft.com/kb/313190" href="http://support.microsoft.com/kb/313190"></URLLink>
    for more information.</Paragraph>
				<Paragraph>The easiest and most effective solution is to configure your
    firewall to block incoming and outgoing ICMP packets with ICMP
    types 13 (timestamp request) and 14 (timestamp response).</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows XP, Microsoft Windows XP Home, Microsoft Windows XP Professional, Microsoft Windows Server 2003, Microsoft Windows Server 2003, Standard Edition, Microsoft Windows Server 2003, Enterprise Edition, Microsoft Windows Server 2003, Datacenter Edition, Microsoft Windows Server 2003, Web Edition, Microsoft Windows Small Business Server 2003</Paragraph>
			<Paragraph>
				<Paragraph>ICMP timestamp responses can be disabled by deselecting the &quot;allow incoming timestamp request&quot;
       option in the ICMP configuration panel of Windows Firewall.</Paragraph>
				<OrderedList>
					<ListItem>Go to the Network Connections control panel.</ListItem>
					<ListItem>Right click on the network adapter and select &quot;properties&quot;, or select the internet adapter and select File-&gt;Properties.</ListItem>
					<ListItem>Select the &quot;Advanced&quot; tab.</ListItem>
					<ListItem>In the Windows Firewall box, select &quot;Settings&quot;.</ListItem>
					<ListItem>Select the &quot;General&quot; tab.</ListItem>
					<ListItem>Enable the firewall by selecting the &quot;on (recommended)&quot; option.</ListItem>
					<ListItem>Select the &quot;Advanced&quot; tab.</ListItem>
					<ListItem>In the ICMP box, select &quot;Settings&quot;.</ListItem>
					<ListItem>Deselect (uncheck) the &quot;Allow incoming timestamp request&quot; option.</ListItem>
					<ListItem>Select &quot;OK&quot; to exit the ICMP Settings dialog and save the settings.</ListItem>
					<ListItem>Select &quot;OK&quot; to exit the Windows Firewall dialog and save the settings.</ListItem>
					<ListItem>Select &quot;OK&quot; to exit the internet adapter dialog.</ListItem></OrderedList>
				<Paragraph>For more information, see:
    
				<URLLink LinkURL="http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true" LinkTitle="http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true" href="http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true"></URLLink></Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows Vista, Microsoft Windows Vista Home, Basic Edition, Microsoft Windows Vista Home, Basic N Edition, Microsoft Windows Vista Home, Premium Edition, Microsoft Windows Vista Ultimate Edition, Microsoft Windows Vista Enterprise Edition, Microsoft Windows Vista Business Edition, Microsoft Windows Vista Business N Edition, Microsoft Windows Vista Starter Edition, Microsoft Windows Server 2008, Microsoft Windows Server 2008 Standard Edition, Microsoft Windows Server 2008 Enterprise Edition, Microsoft Windows Server 2008 Datacenter Edition, Microsoft Windows Server 2008 HPC Edition, Microsoft Windows Server 2008 Web Edition, Microsoft Windows Server 2008 Storage Edition, Microsoft Windows Small Business Server 2008, Microsoft Windows Essential Business Server 2008</Paragraph>
			<Paragraph>
				<Paragraph>ICMP timestamp responses can be disabled via the netsh command line utility.</Paragraph>
				<OrderedList>
					<ListItem>Go to the Windows Control Panel.</ListItem>
					<ListItem>Select &quot;Windows Firewall&quot;.</ListItem>
					<ListItem>In the Windows Firewall box, select &quot;Change Settings&quot;.</ListItem>
					<ListItem>Enable the firewall by selecting the &quot;on (recommended)&quot; option.</ListItem>
					<ListItem>Open a Command Prompt.</ListItem>
					<ListItem>Enter &quot;netsh firewall set icmpsetting 13 disable&quot;</ListItem></OrderedList>
				<Paragraph>For more information, see:
    
				<URLLink LinkURL="http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true" LinkTitle="http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true" href="http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true"></URLLink></Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>
				<Paragraph>Disable ICMP timestamp replies for the device. If the device does not support
    this level of configuration, the easiest and most effective solution is to
    configure your firewall to block incoming and outgoing ICMP packets with ICMP
    types 13 (timestamp request) and 14 (timestamp response).</Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="generic-tcp-timestamp" title="TCP timestamp response" severity="1" pciSeverity="1" cvssScore="0.0" cvssVector="(AV:N/AC:L/Au:N/C:N/I:N/A:N)" published="19970801T000000000" added="20110401T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
      The remote host responded with a TCP timestamp.  The TCP timestamp response
      can be used to approximate the remote host&#39;s uptime, potentially aiding in
      further attacks.  Additionally, some operating systems can be fingerprinted
      based on the behavior of their TCP timestamps.
    </Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="URL">http://uptime.netcraft.com</reference>
<reference source="URL">http://www.forensicswiki.org/wiki/TCP_timestamps</reference>
<reference source="URL">http://www.ietf.org/rfc/rfc1323.txt</reference>
</references><tags>
<tag>Network</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>Cisco</Paragraph>
			<Paragraph>
				<Paragraph>
      Run the following command to disable TCP timestamps:
    </Paragraph>
				<Paragraph preformat="true">
      no ip tcp timestamp
    </Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>FreeBSD</Paragraph>
			<Paragraph>
				<Paragraph>
      Set the value of net.inet.tcp.rfc1323 to 0 by running the 
      following command:
    </Paragraph>
				<Paragraph preformat="true">
      sysctl -w net.inet.tcp.rfc1323=0
    </Paragraph>
				<Paragraph>
      Additionally, put the following value in the default sysctl
      configuration file, generally sysctl.conf:
    </Paragraph>
				<Paragraph preformat="true">
      net.inet.tcp.rfc1323=0
    </Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Linux</Paragraph>
			<Paragraph>
				<Paragraph>
      Set the value of net.ipv4.tcp_timestamps to 0 by running the 
      following command:
    </Paragraph>
				<Paragraph preformat="true">
      sysctl -w net.ipv4.tcp_timestamps=0
    </Paragraph>
				<Paragraph>
      Additionally, put the following value in the default sysctl
      configuration file, generally sysctl.conf:
    </Paragraph>
				<Paragraph preformat="true">
      net.ipv4.tcp_timestamps=0
    </Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>OpenBSD</Paragraph>
			<Paragraph>
				<Paragraph>
      Set the value of net.inet.tcp.rfc1323 to 0 by running the 
      following command:
    </Paragraph>
				<Paragraph preformat="true">
      sysctl -w net.inet.tcp.rfc1323=0
    </Paragraph>
				<Paragraph>
      Additionally, put the following value in the default sysctl
      configuration file, generally sysctl.conf:
    </Paragraph>
				<Paragraph preformat="true">
      net.inet.tcp.rfc1323=0
    </Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows NT, Microsoft Windows NT Workstation, Microsoft Windows NT Server, Microsoft Windows NT Advanced Server, Microsoft Windows NT Server, Enterprise Edition, Microsoft Windows NT Server, Terminal Server Edition, Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows 98SE, Microsoft Windows ME, Microsoft Windows 2000, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Datacenter Server, Microsoft Windows XP, Microsoft Windows XP Home, Microsoft Windows XP Professional, Microsoft Windows XP Tablet PC Edition, Microsoft Windows CE, Microsoft Windows Server 2003, Microsoft Windows Server 2003, Standard Edition, Microsoft Windows Server 2003, Enterprise Edition, Microsoft Windows Server 2003, Datacenter Edition, Microsoft Windows Server 2003, Web Edition, Microsoft Windows Small Business Server 2003, Microsoft Windows Server 2003 R2, Microsoft Windows Server 2003 R2, Standard Edition, Microsoft Windows Server 2003 R2, Enterprise Edition, Microsoft Windows Server 2003 R2, Datacenter Edition, Microsoft Windows Server 2003 R2, Web Edition, Microsoft Windows Small Business Server 2003 R2, Microsoft Windows Server 2003 R2, Express Edition, Microsoft Windows Server 2003 R2, Workgroup Edition</Paragraph>
			<Paragraph>
				<Paragraph>
      Set the Tcp1323Opts value in the following key to 1:
    </Paragraph>
				<Paragraph preformat="true">
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
    </Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows Server 2008, Microsoft Windows Server 2008 Standard Edition, Microsoft Windows Server 2008 Enterprise Edition, Microsoft Windows Server 2008 Datacenter Edition, Microsoft Windows Server 2008 HPC Edition, Microsoft Windows Server 2008 Web Edition, Microsoft Windows Server 2008 Storage Edition, Microsoft Windows Small Business Server 2008, Microsoft Windows Essential Business Server 2008, Microsoft Windows Server 2008 R2, Microsoft Windows Server 2008 R2, Standard Edition, Microsoft Windows Server 2008 R2, Enterprise Edition, Microsoft Windows Server 2008 R2, Datacenter Edition, Microsoft Windows Server 2008 R2, Web Edition, Microsoft Windows Server 2012, Microsoft Windows Server 2012 Standard Edition, Microsoft Windows Server 2012 Foundation Edition, Microsoft Windows Server 2012 Essentials Edition, Microsoft Windows Server 2012 Datacenter Edition, Microsoft Windows Storage Server 2012, Microsoft Windows Vista, Microsoft Windows Vista Home, Basic Edition, Microsoft Windows Vista Home, Basic N Edition, Microsoft Windows Vista Home, Premium Edition, Microsoft Windows Vista Ultimate Edition, Microsoft Windows Vista Enterprise Edition, Microsoft Windows Vista Business Edition, Microsoft Windows Vista Business N Edition, Microsoft Windows Vista Starter Edition, Microsoft Windows 7, Microsoft Windows 7 Home, Basic Edition, Microsoft Windows 7 Home, Basic N Edition, Microsoft Windows 7 Home, Premium Edition, Microsoft Windows 7 Home, Premium N Edition, Microsoft Windows 7 Ultimate Edition, Microsoft Windows 7 Ultimate N Edition, Microsoft Windows 7 Enterprise Edition, Microsoft Windows 7 Enterprise N Edition, Microsoft Windows 7 Professional Edition, Microsoft Windows 7 Starter Edition, Microsoft Windows 7 Starter N Edition, Microsoft Windows 8, Microsoft Windows 8 Enterprise Edition, Microsoft Windows 8 Professional Edition, Microsoft Windows 8 RT, Microsoft Windows Longhorn Server Beta</Paragraph>
			<Paragraph>
				<Paragraph>
      TCP timestamps cannot be reliably disabled on this OS.  If TCP timestamps present enough of a risk, put a firewall capable of blocking TCP timestamp packets in front of the affected assets.
    </Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-3com-wap-default-admin-password" title="3Com WAP Default Administrator Password Vulnerability" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20080818T000000000" added="20080818T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
        The administrator password is unchanged from the default of &#39;password&#39;.
        As a result, anyone with access to the 3Com WAP can trivially gain full
        access to the device.
     </Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>HTTP</tag>
<tag>Web</tag>
<tag>Wireless</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
     Change the admin password using the Web interface.
  </Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-adobe-amf-gateway-xxe-cve-2009-3960" title="Adobe products XML external entity injection vulnerability (CVE-2009-3960)" severity="4" pciSeverity="3" cvssScore="4.3" cvssVector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" published="20100215T000000000" added="20110105T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Multiple Adobe server products are vulnerable to an XML external entity injection which allows remote, unauthenticated attackers
     to read arbitrary files from the system.  Affected software includes BlazeDS 3.2 and earlier versions, LiveCycle 9.0, 8.2.1, and 8.0.1, LiveCycle Data
     Services 3.0, 2.6.1, and 2.5.1, Flex Data Services 2.0.1, ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">38197</reference>
<reference source="CVE">CVE-2009-3960</reference>
<reference source="OSVDB">62292</reference>
<reference source="SECUNIA">38543</reference>
<reference source="URL">http://www.adobe.com/support/security/bulletins/apsb10-05.html</reference>
</references><tags>
<tag>Adobe</tag>
<tag>HTTP</tag>
<tag>Web</tag>
<tag>IAVM</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
      Upgrade to the latest version of BlazeDS, LiveCycle, LCDS, or ColdFusion as documented
      in Adobe security bulletin 
	<URLLink LinkURL="http://www.adobe.com/support/security/bulletins/apsb10-05.html" LinkTitle="http://www.adobe.com/support/security/bulletins/apsb10-05.html" href="http://www.adobe.com/support/security/bulletins/apsb10-05.html">APSB10-05</URLLink>.
      </Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-asp-dot-net-debug-enabled" title="ASP.NET debug feature enabled" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" published="20071031T000000000" added="20071126T000000000" modified="20130620T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The ASP.NET application is running in debug mode which allows a remote user to glean
    information about an application by using the DEBUG verb in an HTTP request. This can
    leak information including source code, hidden filenames, and detailed error messages.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Microsoft</tag>
<tag>Microsoft ASP.NET</tag>
<tag>OWASP_2010</tag>
<tag>OWASP_2013</tag>
<tag>Web</tag>
<tag>Web Spider</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Disable debug mode for this application by setting debug=false in
         the Web.config file for each application on the server.</Paragraph>
		<Paragraph>Also, follow Microsoft&#39;s detailed instructions in knowledgebase article
         
		<URLLink LinkURL="http://support.microsoft.com/kb/306355" LinkTitle="http://support.microsoft.com/kb/306355" href="http://support.microsoft.com/kb/306355">306355</URLLink> to disable
         detailed ASP.NET error messages using either custom error pages
         or the root-level Web.config file.</Paragraph>
		<Paragraph>You may also consider using Microsoft&#39;s 
		<URLLink LinkURL="http://msdn2.microsoft.com/en-us/library/aa302368.aspx" LinkTitle="http://msdn2.microsoft.com/en-us/library/aa302368.aspx" href="http://msdn2.microsoft.com/en-us/library/aa302368.aspx">URLScan</URLLink>
         tool to harden IIS servers. URLScan blocks the DEBUG verb by default.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-awstats-debug-information-disclosure" title="HTTP AWStats Debug Information Disclosure" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" published="20050502T000000000" added="20060320T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>AWStats is a tool that generates web, ftp or mail server statistics,
        graphically. Written in perl, it works as a CGI or from command 
        line and shows all the possible information that the log file contains</Paragraph>
     

	<Paragraph>awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to
        obtain sensitive information by setting the debug parameter.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-2005-0438</reference>
<reference source="SECUNIA">14299</reference>
<reference source="URL">http://www.securityfocus.com/archive/1/390368</reference>
<reference source="XF">awstats-information-disclosure(19477)</reference>
</references><tags>
<tag>FTP</tag>
<tag>HTTP</tag>
<tag>Information Gathering</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="http://awstats.sourceforge.net/#DOWNLOAD" LinkTitle="http://awstats.sourceforge.net/#DOWNLOAD"></URLLink></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-awstats-remote-code-execution" title="HTTP AWStats Remote Code Execution" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="20050502T000000000" added="20060320T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>AWStats is a tool that generates web, ftp or mail server statistics,
        graphically. Written in perl, it works as a CGI or from command 
        line and shows all the possible information that the log file contains</Paragraph>

     

	<Paragraph>An input validation vulnerability exists in AWStats main script
        awstats.pl using which a remote attacker may execute perl code
        and call available perl modules with the priveleges of the web
        server. An attacker can also use this vulnerability to get
        sensitive information or launch a denial of service attack.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-2005-0435</reference>
<reference source="CVE">CVE-2005-0436</reference>
<reference source="CVE">CVE-2005-0437</reference>
<reference source="OSVDB">13832</reference>
<reference source="SECUNIA">14299</reference>
<reference source="URL">http://www.securityfocus.com/archive/1/390368</reference>
<reference source="XF">awstats-awstatpl-obtain-information(19333)</reference>
<reference source="XF">awstats-function-code-execution(19336)</reference>
</references><tags>
<tag>Denial of Service</tag>
<tag>FTP</tag>
<tag>HTTP</tag>
<tag>Remote Execution</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="http://awstats.sourceforge.net/#DOWNLOAD" LinkTitle="http://awstats.sourceforge.net/#DOWNLOAD"></URLLink></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-basic-auth-cleartext" title="HTTP Basic Authentication Enabled" severity="7" pciSeverity="4" cvssScore="6.5" cvssVector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" published="19970101T000000000" added="20100226T000000000" modified="20130620T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
        The HTTP Basic Authentication scheme is not considered to be a secure
        method of user authentication (unless used in conjunction with some
        external secure system such as TLS/SSL), as the user name and password
        are passed over the network as cleartext.
     </Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="URL">http://tools.ietf.org/html/rfc2617</reference>
</references><tags>
<tag>HTTP</tag>
<tag>OWASP_2010</tag>
<tag>OWASP_2013</tag>
<tag>Web</tag>
<tag>Web Spider</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>
				<Paragraph>
            Enable HTTPS on the Web server. The TLS/SSL protocol will protect
            cleartext Basic Authentication credentials.
         </Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>
				<Paragraph>
            Replace Basic Authentication with the alternative Digest
            Authentication scheme. By modern cryptographic standards Digest
            Authentication is weak. But for a large range of purposes it is
            valuable as a replacement for Basic Authentication. It remedies
            some, but not all, weaknesses of Basic Authentication. See RFC
            2617, section
            
				<URLLink LinkURL="http://tools.ietf.org/html/rfc2617#section-4" LinkTitle="http://tools.ietf.org/html/rfc2617#section-4" href="http://tools.ietf.org/html/rfc2617#section-4">4. Security Considerations</URLLink>
            for more information.
         </Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-bigbrother-accessible" title="Big Brother Monitoring Suite Reports Page Accessible" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" published="20041101T000000000" added="20041101T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The 

	<URLLink LinkURL="http://www.bb4.com/" LinkTitle="http://www.bb4.com/" href="http://www.bb4.com/">Big Brother</URLLink> monitoring suite is a
      collection of system monitoring scripts for UNIX based systems.  The Big Brother
      suite is capable of monitoring multiple remote systems and periodically outputting
      reports to HTML (usually within the web root of a web server so that remote
      administrators can view the reports from a web browser).</Paragraph>
    

	<Paragraph>The Big Brother reports pages are a treasure trove for any attacker who
       wants to learn about your network.  Attackers can learn about other systems
       on the network, what services they are running, what processes they are
       running, usernames, exported directories, etc.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>HTTP</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Either disable Big Brother or use your web server&#39;s access control mechanisms
      to require user authentication via HTTP before viewing the reports.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-cgi-faxsurvey-command-execution" title="faxsurvey CGI Remote Command Execution" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="19980804T000000000" added="20050413T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The faxsurvey cgi can be exploited by sending a GET request to execute shell code on the remote web server.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">2056</reference>
<reference source="CVE">CVE-1999-0262</reference>
<reference source="XF">http-cgi-faxsurvey(1532)</reference>
</references><tags>
<tag>CGI</tag>
<tag>HTTP</tag>
<tag>Remote Execution</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>It is strongly recommended to disable this CGI by removing any copies of it from your web server.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-cgi-htdig-arbitrary-file-access" title="Ht://dig Arbitrary File Access" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" published="20000229T000000000" added="20050413T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The htdig CGI can be used to access any file readable by the server process.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">1026</reference>
<reference source="CVE">CVE-2000-0208</reference>
<reference source="URL">http://www.securityfocus.com/templates/archive.pike?list=1&amp;msg=Pine.LNX.4.10.10002281422420.30728-100000@wso.williams.edu</reference>
</references><tags>
<tag>CGI</tag>
<tag>HTTP</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>It is strongly recommended to disable this CGI by removing any copies of it from your web server.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-cgi-htgrep-arbitrary-file-access" title="Htgrep Arbitrary File Access" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" published="20001114T000000000" added="20050413T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The Htgrep CGI can be used to access any file readable by the server process.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-2000-0832</reference>
<reference source="URL">http://archives.neohapsis.com/archives/bugtraq/2000-08/0208.html</reference>
<reference source="XF">htgrep-cgi-view-files(5476)</reference>
</references><tags>
<tag>CGI</tag>
<tag>HTTP</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>It is strongly recommended to disable this CGI by removing any copies of it from your web server.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-cgi-htmlscript-arbitrary-file-access" title="Htmlscript Arbitrary File Access" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" published="19980127T000000000" added="20050413T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The htmlscript CGI can be used to access any file readable by the server process.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-1999-0264</reference>
</references><tags>
<tag>CGI</tag>
<tag>HTTP</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>It is strongly recommended to disable this CGI by removing any copies of it from your web server.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-cgi-testcgi-file-listing" title="Test-cgi Remote File Listing" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" published="19960401T000000000" added="20050407T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The test-cgi script included in older distributions of NCSA
      HTTPd and Apache HTTPd does not properly sanitize user-supplied
      request parameters.  It is possible to retrieve a file listing 
      of any directory readable by the web server process by sending a
      POST request with the Content-type header set to a path on
      the server.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-1999-0070</reference>
</references><tags>
<tag>CGI</tag>
<tag>HTTP</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>It is strongly recommended to disable this CGI by removing any copies of it from your web server.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-cgi-viewsource-arbitrary-file-access" title="View-source Arbitrary File Access" severity="6" pciSeverity="4" cvssScore="6.4" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" published="19970201T000000000" added="20050413T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The view-source CGI can be used to access any file readable by the server process.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="CVE">CVE-1999-0174</reference>
</references><tags>
<tag>CGI</tag>
<tag>HTTP</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>It is strongly recommended to disable this CGI by removing any copies of it from your web server.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-coldfusion-cfide-unprotected" title="Adobe ColdFusion not properly hardened" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="20070606T000000000" added="20110630T000000000" modified="20130416T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Unprotected access is allowed to the scripts under the ColdFusion /CFIDE/ directory. These utility scripts
     can expose information about the server and its configuration. Because of the history of vulnerabilities due to
     scripts within the /CFIDE/ directory, ColdFusion hardening best practices recommend that access to most (if not
     all) of the subdirectories under /CFIDE/ be protected with a password or completely disabled</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="URL">http://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdf</reference>
<reference source="URL">http://www.adobe.com/content/dam/Adobe/en/products/coldfusion-enterprise/pdf/CF10%20Lockdown%20Guide.pdf</reference>
</references><tags>
<tag>Adobe</tag>
<tag>Adobe ColdFusion</tag>
<tag>HTTP</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Consult the following two hardening guides and apply the relevant configuration changes to the server to secure your ColdFusion installation:
      
			<OrderedList>
				<ListItem>
				<URLLink LinkURL="http://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdf" LinkTitle="http://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdf" href="http://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdf">Adobe ColdFusion 9 Server Lockdown Guide</URLLink></ListItem>
				<ListItem>
				<URLLink LinkURL="http://www.adobe.com/content/dam/Adobe/en/products/coldfusion-enterprise/pdf/CF10%20Lockdown%20Guide.pdf" LinkTitle="http://www.adobe.com/content/dam/Adobe/en/products/coldfusion-enterprise/pdf/CF10%20Lockdown%20Guide.pdf" href="http://www.adobe.com/content/dam/Adobe/en/products/coldfusion-enterprise/pdf/CF10%20Lockdown%20Guide.pdf">Adobe ColdFusion 10 Server Lockdown Guide</URLLink></ListItem></OrderedList>

      For public-facing servers, you may also want to prevent search engines from indexing certain directories (such as /CFIDE/). This can be done with the use of
      robots.txt, as described in the 
		<URLLink LinkURL="http://kb2.adobe.com/cps/175/tn_17511.html" LinkTitle="http://kb2.adobe.com/cps/175/tn_17511.html" href="http://kb2.adobe.com/cps/175/tn_17511.html">Adobe FAQ</URLLink> on the subject.
    </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-cookie-http-only-flag" title="Missing HttpOnly Flag From Cookie" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" published="20110531T000000000" added="20110817T000000000" modified="20131105T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>HttpOnly is an additional flag included in a Set-Cookie HTTP response header. If supported by the browser, using 
the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected 
cookie. If a browser that supports HttpOnly detects a cookie containing the HttpOnly flag, and client side script 
code attempts to read the cookie, the browser returns an empty string as the result. This causes the attack to fail 
by preventing the malicious (usually XSS) code from sending the data to an attacker&#39;s website.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="URL">http://msdn.microsoft.com/en-us/library/ms533046.aspx</reference>
<reference source="URL">https://www.owasp.org/index.php/HttpOnly</reference>
</references><tags>
<tag>OWASP_2010</tag>
<tag>OWASP_2013</tag>
<tag>Web</tag>
<tag>Web Spider</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>For each cookie generated by your web-site, add the &quot;HttpOnly&quot; flag to the cookie.
         For example:</Paragraph>
		<Paragraph preformat="true">
			<Paragraph preformat="true">
            Set-Cookie: &lt;name&gt;=&lt;value&gt;[; &lt;Max-Age&gt;=&lt;age&gt;] 
            [; expires=&lt;date&gt;][; domain=&lt;domain_name&gt;] 
            [; path=&lt;some_path&gt;][; secure][; HttpOnly] 
            </Paragraph></Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-dd-wrt-remote-command-execution" title="DD-WRT Remote Command Execution as Root" severity="8" pciSeverity="5" cvssScore="8.3" cvssVector="(AV:A/AC:L/Au:N/C:C/I:C/A:C)" published="20090720T000000000" added="20090812T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
        There is a vulnerability in the DD-WRT firmware as recent as 2.4 SP1. A
        remote attacker can execute commands as the root user by simply appending
        a semi-colon to the URL of any string in the cgi-bin path, followed by
        the command of their choice. Authentication is not required for the
        command to run on the target access point.
     </Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">35742</reference>
<reference source="CVE">CVE-2009-2765</reference>
<reference source="OSVDB">55990</reference>
<reference source="URL">http://milw0rm.com/exploits/9209</reference>
<reference source="URL">http://www.dd-wrt.com/dd-wrtv3/index.php?view=article&amp;id=34</reference>
</references><tags>
<tag>HTTP</tag>
<tag>Remote Execution</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="http://www.dd-wrt.com/dd-wrtv2/down.php?path=downloads%2Fothers%2Feko%2FBrainSlayer-V24-preSP2%2F07-21-09-r12533/" LinkTitle="http://www.dd-wrt.com/dd-wrtv2/down.php?path=downloads%2Fothers%2Feko%2FBrainSlayer-V24-preSP2%2F07-21-09-r12533/"></URLLink></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-drac-default-login" title="Dell Remote Access Controller (DRAC) Default Login Credentials" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20070925T000000000" added="20070925T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
        Dell products that utilize Dell Remote Access Controllers (DRAC) are shipped 
        with the default username/password combination of root/calvin, respectively. 
        It is recommended that the password is changed in order to prevent unauthorized
        access. Unauthorized users have access to view system information as well as 
        perform maintenance tasks such as firmware upgrades, system powerup,
        powerdown, hardreset, powercycle and more.
        Access to the system console is also possible. 
     </Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="URL">http://support.dell.com/support/edocs/software/smdrac3/</reference>
</references><tags>
<tag>Default Account</tag>
<tag>HTTP</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
              SSH to the DRAC interface using the default username: root and password: calvin.
              At the RACADM command prompt (ie. $), issue the following command 
              (change &quot;newpassword&quot; to the new password of your choice):
           </Paragraph>
		<Paragraph preformat="true">
              racadm config -g cfgUserAdmin -o cfgUserAdminPassword -i 2 newpassword
           </Paragraph>
		<Paragraph>   
              Refer to the 
              
		<URLLink LinkURL="http://support.dell.com/support/edocs/software/smdrac3/" LinkTitle="http://support.dell.com/support/edocs/software/smdrac3/" href="http://support.dell.com/support/edocs/software/smdrac3/">Dell</URLLink> 
              support page for more information.
           </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-frontpage-unprotected" title="Unprotected FrontPage Extensions" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="20000602T000000000" added="20100804T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    Incorrect permissions were discovered on FrontPage extensions use for
    controlling access and publishing content.  By exploiting this
    misconfiguration, attackers may be able to modify content served by
    this web server.
  </ContainerBlockElement></description>
<references>
<reference source="URL">http://www.auscert.org.au/render.html?it=828</reference>
</references><tags>
<tag>HTTP</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
      Web site managers who are using FrontPage to administer their sites
      should check these permissions to insure that only those who are allowed to
      author or administer the site have access to the admin.dll and author.dll
      extensions. Web site managers who are using IIS servers but not FrontPage
      should check for the existence of the FrontPage extensions (check for the
      _vti_* directories and for _vti_inf.html in the web root directory) and
      remove them if FrontPage is not required.
    </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-generic-propfind-dir-browsing" title="WebDAV PROPFIND Method Allows Web Directory Browsing" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" published="20010101T000000000" added="20070730T000000000" modified="20130620T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>It is possible to use the WebDAV PROPFIND method to browse web directories 
on the server and discover content that would normally remain hidden.  This 
could potentially allow an attacker to obtain sensitive information, such as 
data files and backup pages, or give them information about the directory 
structure that could be useful in mounting a more sophisticated attack 
later.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Backup</tag>
<tag>Directory Browsing</tag>
<tag>OWASP_2010</tag>
<tag>OWASP_2013</tag>
<tag>Web</tag>
<tag>Web Spider</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>IIS, PWS, Microsoft-IIS, Internet Information Services, Internet Information Services, Microsoft-PWS</Paragraph>
			<Paragraph>
				<Paragraph>For Microsoft Internet Information Services (IIS), you may
       use the URLScan tool, freely available at
       
				<URLLink LinkURL="http://www.microsoft.com/technet/security/tools/urlscan.mspx" LinkTitle="http://www.microsoft.com/technet/security/tools/urlscan.mspx" href="http://www.microsoft.com/technet/security/tools/urlscan.mspx"></URLLink></Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Apache HTTPD</Paragraph>
			<Paragraph>
				<Paragraph>The PROPFIND method should be restricted from anonymous requests.  
Enable authentication on the WebDAV directory so that only authorized users 
can invoke the method to perform legitimate tasks, like so:</Paragraph>
				<Paragraph preformat="true">&lt;Location /webdav_dir/*&gt;
  &lt;LimitExcept GET HEAD OPTIONS POST&gt;
    AuthType Basic
    AuthName &quot;WebDAV Authentication&quot;
    AuthUserFile /path/to/userfile
    AuthGroupFile /path/to/groupfile
    require group webdavusers
  &lt;/LimitExcept&gt;
&lt;/Location&gt;</Paragraph>
				<Paragraph>Next, create the password file and group file:</Paragraph>
				<Paragraph preformat="true">htpasswd -cs /path/to/userfile bob
echo &quot;webdavusers: bob&quot; &gt; /path/to/groupfile</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Java System Web Server, SunONE WebServer, Sun-ONE-Web-Server, iPlanet</Paragraph>
			<Paragraph>
				<Paragraph>In the server.xml configuration file, add the following lines to 
restrict WebDAV methods to a particular user(s):</Paragraph>
				<Paragraph preformat="true">acl &quot;uri=/webdav_dir/*&quot;;
deny(all)
user=&quot;anyone&quot;;

allow (read,list,execute,info,write,delete)
user = &quot;username&quot;;</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Apache Tomcat, Tomcat, Tomcat Web Server, Apache Coyote, Apache-Coyote</Paragraph>
			<Paragraph>
				<Paragraph>In the web.xml configuration file for the WebDAV-enabled directory,
add the following lines to restrict WebDAV functionality to a particular
user(s):</Paragraph>
				<Paragraph preformat="true">  &lt;security-constraint&gt;
    &lt;web-resource-collection&gt;
      &lt;web-resource-name&gt;WebDav Directory&lt;/web-resource-name&gt;
      &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
    &lt;/web-resource-collection&gt;
    &lt;auth-constraint&gt;
      &lt;role-name&gt;webdav-user&lt;/role-name&gt;
    &lt;/auth-constraint&gt;
  &lt;/security-constraint&gt;

  &lt;login-config&gt;
    &lt;auth-method&gt;BASIC&lt;/auth-method&gt;
    &lt;realm-name&gt;WebDAV Realm&lt;/realm-name&gt;
  &lt;/login-config&gt;

  &lt;security-role&gt;
    &lt;description&gt;
      Legitimate WebDAV users
    &lt;/description&gt;
    &lt;role-name&gt;webdav-user&lt;/role-name&gt;
  &lt;/security-role&gt;</Paragraph>
				<Paragraph>In the conf/tomcat-users.xml file, add a WebDAV user like so:</Paragraph>
				<Paragraph preformat="true">&lt;?xml version=&#39;1.0&#39; encoding=&#39;utf-8&#39;?&gt;
&lt;tomcat-users&gt;
  &lt;role rolename=&quot;webdav-user&quot;/&gt;
  &lt;user username=&quot;bob&quot; password=&quot;b0bsp455w0rdy0!&quot; roles=&quot;webdav-user&quot;/&gt;
&lt;/tomcat-users&gt;</Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-glassfish-default-admin-password" title="Glassfish Default Administrator Password Vulnerability" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20100615T000000000" added="20110718T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The Glassfish administrator &#39;admin&#39; has a password that is set to a
      default blank value. As a result, anyone with access to the GlassFish
      port can trivially gain full access to the machine via arbitrary remote
      code execution. This requires the attacker to upload a malicious
      webservice.
    </Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="URL">http://download.oracle.com/docs/cd/E18930_01/html/821-2435/ghgrp.html</reference>
</references><tags>
<tag>Default Account</tag>
<tag>HTTP</tag>
<tag>Remote Execution</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Change the admin password to a non-default value. This can be done by modifying the password through the
      administrator interface.
    </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="HTTP-IIS-0014" title="Microsoft JET Database Engine VBA Vulnerability" severity="7" pciSeverity="5" cvssScore="7.2" cvssVector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" published="19990820T000000000" added="20041101T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Microsoft&#39;s JET database engine feature allows the embedding of Visual Basic
      for Application in SQL string expressions and the lack of metacharacter filtering
      by many web applications may allow remote users to execute commands on the system.</Paragraph>
    
	<Paragraph>Microsoft&#39;s JET database engine (the core of Microsoft Access) allows the
      embedding of Visual Basic for Application expressions in SQL strings. VBA expressions
      withing two &quot;|&quot; characters within an SQL string will be executed and its result substituted
      in the string. The VBA code is evaluated in an expression context. That means you cannot
      make use of statements.</Paragraph>
    
	<Paragraph>The Microsoft JET database engine can be used via the ODBC API. It is commonly
      used as a backend for web enabled applications. The fact that it uses the &quot;|&quot; character
      to execute VBA code within SQL statements in JET is a largely unknown feature, meaning
      that few applications escape user input for this metacharacter. Therefore any script
      or application that uses Microsoft&#39;s JET ODBC DSN could potentially be exploited.</Paragraph>
    
	<Paragraph>Microsoft&#39;s IIS in particular executes ODBC commands in the context of the System
      account. This may allow remote attackers to input VBA code in web enabled applications
      that will be executed by IIS as the System user.</Paragraph>
    
	<Paragraph>The most dangerous VBA command available to an attacker is shell(), which enables
      it to run any command in the system.</Paragraph>
    
	<Paragraph>Microsoft&#39;s IIS 4.0 ships with a number of sample scripts that are vulnerable
      if used with the JET ODBC driver (e.g. details.idc). It also ships with MSADC which
      allows remote uses to execute SQL queries on a DNS via HTTP.</Paragraph>
    
	<Paragraph>Tests seem to indicate JET 4.0 is not vulnerable to this issue.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">548</reference>
<reference source="CVE">CVE-2000-0325</reference>
<reference source="MS">MS99-030</reference>
<reference source="URL">http://marc.info/?l=bugtraq&amp;m=92765973107637&amp;w=2</reference>
<reference source="XF">jet-vba-shell(3155)</reference>
</references><tags>
<tag>DNS</tag>
<tag>HTTP</tag>
<tag>Microsoft</tag>
<tag>Microsoft IIS</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q239114" LinkTitle="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q239114"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>Disable the JET ODBC drivers or 
        
      
		<URLLink LinkURL="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q239114" LinkTitle="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q239114" href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q239114">upgrade to JET 4.0 SP3</URLLink>
      or later. The latest JET release is JET Service Pack 6, which is included with Windows 2000
      Service Pack 3. Please note that JET 4.0 may not be fully compatible with earlier versions
      and some legacy applications may fail. JET 4.0 is part of Microsoft&#39;s Data Access (MDAC) 2.1.</Paragraph>
		<Paragraph>The latest stable release of MDAC is 
        
      
		<URLLink LinkURL="http://msdn.microsoft.com/data/mdac/downloads/default.aspx" LinkTitle="http://msdn.microsoft.com/data/mdac/downloads/default.aspx" href="http://msdn.microsoft.com/data/mdac/downloads/default.aspx">MDAC v2.6 Service Pack 2</URLLink>. 
      Note that MDAC 2.6 and later 
        
      
		<URLLink LinkURL="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q271908" LinkTitle="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q271908" href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q271908">do not include</URLLink>
      the JET ODBC drivers by default.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-lighttpd-mod_userdir-info-discl" title="Lighttpd &#39;mod_userdir&#39; Information Disclosure" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" published="20080305T000000000" added="20080811T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
         With certain versions of lighttpd, if mod_userdir is loaded but &quot;userdir.path&quot;
         is not configured, the default directory for userdir requests is $HOME (instead
         of $HOME/public_html for example). This could lead to information disclosure.
      </Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">28226</reference>
<reference source="CVE">CVE-2008-1270</reference>
<reference source="DEBIAN">DSA-1521</reference>
<reference source="SECUNIA">29318</reference>
<reference source="SECUNIA">29403</reference>
<reference source="SECUNIA">29622</reference>
<reference source="SECUNIA">29636</reference>
<reference source="URL">http://trac.lighttpd.net/trac/ticket/1587</reference>
<reference source="URL">http://www.lighttpd.net/security/lighttpd_sa_2008_03.txt</reference>
<reference source="XF">lighttpd-moduserdir-information-disclosure(41173)</reference>
</references><tags>
<tag>HTTP</tag>
<tag>Information Gathering</tag>
<tag>Web</tag>
<tag>lighttpd</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="http://www.lighttpd.net/download/lighttpd-1.4.19.tar.gz" LinkTitle="http://www.lighttpd.net/download/lighttpd-1.4.19.tar.gz"></URLLink></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-nokia-firewall-default-admin-password" title="Nokia Firewall Default Administrator Password Vulnerability" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20040101T000000000" added="20090716T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
        The administrator credentials are unchanged from the default of &#39;admin&#39; and &#39;password&#39;.
        As a result, anyone with access to the Nokia Firewall can trivially gain full access
        to the device.
     </Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>HTTP</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
     Change the admin password using the Web interface.
  </Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-open-proxy" title="Open HTTP Proxy" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" published="20070723T000000000" added="20070723T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
         Open proxies allow malicious clients to mount attacks which 
         originate from the IP of the proxy server, without requiring the
         attacker to authenticate to the proxy first.  
      </Paragraph>
      
	<Paragraph>
         Additionally, an open proxy may allow an attacker to access
         an internal network which would be otherwise secure.
      </Paragraph>
      
	<Paragraph>
         Steps should be taken to correctly configure the proxy server
         such that unauthorized connections are denied.
      </Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="CERT-VN">150227</reference>
<reference source="URL">http://spamlinks.net/prevent-secure-proxy-fix.htm</reference>
<reference source="URL">http://www.web-cache.com/Writings/Internet-Drafts/draft-luotonen-web-proxy-tunneling-01.txt</reference>
</references><tags>
<tag>HTTP</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>squid</Paragraph>
			<Paragraph>
				<Paragraph>
               An access control list (ACL) should be defined for the squid proxy server
               in the file: 
					<Paragraph preformat="true">squid.conf</Paragraph></Paragraph>
				<Paragraph>
               Consult the Squid 3.0 configuration manual, located at the
               
				<URLLink LinkURL="http://www.visolve.com/squid/squid30/contents.php" LinkTitle="http://www.visolve.com/squid/squid30/contents.php" href="http://www.visolve.com/squid/squid30/contents.php">ViSolve</URLLink> website.
            </Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>
				<Paragraph>
               Consult the ISA server 2006 hardening guide below for steps on
               how to securely configure the web proxy component:
            </Paragraph>
				<Paragraph>
				<URLLink LinkURL="http://www.microsoft.com/technet/isa/2006/security_guide.mspx" LinkTitle="http://www.microsoft.com/technet/isa/2006/security_guide.mspx" href="http://www.microsoft.com/technet/isa/2006/security_guide.mspx"></URLLink></Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-php-ini-file-exposed" title="PHP Exposed &#39;ini&#39; File Vulnerability" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" published="20050119T000000000" added="20050119T000000000" modified="20130620T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>PHP&#39;s &#39;ini&#39; file is exposed inside the &#39;cgi-bin&#39; directory.  This allows any unauthenticated remote user to discover sensitive information about your server(s), including database logins and passwords.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>HTTP</tag>
<tag>OWASP_2010</tag>
<tag>OWASP_2013</tag>
<tag>PHP</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Consult your HTTP daemon&#39;s documentation for instructions on restricting access to this file:</Paragraph>
		<Paragraph>
			<UnorderedList>
				<ListItem>
				<URLLink LinkURL="http://httpd.apache.org/docs/" LinkTitle="http://httpd.apache.org/docs/" href="http://httpd.apache.org/docs/">Apache v1.3.x Documentation</URLLink></ListItem>
				<ListItem>
				<URLLink LinkURL="http://httpd.apache.org/docs-2.0/" LinkTitle="http://httpd.apache.org/docs-2.0/" href="http://httpd.apache.org/docs-2.0/">Apache v2.0.x Documentation</URLLink></ListItem>
				<ListItem>
				<URLLink LinkURL="http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/default.mspx" LinkTitle="http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/default.mspx" href="http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/default.mspx">Microsoft Internet Information Services Documentation</URLLink></ListItem>
				<ListItem>
				<URLLink LinkURL="http://docs.sun.com/db/coll/S1_websvr61_en" LinkTitle="http://docs.sun.com/db/coll/S1_websvr61_en" href="http://docs.sun.com/db/coll/S1_websvr61_en">Sun ONE v6.1 Documentation</URLLink></ListItem></UnorderedList></Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-php-xmlrpc-code-injection" title="PHP XML-RPC Code Injection" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="20050705T000000000" added="20060318T000000000" modified="20121025T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">14088</reference>
<reference source="CVE">CVE-2005-1921</reference>
<reference source="DEBIAN">DSA-745</reference>
<reference source="DEBIAN">DSA-746</reference>
<reference source="DEBIAN">DSA-747</reference>
<reference source="DEBIAN">DSA-789</reference>
<reference source="MANDRAKE">MDKSA-2005:109</reference>
<reference source="OVAL">OVAL11294</reference>
<reference source="OVAL">OVAL350</reference>
<reference source="REDHAT">RHSA-2005:564</reference>
<reference source="SECUNIA">15810</reference>
<reference source="SECUNIA">15852</reference>
<reference source="SECUNIA">15855</reference>
<reference source="SECUNIA">15861</reference>
<reference source="SECUNIA">15872</reference>
<reference source="SECUNIA">15883</reference>
<reference source="SECUNIA">15884</reference>
<reference source="SECUNIA">15895</reference>
<reference source="SECUNIA">15903</reference>
<reference source="SECUNIA">15904</reference>
<reference source="SECUNIA">15916</reference>
<reference source="SECUNIA">15917</reference>
<reference source="SECUNIA">15922</reference>
<reference source="SECUNIA">15944</reference>
<reference source="SECUNIA">15947</reference>
<reference source="SECUNIA">15957</reference>
<reference source="SECUNIA">16001</reference>
<reference source="SECUNIA">16339</reference>
<reference source="SECUNIA">16693</reference>
<reference source="SECUNIA">17440</reference>
<reference source="SECUNIA">17674</reference>
<reference source="SECUNIA">18003</reference>
<reference source="SUSE">SUSE-SA:2005:041</reference>
<reference source="SUSE">SUSE-SA:2005:049</reference>
<reference source="SUSE">SUSE-SA:2005:051</reference>
<reference source="URL">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112008638320145&amp;w=2</reference>
<reference source="URL">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112015336720867&amp;w=2</reference>
<reference source="URL">http://pear.php.net/package/XML_RPC/download/1.3.1</reference>
<reference source="URL">http://sourceforge.net/project/showfiles.php?group_id=87163</reference>
<reference source="URL">http://sourceforge.net/project/shownotes.php?release_id=338803</reference>
<reference source="URL">http://www.ampache.org/announce/3_3_1_2.php</reference>
<reference source="URL">http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt</reference>
<reference source="URL">http://www.frsirt.com/english/advisories/2005/2827</reference>
<reference source="URL">http://www.gulftech.org/?node=research&amp;article_id=00087-07012005</reference>
<reference source="URL">http://www.hardened-php.net/advisory-022005.php</reference>
<reference source="URL">http://www.securityfocus.com/archive/1/archive/1/419064/100/0/threaded</reference>
</references><tags>
<tag>HTTP</tag>
<tag>PHP</tag>
<tag>RPC</tag>
<tag>Remote Execution</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>If XML-RPC functionality is not required, the xmlrpc.php file should be remove.</Paragraph>
		<Paragraph>Otherwise, the software using the XML-RPC module should be upgraded accordingly.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-phpmyadmin-account-pma-password-empty" title="phpMyAdmin Credentials: user &#39;pma&#39; with empty password" severity="10" pciSeverity="5" cvssScore="9.7" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:P)" published="19990101T000000000" added="20100727T000000000" modified="20120717T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
        The phpMyAdmin installation is vulnerable to password guessing attacks,
        as it has an account with the username &#39;pma&#39; and an empty password.
     </Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>HTTP</tag>
<tag>PHP</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
            In the config.inc.php file, either remove the values for
            $cfg[&#39;Servers&#39;][$i][&#39;user&#39;] and $cfg[&#39;Servers&#39;][$i][&#39;password&#39;] ,
            or set a strong password in the $cfg[&#39;Servers&#39;][$i][&#39;password&#39;]
            field. Please visit the
            
		<URLLink LinkURL="http://wiki.phpmyadmin.net/pma/Auth_types" LinkTitle="http://wiki.phpmyadmin.net/pma/Auth_types" href="http://wiki.phpmyadmin.net/pma/Auth_types">phpMyAdmin wiki</URLLink>
            for more information.
         </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-symantec-scan-engine-file-disclosure" title="Symantec Scan Engine File Disclosure Vulnerability" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" published="20060421T000000000" added="20060421T000000000" modified="20120927T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
        There is a vulnerability in Symantec Scan Engine which allows
        unauthenticated remote users to download any file located
        under the Symantec Scan Engine installation directory. For
        instance the configuration file, the scanning logs, as well as
        the current virus definitions can all be accessed by any
        remote user using regular or specially crafted HTTP requests.
     </Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">17637</reference>
<reference source="CVE">CVE-2006-0232</reference>
<reference source="SECUNIA">19734</reference>
<reference source="URL">http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0012.html</reference>
<reference source="URL">http://www.frsirt.com/english/advisories/2006/1464</reference>
<reference source="URL">http://www.rapid7.com/advisories/R7-0023.html</reference>
<reference source="URL">http://www.securityfocus.com/archive/1/archive/1/431728/100/0/threaded</reference>
<reference source="URL">http://www.securityfocus.com/archive/1/archive/1/431734/100/0/threaded</reference>
<reference source="URL">http://www.symantec.com/avcenter/security/Content/2006.04.21.html</reference>
<reference source="XF">sse-unauth-file-access(25974)</reference>
</references><tags>
<tag>HTTP</tag>
<tag>Symantec</tag>
<tag>Symantec Scan Engine</tag>
<tag>Virus</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="http://www.symantec.com/Products/enterprise?c=prodinfo&amp;refId=836" LinkTitle="http://www.symantec.com/Products/enterprise?c=prodinfo&amp;refId=836"></URLLink></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-thttpd-obsolete" title="THTTPD Obsolete Version" severity="9" pciSeverity="5" cvssScore="9.3" cvssVector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" published="20070404T000000000" added="20070404T000000000" modified="20130503T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
         Versions of THTTPD earlier than 
         2.0.3 are considered obsolete. 
         Later versions contain critical security, 
         performance, and compatibility enhancements.
         It is recommended that you 
         upgrade your THTTPD 
         installation to the latest release.  
      </Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>HTTP</tag>
<tag>Obsolete Software</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="http://www.acme.com/software/thttpd/thttpd-2.25b.tar.gz" LinkTitle="http://www.acme.com/software/thttpd/thttpd-2.25b.tar.gz"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>Upgrade to THTTP v2.25b or later. See the 
    
		<URLLink LinkURL="http://www.acme.com/software/thttpd/" LinkTitle="http://www.acme.com/software/thttpd/" href="http://www.acme.com/software/thttpd/">Acme THTTPD</URLLink> 
    website for more information. 
    </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-tomcat-jkstatus-accessible" title="Unprotected Tomcat JK jkstatus management and diagnostics page" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" published="20080512T000000000" added="20080512T000000000" modified="20130620T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>JK is a technology which allows Apache Tomcat (or related servers like JBoss) to
     run behind another web server such as Apache, IIS, or iPlanet. JK provides a management
     and diagnostics web application called jkstatus that is often activated under the web
     application path /jkstatus.</Paragraph>
     
	<Paragraph>The jkstatus application, in addition to allowing remote users to start, stop, and
     reconfigure the JK connector, allows remote clients to view detailed configuration
     information.</Paragraph>
     
	<Paragraph>The jkstatus application is rarely needed in production environments and should
     be disabled in most cases. If access to jkstatus is required by remote administrators,
     the jkstatus URL should be configured to require authentication.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="URL">http://tomcat.apache.org/connectors-doc-archive/jk2/index.html</reference>
</references><tags>
<tag>HTTP</tag>
<tag>OWASP_2010</tag>
<tag>OWASP_2013</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Follow your web server documentation to require a username and password
         to access the /jkstatus page. Note that this protection is usually done
         at the front-end web server level rather than within Tomcat itself.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-trace-method-enabled" title="HTTP TRACE Method Enabled" severity="6" pciSeverity="3" cvssScore="5.8" cvssVector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" published="20041101T000000000" added="20041101T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The HTTP TRACE method is normally used to return the full HTTP request back to the requesting client for proxy-debugging purposes.  An attacker can create a webpage using XMLHTTP, ActiveX, or XMLDOM to cause a client to issue a TRACE request and capture the client&#39;s cookies.  This effectively results in a Cross-Site Scripting attack.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="APPLE">APPLE-SA-2009-11-09-1</reference>
<reference source="BID">15222</reference>
<reference source="BID">19915</reference>
<reference source="BID">24456</reference>
<reference source="BID">36956</reference>
<reference source="BID">9506</reference>
<reference source="CERT-VN">867593</reference>
<reference source="CVE">CVE-2004-2320</reference>
<reference source="CVE">CVE-2004-2763</reference>
<reference source="CVE">CVE-2005-3398</reference>
<reference source="CVE">CVE-2006-4683</reference>
<reference source="CVE">CVE-2007-3008</reference>
<reference source="CVE">CVE-2008-7253</reference>
<reference source="CVE">CVE-2009-2823</reference>
<reference source="CVE">CVE-2010-0386</reference>
<reference source="OSVDB">35511</reference>
<reference source="OSVDB">3726</reference>
<reference source="OVAL">OVAL1445</reference>
<reference source="SECUNIA">10726</reference>
<reference source="SECUNIA">17334</reference>
<reference source="SECUNIA">21802</reference>
<reference source="SECUNIA">25636</reference>
<reference source="URL">http://www.apacheweek.com/issues/03-01-24#news</reference>
<reference source="URL">http://www.kb.cert.org/vuls/id/867593</reference>
<reference source="XF">mbedthis-httptrace-xss(34854)</reference>
<reference source="XF">weblogic-trace-xss(14959)</reference>
</references><tags>
<tag>HTTP</tag>
<tag>Web</tag>
<tag>XSS</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>Apache HTTPD</Paragraph>
			<Paragraph>
				<Paragraph>Newer versions of Apache (1.3.34 and 2.0.55 and later) provide a
    configuration directive called TraceEnable.  To deny TRACE requests,
    add the following line to the server configuration:</Paragraph>
				<Paragraph preformat="true">TraceEnable off</Paragraph>
				<Paragraph>For older versions of the Apache webserver, use the mod_rewrite module to
    deny the TRACE requests:</Paragraph>
				<Paragraph preformat="true">RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>IIS, PWS, Microsoft-IIS, Internet Information Services, Internet Information Services, Microsoft-PWS</Paragraph>
			<Paragraph>
				<Paragraph>For Microsoft Internet Information Services (IIS), you may
    use the URLScan tool, freely available at
    
				<URLLink LinkURL="http://www.microsoft.com/technet/security/tools/urlscan.mspx" LinkTitle="http://www.microsoft.com/technet/security/tools/urlscan.mspx" href="http://www.microsoft.com/technet/security/tools/urlscan.mspx">http://www.microsoft.com/technet/security/tools/urlscan.mspx</URLLink></Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Java System Web Server, SunONE WebServer, Sun-ONE-Web-Server, iPlanet</Paragraph>
			<Paragraph>
				<UnorderedList>
					<ListItem>
						<Paragraph>For Sun ONE/iPlanet Web Server v6.0 SP2 and later, add the
      following configuration to the top of the default object in the
      &#39;obj.conf&#39; file:</Paragraph>
						<Paragraph preformat="true">&lt;Client method=&quot;TRACE&quot;&gt;
   AuthTrans fn=&quot;set-variable&quot;
      remove-headers=&quot;transfer-encoding&quot;
      set-headers=&quot;content-length: -1&quot;
      error=&quot;501&quot;
&lt;/Client&gt;</Paragraph>
						<Paragraph>You must then restart the server for the changes to take effect.</Paragraph></ListItem>
					<ListItem>
						<Paragraph>For Sun ONE/iPlanet Web Server prior to v6.0 SP2, follow the
      instructions provided the &#39;Relief/Workaround&#39; section of
      Sun&#39;s official advisory: 
      
						<URLLink LinkURL="http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603" LinkTitle="http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603" href="http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603">http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603</URLLink></Paragraph></ListItem></UnorderedList></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Lotus Domino</Paragraph>
			<Paragraph>
				<Paragraph>Follow 
				<URLLink LinkURL="http://www-1.ibm.com/support/docview.wss?&amp;uid=swg21201202" LinkTitle="http://www-1.ibm.com/support/docview.wss?&amp;uid=swg21201202" href="http://www-1.ibm.com/support/docview.wss?&amp;uid=swg21201202">IBM&#39;s instructions</URLLink>
	for disabling HTTP methods on the Domino server by adding the following line to the
	server&#39;s NOTES.INI file:</Paragraph>
				<Paragraph preformat="true">HTTPDisableMethods=TRACE</Paragraph>
				<Paragraph>After saving NOTES.INI, restart the Notes web server by issuing the console
	command &quot;tell http restart&quot;.</Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-track-method-enabled" title="HTTP TRACK Method Enabled" severity="6" pciSeverity="3" cvssScore="5.8" cvssVector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" published="20031228T000000000" added="20050405T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The HTTP TRACK method is normally used to return the full HTTP request back to the requesting client for proxy-debugging purposes.  An attacker can create a webpage using XMLHTTP, ActiveX, or XMLDOM to cause a client to issue a TRACK request and capture the client&#39;s cookies.  This effectively results in a Cross-Site Scripting attack.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="CERT-VN">288308</reference>
<reference source="CVE">CVE-2003-1567</reference>
<reference source="OSVDB">5648</reference>
<reference source="URL">http://www.aqtronix.com/Advisories/AQ-2003-02.txt</reference>
</references><tags>
<tag>HTTP</tag>
<tag>Web</tag>
<tag>XSS</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>IIS, PWS, Microsoft-IIS, Internet Information Services, Internet Information Services, Microsoft-PWS</Paragraph>
	<Paragraph>
		<Paragraph>For Microsoft Internet Information Services (IIS), you may
    use the URLScan tool, freely available at
    
		<URLLink LinkURL="http://www.microsoft.com/technet/security/tools/urlscan.mspx" LinkTitle="http://www.microsoft.com/technet/security/tools/urlscan.mspx" href="http://www.microsoft.com/technet/security/tools/urlscan.mspx">http://www.microsoft.com/technet/security/tools/urlscan.mspx</URLLink></Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-unrestricted-webdav-put-delete" title="Unrestricted WebDAV PUT/DELETE Access" severity="9" pciSeverity="5" cvssScore="9.4" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:N)" published="20050120T000000000" added="20050120T000000000" modified="20130620T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Unrestricted WebDAV requests expose a server to defacements and denial of service attacks.  If the PUT method can be used by any unauthenticated remote user, arbitrary web pages can be inserted into the web root, or the disk can be filled with meaningless data; if the DELETE method is unprotected, then any file in a DAV-enabled directory can be removed at will.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Denial of Service</tag>
<tag>HTTP</tag>
<tag>OWASP_2010</tag>
<tag>OWASP_2013</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>For users of the Apache server, access can be restricted to the WebDAVdirectory like so:</Paragraph>
		<Paragraph preformat="true">
&lt;Location /&gt;
   Dav On
   AuthType Basic
   AuthName DAV
   AuthUserFile .htpasswd
   &lt;LimitExcept GET&gt;
      require user someuser
   &lt;/LimitExcept&gt;
&lt;/Location&gt;
</Paragraph>
		<Paragraph>Users of Microsoft IIS should use an authentication method other than Anonymous authentication, and should take
   advantage of other security features of their version of IIS. For more information, refer to the following links
   from Microsoft:
   
			<UnorderedList>
				<ListItem>http://support.microsoft.com/kb/323470</ListItem>
				<ListItem>http://technet.microsoft.com/en-us/library/cc778809%28v=ws.10%29.aspx</ListItem>
				<ListItem>http://www.iis.net/configreference/system.webserver/security/requestfiltering</ListItem></UnorderedList></Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="HTTP-UPNP-0001" title="Windows XP UPnP  NOTIFY Method LOCATION Header Buffer Overflow" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="20011220T000000000" added="20041101T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Windows XP and some versions of Windows ME and 98 support UPnP
      (Universal Plug and Play). UPnP follows the HTTP syntax, defining
      some new request methods and headers. One of these request types is
      NOTIFY. When a NOTIFY packet is received, the UPnP service can locate
      detailed information about the advertising UPnP service by connecting
      to the URL specified in the LOCATION header. Windows does not
      validate this URL before connecting to it, allowing a buffer overflow
      to occur.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">3723</reference>
<reference source="CERT">CA-2001-37</reference>
<reference source="CERT-VN">951555</reference>
<reference source="CIAC">M-030</reference>
<reference source="CVE">CVE-2001-0876</reference>
<reference source="MS">MS01-059</reference>
<reference source="URL">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=100887440810532&amp;w=2</reference>
<reference source="XF">win-upnp-notify-bo(7721)</reference>
</references><tags>
<tag>HTTP</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the patch from: 
	<URLLink LinkURL="http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx" LinkTitle="http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>Microsoft has provided the following patches for this problem.
      For more information, see the
      
        
      
		<URLLink LinkURL="http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx" LinkTitle="http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx" href="http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx">Microsoft advisory</URLLink>.</Paragraph>
		<UnorderedList>
			<ListItem>
			<URLLink LinkURL="http://www.microsoft.com/Downloads/details.aspx?displaylang=en&amp;FamilyID=4F1C2546-9CF8-413D-866F-DD1E5A2D7454" LinkTitle="http://www.microsoft.com/Downloads/details.aspx?displaylang=en&amp;FamilyID=4F1C2546-9CF8-413D-866F-DD1E5A2D7454" href="http://www.microsoft.com/Downloads/details.aspx?displaylang=en&amp;FamilyID=4F1C2546-9CF8-413D-866F-DD1E5A2D7454">Microsoft Windows 98/98SE</URLLink></ListItem>
			<ListItem>
			<URLLink LinkURL="http://download.microsoft.com/download/winme/Update/22940/WinMe/EN-US/314757USAM.EXE" LinkTitle="http://download.microsoft.com/download/winme/Update/22940/WinMe/EN-US/314757USAM.EXE" href="http://download.microsoft.com/download/winme/Update/22940/WinMe/EN-US/314757USAM.EXE">Microsoft Windows ME</URLLink></ListItem>
			<ListItem>
			<URLLink LinkURL="http://www.microsoft.com/Downloads/details.aspx?displaylang=en&amp;FamilyID=D17CBEB5-7478-4147-B4BA-E6CF686A352B" LinkTitle="http://www.microsoft.com/Downloads/details.aspx?displaylang=en&amp;FamilyID=D17CBEB5-7478-4147-B4BA-E6CF686A352B" href="http://www.microsoft.com/Downloads/details.aspx?displaylang=en&amp;FamilyID=D17CBEB5-7478-4147-B4BA-E6CF686A352B">Microsoft Windows XP</URLLink></ListItem></UnorderedList></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="HTTP-UPNP-0002" title="Windows XP UPnP  NOTIFY LOCATION Denial of Service" severity="5" pciSeverity="2" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" published="20011220T000000000" added="20041101T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    Windows XP and some versions of Windows ME and 98 support UPnP (Universal Plug and Play). UPnP follows the HTTP syntax, defining some new request methods and headers. One of these request types is NOTIFY. When a NOTIFY packet is received, the UPnP service can locate detailed information about the advertising UPnP service by connecting to the URL specified in the LOCATION header. Windows does not validate this URL, nor the content received from it. By sending invalid data the Windows UPnP service will consume all resources while processing the data.
  </ContainerBlockElement></description>
<references>
<reference source="BID">3724</reference>
<reference source="CERT">CA-2001-37</reference>
<reference source="CERT-VN">411059</reference>
<reference source="CIAC">M-030</reference>
<reference source="CVE">CVE-2001-0877</reference>
<reference source="MS">MS01-059</reference>
<reference source="URL">http://marc.theaimsgroup.com/?l=bugtraq</reference>
<reference source="XF">win-upnp-udp-dos(7722)</reference>
</references><tags>
<tag>Denial of Service</tag>
<tag>HTTP</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the patch from: 
	<URLLink LinkURL="http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx" LinkTitle="http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>Microsoft has provided the following patches for this problem.
      For more information, see the
      
        
      
		<URLLink LinkURL="http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx" LinkTitle="http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx" href="http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx">Microsoft advisory</URLLink>.</Paragraph>
		<UnorderedList>
			<ListItem>
			<URLLink LinkURL="http://www.microsoft.com/Downloads/details.aspx?displaylang=en&amp;FamilyID=4F1C2546-9CF8-413D-866F-DD1E5A2D7454" LinkTitle="http://www.microsoft.com/Downloads/details.aspx?displaylang=en&amp;FamilyID=4F1C2546-9CF8-413D-866F-DD1E5A2D7454" href="http://www.microsoft.com/Downloads/details.aspx?displaylang=en&amp;FamilyID=4F1C2546-9CF8-413D-866F-DD1E5A2D7454">Microsoft Windows 98/98SE</URLLink></ListItem>
			<ListItem>
			<URLLink LinkURL="http://download.microsoft.com/download/winme/Update/22940/WinMe/EN-US/314757USAM.EXE" LinkTitle="http://download.microsoft.com/download/winme/Update/22940/WinMe/EN-US/314757USAM.EXE" href="http://download.microsoft.com/download/winme/Update/22940/WinMe/EN-US/314757USAM.EXE">Microsoft Windows ME</URLLink></ListItem>
			<ListItem>
			<URLLink LinkURL="http://www.microsoft.com/Downloads/details.aspx?displaylang=en&amp;FamilyID=D17CBEB5-7478-4147-B4BA-E6CF686A352B" LinkTitle="http://www.microsoft.com/Downloads/details.aspx?displaylang=en&amp;FamilyID=D17CBEB5-7478-4147-B4BA-E6CF686A352B" href="http://www.microsoft.com/Downloads/details.aspx?displaylang=en&amp;FamilyID=D17CBEB5-7478-4147-B4BA-E6CF686A352B">Microsoft Windows XP</URLLink></ListItem></UnorderedList></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="http-vignette-app-portal-diag" title="Vignette Application Portal Unauthenticated Diagnostics" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" published="20040928T000000000" added="20050120T000000000" modified="20120731T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The Vignette Application Portal allows anyone to retrieve the Vignette diagnostics script.  This page contains sensitive information, including operating system version, database connection parameters, usernames, and possibly even authentication information.  Besides information gathering, attackers could abuse the diagnostic script to cause CPU and network usage to spike.</Paragraph>
      


	<Paragraph>See Vignette knowledge base article KB 6947 for more information.  Vignette support articles are available only to Vignette customers.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">11267</reference>
<reference source="CVE">CVE-2004-0917</reference>
<reference source="URL">http://www.atstake.com/research/advisories/2004/a092804-1.txt</reference>
<reference source="URL">http://xforce.iss.net/xforce/xfdb/17530</reference>
<reference source="XF">vignette-diagnostic-obtain-info(17530)</reference>
</references><tags>
<tag>HTTP</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Use the web server&#39;s access controls to deny anonymous access to the /portal/diag/ web directory and all pages and subdirectories under it.  Review your log files for requests targeting this directory, which would indicate possible probing by attackers.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ntp-clock-variables-disclosure" title="NTP clock variables information disclosure" severity="1" pciSeverity="1" cvssScore="0.0" cvssVector="(AV:N/AC:L/Au:N/C:N/I:N/A:N)" published="20090506T000000000" added="20110401T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
      This sytem allows the internal NTP variables to be queried.  These
      variables contain potentially sensitive information, such as the NTP
      software version, operating system version, peers, and more.
    </Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Information Gathering</tag>
<tag>Network</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>
				<Paragraph>
      Apply a restrict option to all hosts that are not authorized to perform
      NTP readvar queries.  For example, to deny readvar requests from all clients,
      put the following in the NTP configuration file, typically /etc/ntp.conf, and
      restart the NTP service:
    </Paragraph>
				<Paragraph preformat="true">
      restrict default mask 0.0.0.0 noquery 
    </Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Cisco</Paragraph>
			<Paragraph>
				<Paragraph>
        Apply an ACL that restricts NTP readvar queries from unauthorized clients,
        as described in the 
				<URLLink LinkURL="http://www.cisco.com/en/US/docs/ios/12_1/configfun/configuration/guide/fcd303.html#wp1001299" LinkTitle="http://www.cisco.com/en/US/docs/ios/12_1/configfun/configuration/guide/fcd303.html#wp1001299" href="http://www.cisco.com/en/US/docs/ios/12_1/configfun/configuration/guide/fcd303.html#wp1001299">
        &#39;Configuring NTP Access Restrictions&#39; section of the Cisco IOS documentation</URLLink>.
    </Paragraph>
				<Paragraph>
      Alternatively, if NTP is not required, disable it entirely by running the
      following command:
    </Paragraph>
				<Paragraph preformat="true">
      ntp disable
    </Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ntpd-crypto-recv-buffer-overflow" title="NTP &#39;ntpd&#39; Autokey Stack Buffer Overflow Vulnerability" severity="7" pciSeverity="4" cvssScore="6.8" cvssVector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" published="20090506T000000000" added="20090716T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
         There exists a stack-based buffer overflow in the crypto_recv function 
         found in ntpd before 4.2.4p7 and 4.2.5 before 4.2.5p74. When OpenSSL
         and autokey are enabled, the flaw allows remote attackers to execute
         arbitrary code via a specially crafted packet containing an extension
         field.
      </Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">35017</reference>
<reference source="CERT-VN">853097</reference>
<reference source="CVE">CVE-2009-1252</reference>
<reference source="DEBIAN">DSA-1801</reference>
<reference source="NETBSD">NetBSD-SA2009-006</reference>
<reference source="OVAL">OVAL11231</reference>
<reference source="OVAL">OVAL6307</reference>
<reference source="REDHAT">RHSA-2009:1039</reference>
<reference source="REDHAT">RHSA-2009:1040</reference>
<reference source="SECUNIA">35137</reference>
<reference source="SECUNIA">35138</reference>
<reference source="SECUNIA">35166</reference>
<reference source="SECUNIA">35169</reference>
<reference source="SECUNIA">35243</reference>
<reference source="SECUNIA">35253</reference>
<reference source="SECUNIA">35308</reference>
<reference source="SECUNIA">35336</reference>
<reference source="SECUNIA">35388</reference>
<reference source="SECUNIA">35416</reference>
<reference source="SECUNIA">35630</reference>
<reference source="SECUNIA">37470</reference>
<reference source="SECUNIA">37471</reference>
<reference source="URL">http://bugs.ntp.org/1151</reference>
<reference source="URL">http://www.kb.cert.org/vuls/id/853097</reference>
<reference source="URL">https://lists.ntp.org/pipermail/announce/2009-May/000062.html</reference>
</references><tags>
<tag>Network</tag>
<tag>Remote Execution</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>Download and apply the upgrade from: 
			<URLLink LinkURL="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.4p7.tar.gz" LinkTitle="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.4p7.tar.gz"></URLLink></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Download and apply the upgrade from: 
			<URLLink LinkURL="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.5p74.tar.gz" LinkTitle="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.5p74.tar.gz"></URLLink></Paragraph></ListItem>
		<ListItem>
			<Paragraph>
				<Paragraph>
         This vulnerability can be mitigated by removing the 
         `crypto pw password` line from the ntp.conf file.
      </Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="openssl-debian-weak-keys" title="Debian&#39;s OpenSSL Library Predictable Random Number Generator" severity="8" pciSeverity="5" cvssScore="7.8" cvssVector="(AV:N/AC:L/Au:N/C:C/I:N/A:N)" published="20080513T000000000" added="20080605T000000000" modified="20121003T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">29179</reference>
<reference source="CERT">TA08-137A</reference>
<reference source="CERT-VN">925211</reference>
<reference source="CVE">CVE-2008-0166</reference>
<reference source="DEBIAN">DSA-1571</reference>
<reference source="DEBIAN">DSA-1576</reference>
<reference source="SECUNIA">30136</reference>
<reference source="SECUNIA">30220</reference>
<reference source="SECUNIA">30221</reference>
<reference source="SECUNIA">30231</reference>
<reference source="SECUNIA">30239</reference>
<reference source="SECUNIA">30249</reference>
<reference source="URL">http://metasploit.com/users/hdm/tools/debian-openssl/</reference>
<reference source="URL">http://wiki.debian.org/SSLkeys</reference>
<reference source="URL">http://www.debian.org/security/2008/dsa-1571</reference>
<reference source="URL">http://www.debian.org/security/2008/dsa-1576</reference>
<reference source="URL">http://www.debian.org/security/key-rollover/</reference>
<reference source="URL">http://www.ubuntu.com/usn/usn-612-1</reference>
<reference source="URL">http://www.ubuntu.com/usn/usn-612-2</reference>
<reference source="URL">http://www.ubuntu.com/usn/usn-612-3</reference>
<reference source="URL">http://www.ubuntu.com/usn/usn-612-4</reference>
<reference source="URL">http://www.ubuntu.com/usn/usn-612-5</reference>
<reference source="URL">http://www.ubuntu.com/usn/usn-612-6</reference>
<reference source="URL">http://www.ubuntu.com/usn/usn-612-7</reference>
<reference source="URL">http://www.ubuntu.com/usn/usn-612-8</reference>
<reference source="XF">openssl-rng-weak-security(42375)</reference>
</references><tags>
<tag>OpenSSL</tag>
<tag>SSH</tag>
<tag>VPN</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Upgrade the OpenSSL package to the version recomended below to fix the random number generator and stop generating weak keys</Paragraph>
		<UnorderedList>
			<ListItem>For Debian 4.0 etch, upgrade to 0.9.8c-4etch3  </ListItem>
			<ListItem>For Debian testing (lenny), upgrade to 0.9.8g-9</ListItem>
			<ListItem>For Debian unstable (sid), upgrade to 0.9.8g-9</ListItem>
			<ListItem>For Ubuntu 7.0.4 (feisty), upgrade to 0.9.8c-4ubuntu0.3 </ListItem>
			<ListItem>For Ubuntu 7.10 (gusty), upgrade to  0.9.8e-5ubuntu3.2</ListItem>
			<ListItem>For Ubuntu 8.0.4 (hardy), upgrade to 0.9.8g-4ubuntu3.1 </ListItem></UnorderedList>
		<Paragraph>Then regenerate all cryptographic key material which has been created by vulnerable OpenSSL versions on Debian-based systems. Affected keys include SSH server and user keys, OpenVPN keys, DNSSEC keys, keys associated to X.509 certificates, etc.</Paragraph>
		<Paragraph>Optionally, Debian and Ubuntu have released updated OpenSSH, OpenSSL and OpenVPN packages to automatically blacklist known weak keys. It is recomended to install these upgrades on all systems.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="spider-adobe-flash-permissive-crossdomain-xml" title="Adobe Flash permissive crossdomain.xml policy" severity="6" pciSeverity="3" cvssScore="5.8" cvssVector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" published="20070312T000000000" added="20101001T000000000" modified="20130620T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Permissive crossdomain.xml policy files allow external Adobe Flash (SWF) scripts to interact with your website.</Paragraph>
    
	<Paragraph>Depending on how authorization is restricted on your website, this could inadvertently expose data to other domains or allow invocation of functionality across domains. The cross-domain policy file should permit only domains that can be trusted to make requests that include the user&#39;s domain-specific cookies.</Paragraph>
    
	<Paragraph>See 
	<URLLink LinkURL="http://www.adobe.com/devnet/flashplayer/articles/cross_domain_policy.html" LinkTitle="http://www.adobe.com/devnet/flashplayer/articles/cross_domain_policy.html" href="http://www.adobe.com/devnet/flashplayer/articles/cross_domain_policy.html">Cross-domain policy file usage recommendations for Flash Player</URLLink></Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="URL">http://www.adobe.com/devnet/flashplayer/articles/cross_domain_policy.html</reference>
</references><tags>
<tag>Adobe</tag>
<tag>Adobe Flash</tag>
<tag>OWASP_2010</tag>
<tag>OWASP_2013</tag>
<tag>Policy Violation</tag>
<tag>Web</tag>
<tag>Web Spider</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Edit the crossdomain.xml file, ensuring:</Paragraph>
		<UnorderedList>
			<ListItem>No &#39;site-control&#39; tags have the &quot;permitted-cross-domain-policies&quot; set to &quot;all&quot;</ListItem>
			<ListItem>No &#39;allow-access-from&#39; tags have the &#39;domain&#39; attribute set to &#39;*&#39; or &#39;*.TLD&#39;</ListItem>
			<ListItem>No &#39;allow-access-from&#39; tags have the &#39;secure&#39; attribute set to &#39;false&#39;</ListItem>
			<ListItem>No &#39;allow-http-headers-from&#39; tags have the &#39;domain&#39; attribute set to &#39;*&#39; or &#39;*.TLD&#39;</ListItem>
			<ListItem>No &#39;allow-http-headers-from&#39; tags have the &#39;secure&#39; attribute set to &#39;false&#39;</ListItem></UnorderedList></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssh-default-account-admin-password-admin" title="Default SSH password: admin password &quot;admin&quot;" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="19700101T000000000" added="20130115T000000000" modified="20130115T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The admin account uses a password of &quot;admin&quot;.  This would allow
      anyone to log into the machine via SSH and take complete
      control.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
          Change the password to a non-default value.
        </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssh-default-account-admin-password-password" title="Default SSH password: admin password &quot;password&quot;" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="19700101T000000000" added="20090512T000000000" modified="20090512T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The admin account uses a password of &quot;password&quot;.  This would allow
      anyone to log into the machine via SSH and take complete
      control.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
          Change the password to a non-default value.
        </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssh-default-account-guest-password-guest" title="Default SSH password: guest password &quot;guest&quot;" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="19980101T000000000" added="20090318T000000000" modified="20100916T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>A common configuration weakness is to create a
      &#39;guest&#39; user with a password of &#39;guest&#39;.  This is usually a user-level account
      that can be used to SSH into the system.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Use the &quot;passwd&quot; command to set a more secure login password. A good
      password should consist of a mix of lower- and upper-case characters,
      numbers, and punctuation and should be at least 8 characters long.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssh-default-account-root-no-password" title="Default SSH password: root with blank password" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20041101T000000000" added="20041101T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The root account uses a blank password.  This would allow
      anyone to log into the machine via SSH and take complete
      control.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Use the &quot;passwd&quot; command to set a more secure login password. A good
      password should consist of a mix of lower- and upper-case characters,
      numbers, and punctuation and should be at least 8 characters long.
      You may also want to disable root login via SSH, which you can
      do in OpenSSH by adding the following to sshd.conf:</Paragraph>
		<Paragraph preformat="true">PermitRootLogin: no</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssh-default-account-root-password-password" title="Default SSH password: root password &quot;password&quot;" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20041101T000000000" added="20041101T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The root account uses a password of &quot;password&quot;.  This would allow
      anyone to log into the machine via SSH and take complete
      control.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Use the &quot;passwd&quot; command to set a more secure login password. A good
      password should consist of a mix of lower- and upper-case characters,
      numbers, and punctuation and should be at least 8 characters long.
      You may also want to disable root login via SSH, which you can
      do in OpenSSH by adding the following to sshd.conf:</Paragraph>
		<Paragraph preformat="true">PermitRootLogin: no</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssh-default-account-root-password-root" title="Default SSH password: root password &quot;root&quot;" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20100513T000000000" added="20100513T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The root account uses a password of &quot;root&quot;.
      This would allow anyone to log into the machine via SSH and take complete control.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Use the &quot;passwd&quot; command to set a more secure login password. A good
      password should consist of a mix of lower- and upper-case characters,
      numbers, and punctuation and should be at least 8 characters long.
      You may also want to disable root login via SSH, which you can
      do in OpenSSH by adding the following to sshd.conf:</Paragraph>
		<Paragraph preformat="true">PermitRootLogin: no</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssh-default-account-root-password-toor" title="Default SSH password: root password &quot;toor&quot;" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20080624T000000000" added="20080624T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The root account uses a password of &quot;toor&quot; (which is root spelled backwards).
      This would allow anyone to log into the machine via SSH and take complete control.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Use the &quot;passwd&quot; command to set a more secure login password. A good
      password should consist of a mix of lower- and upper-case characters,
      numbers, and punctuation and should be at least 8 characters long.
      You may also want to disable root login via SSH, which you can
      do in OpenSSH by adding the following to sshd.conf:</Paragraph>
		<Paragraph preformat="true">PermitRootLogin: no</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssh-default-account-vmware-password-vmware" title="Default SSH password: vmware password &quot;vmware&quot;" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="20080824T000000000" added="20080824T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>A common configuration weakness in VMWare host or guest systems is to create a
      &#39;vmware&#39; user with a password of &#39;vmware&#39;.  This is usually a user-level account
      that can be used to SSH into the system.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Use the &quot;passwd&quot; command to set a more secure login password. A good
      password should consist of a mix of lower- and upper-case characters,
      numbers, and punctuation and should be at least 8 characters long.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="SSH-GENERIC-0003" title="SSH Inc and OpenSSH CRC-32 Integer Overflow Vulnerability" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20010312T000000000" added="20041101T000000000" modified="20121204T000000000">
<description>

<ContainerBlockElement>
    There exists an integer overflow bug in code shared between the ssh daemons of SSH Inc and OpenSSH, which can result in letting an attacker overwrite arbitrary locations in memory.  This affects SSH Inc &lt; 2.4.0 and OpenSSH &lt; 2.3.0.  Note that it has been reported that this vulnerability is being widely exploited &quot;in the wild&quot;.
  </ContainerBlockElement></description>
<references>
<reference source="BID">2347</reference>
<reference source="CERT">CA-2001-35</reference>
<reference source="CVE">CVE-2001-0144</reference>
<reference source="OSVDB">503</reference>
<reference source="OSVDB">795</reference>
<reference source="URL">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=98168366406903&amp;w=2</reference>
<reference source="URL">http://razor.bindview.com/publish/advisories/adv_ssh1crc.html</reference>
<reference source="XF">ssh-deattack-overwrite-memory(6083)</reference>
</references><tags>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="ftp://ftp.ssh.com/pub/ssh/old/ssh-2.4.0.tar.gz" LinkTitle="ftp://ftp.ssh.com/pub/ssh/old/ssh-2.4.0.tar.gz"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>Upgrade to SSH v2.4.0 or later. See the 
    
		<URLLink LinkURL="http://www.ssh.com/support/downloads/" LinkTitle="http://www.ssh.com/support/downloads/" href="http://www.ssh.com/support/downloads/">SSH</URLLink>
    website for download information.
    </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssh-iphone-default-account-root-password-alpine" title="Default SSH password: root password &quot;alpine&quot;" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20070701T000000000" added="20091204T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
      The root account uses a password of &quot;alpine&quot;.  This would allow
      anyone to log into the machine via SSH and take complete control. This
      default account exists on some jailbroken iPhone and iPod Touch devices.
    </Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Use the &quot;passwd&quot; command to set a more secure login password. A good
      password should consist of a mix of lower- and upper-case characters,
      numbers, and punctuation and should be at least 8 characters long.
      You may also want to disable root login via SSH, which you can
      do in OpenSSH by adding the following to sshd.conf:</Paragraph>
		<Paragraph preformat="true">PermitRootLogin: no</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssh-iphone-default-account-root-password-dottie" title="Default SSH password: root password &quot;dottie&quot;" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20070701T000000000" added="20091204T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
      The root account uses a password of &quot;dottie&quot;. This would allow
      anyone to log into the machine via SSH and take complete control. This
      default account exists on some jailbroken iPhone and iPod Touch devices.
    </Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Use the &quot;passwd&quot; command to set a more secure login password. A good
      password should consist of a mix of lower- and upper-case characters,
      numbers, and punctuation and should be at least 8 characters long.
      You may also want to disable root login via SSH, which you can
      do in OpenSSH by adding the following to sshd.conf:</Paragraph>
		<Paragraph preformat="true">PermitRootLogin: no</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="SSH-OPENSSH-0001" title="OpenSSH Channel Code Off By One Vulnerability" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20020315T000000000" added="20041101T000000000" modified="20130822T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">4241</reference>
<reference source="CALDERA">CSSA-2002-012.0</reference>
<reference source="CALDERA">CSSA-2002-SCO.10</reference>
<reference source="CALDERA">CSSA-2002-SCO.11</reference>
<reference source="CONECTIVA">CLA-2002:467</reference>
<reference source="CVE">CVE-2002-0083</reference>
<reference source="DEBIAN">DSA-119</reference>
<reference source="MANDRAKE">MDKSA-2002:019</reference>
<reference source="NETBSD">NetBSD-SA2002-004</reference>
<reference source="OSVDB">730</reference>
<reference source="REDHAT">RHSA-2002:043</reference>
<reference source="SUSE">SuSE-SA:2002:009</reference>
<reference source="XF">8383</reference>
</references><tags>
<tag>OpenSSH</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH" LinkTitle="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>The latest version of OpenSSH is 6.4.</Paragraph>
		<Paragraph>
    While you can always 
		<URLLink LinkURL="http://www.openssh.com/portable.html" LinkTitle="http://www.openssh.com/portable.html" href="http://www.openssh.com/portable.html">build OpenSSH from source</URLLink>,
    many platforms and distributions provide pre-built binary packages for OpenSSH. These pre-built
    packages are usually customized and optimized for a particular distribution, therefore we
    recommend that you use the packages if they are available for your operating system.
    </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="SSH-OPENSSH-0002" title="OpenSSH UseLogin Vulnerability" severity="7" pciSeverity="5" cvssScore="7.2" cvssVector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" published="20011221T000000000" added="20041101T000000000" modified="20130822T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">3614</reference>
<reference source="CALDERA">CSSA-2001-042.1</reference>
<reference source="CERT-VN">157447</reference>
<reference source="CIAC">M-026</reference>
<reference source="CONECTIVA">CLA-2001:446</reference>
<reference source="CVE">CVE-2001-0872</reference>
<reference source="DEBIAN">DSA-091</reference>
<reference source="MANDRAKE">MDKSA-2001:092</reference>
<reference source="OSVDB">688</reference>
<reference source="REDHAT">RHSA-2001:161</reference>
<reference source="SUSE">SuSE-SA:2001:045</reference>
<reference source="XF">7647</reference>
</references><tags>
<tag>OpenSSH</tag>
<tag>Privilege Escalation</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH" LinkTitle="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>The latest version of OpenSSH is 6.4.</Paragraph>
		<Paragraph>
    While you can always 
		<URLLink LinkURL="http://www.openssh.com/portable.html" LinkTitle="http://www.openssh.com/portable.html" href="http://www.openssh.com/portable.html">build OpenSSH from source</URLLink>,
    many platforms and distributions provide pre-built binary packages for OpenSSH. These pre-built
    packages are usually customized and optimized for a particular distribution, therefore we
    recommend that you use the packages if they are available for your operating system.
    </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="SSH-OPENSSH-0003" title="OpenSSH Kerberos Authentication Bypass Vulnerability" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="20011231T000000000" added="20041101T000000000" modified="20130822T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">3560</reference>
<reference source="CVE">CVE-2001-1507</reference>
<reference source="XF">7598</reference>
</references><tags>
<tag>OpenSSH</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>OpenBSD OpenSSH &lt; 3.0.1</Paragraph>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH" LinkTitle="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>
    While you can always 
		<URLLink LinkURL="http://www.openssh.com/portable.html" LinkTitle="http://www.openssh.com/portable.html" href="http://www.openssh.com/portable.html">build OpenSSH from source</URLLink>,
    many platforms and distributions provide pre-built binary packages for OpenSSH. These pre-built
    packages are usually customized and optimized for a particular distribution, therefore we
    recommend that you use the packages if they are available for your operating system.
    </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="SSH-OPENSSH-0004" title="OpenSSH IP Restriction Bypass Vulnerability" severity="7" pciSeverity="4" cvssScore="6.5" cvssVector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" published="20011018T000000000" added="20041101T000000000" modified="20121205T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>OpenSSH versions previous to v2.9.9 contain a vulnerability which allows
      a remote attacker to bypass the IP restrictions.  Note that valid
      credentials are still required to log in.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH" LinkTitle="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>The latest version of OpenSSH is 6.4.</Paragraph>
		<Paragraph>
    While you can always 
		<URLLink LinkURL="http://www.openssh.com/portable.html" LinkTitle="http://www.openssh.com/portable.html" href="http://www.openssh.com/portable.html">build OpenSSH from source</URLLink>,
    many platforms and distributions provide pre-built binary packages for OpenSSH. These pre-built
    packages are usually customized and optimized for a particular distribution, therefore we
    recommend that you use the packages if they are available for your operating system.
    </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="SSH-OPENSSH-0005" title="OpenSSH PAM Restriction Evasion Vulnerability" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="20010619T000000000" added="20041101T000000000" modified="20130822T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">2917</reference>
<reference source="CERT-VN">797027</reference>
<reference source="CVE">CVE-2001-1459</reference>
<reference source="XF">6757</reference>
</references><tags>
<tag>OpenSSH</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH" LinkTitle="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>The latest version of OpenSSH is 6.4.</Paragraph>
		<Paragraph>
    While you can always 
		<URLLink LinkURL="http://www.openssh.com/portable.html" LinkTitle="http://www.openssh.com/portable.html" href="http://www.openssh.com/portable.html">build OpenSSH from source</URLLink>,
    many platforms and distributions provide pre-built binary packages for OpenSSH. These pre-built
    packages are usually customized and optimized for a particular distribution, therefore we
    recommend that you use the packages if they are available for your operating system.
    </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="SSH-OPENSSH-0006" title="OpenSSH Public Key Authentication Vulnerability" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20011231T000000000" added="20041101T000000000" modified="20121205T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>OpenSSH v2.3.1, if set up to only allow public-key based
      authentication, allows a remote attacker to log in without a valid
      corresponding private key.  It is possible to attain any priviledge
      level with this vulnerability, even root.  Note that this vulnerability
      exists only in v2.3.1.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH" LinkTitle="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>The latest version of OpenSSH is 6.4.</Paragraph>
		<Paragraph>
    While you can always 
		<URLLink LinkURL="http://www.openssh.com/portable.html" LinkTitle="http://www.openssh.com/portable.html" href="http://www.openssh.com/portable.html">build OpenSSH from source</URLLink>,
    many platforms and distributions provide pre-built binary packages for OpenSSH. These pre-built
    packages are usually customized and optimized for a particular distribution, therefore we
    recommend that you use the packages if they are available for your operating system.
    </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="SSH-OPENSSH-0007" title="OpenSSH UseLogin SetUID Vulnerability" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20000608T000000000" added="20041101T000000000" modified="20130822T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">1334</reference>
<reference source="CVE">CVE-2000-0525</reference>
<reference source="OSVDB">341</reference>
<reference source="XF">4646</reference>
</references><tags>
<tag>OpenSSH</tag>
<tag>Remote Execution</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>OpenBSD OpenSSH &lt; 2.1.1</Paragraph>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH" LinkTitle="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>
    While you can always 
		<URLLink LinkURL="http://www.openssh.com/portable.html" LinkTitle="http://www.openssh.com/portable.html" href="http://www.openssh.com/portable.html">build OpenSSH from source</URLLink>,
    many platforms and distributions provide pre-built binary packages for OpenSSH. These pre-built
    packages are usually customized and optimized for a particular distribution, therefore we
    recommend that you use the packages if they are available for your operating system.
    </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="SSH-OPENSSH-0008" title="OpenSSH Kerberos AFS Buffer Overflow Vulnerability" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="20020618T000000000" added="20041101T000000000" modified="20130822T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
  OpenSSH &lt; 3.2.2 contains a buffer overflow in the Kerberos/AFS
  support code.  In versions &lt; 2.9.9, this can be used to gain a
  root shell remotely.  In versions &lt; 3.2.2, only a local user can
  gain a root shell.
</Paragraph>

	<Paragraph>
  Note that Kerberos/AFS support is not enabled by default.  Additionally,
  vendor-supplied patches may have already been applied, even though this
  test cannot discern their presence.
</Paragraph>

  </ContainerBlockElement></description>
<references>
<reference source="BID">4560</reference>
<reference source="CALDERA">CSSA-2002-022.2</reference>
<reference source="CVE">CVE-2002-0575</reference>
<reference source="OSVDB">781</reference>
<reference source="XF">8896</reference>
</references><tags>
<tag>OpenSSH</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>OpenBSD OpenSSH &lt; 3.2.2</Paragraph>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH" LinkTitle="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>
    While you can always 
		<URLLink LinkURL="http://www.openssh.com/portable.html" LinkTitle="http://www.openssh.com/portable.html" href="http://www.openssh.com/portable.html">build OpenSSH from source</URLLink>,
    many platforms and distributions provide pre-built binary packages for OpenSSH. These pre-built
    packages are usually customized and optimized for a particular distribution, therefore we
    recommend that you use the packages if they are available for your operating system.
    </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="SSH-OPENSSH-0009" title="OpenSSH BSD_AUTH Authentication Confusion Vulnerability" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="20020812T000000000" added="20041101T000000000" modified="20130822T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user&#39;s password.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">4803</reference>
<reference source="CVE">CVE-2002-0765</reference>
<reference source="OSVDB">5113</reference>
<reference source="XF">9215</reference>
</references><tags>
<tag>OpenSSH</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>OpenBSD OpenSSH &lt; 3.4</Paragraph>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH" LinkTitle="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>
    While you can always 
		<URLLink LinkURL="http://www.openssh.com/portable.html" LinkTitle="http://www.openssh.com/portable.html" href="http://www.openssh.com/portable.html">build OpenSSH from source</URLLink>,
    many platforms and distributions provide pre-built binary packages for OpenSSH. These pre-built
    packages are usually customized and optimized for a particular distribution, therefore we
    recommend that you use the packages if they are available for your operating system.
    </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="SSH-OPENSSH-0010" title="OpenSSH Challenge-Response Buffer Overflow" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20020703T000000000" added="20041101T000000000" modified="20121205T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>There exist multiple buffer overflows in the OpenSSH daemon during the
      challenge-response handshake when compiled with BSD_AUTH or SKEY support.
      Authentication is not required, and successful exploitation of this
      vulnerability yields root access.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">5093</reference>
<reference source="CALDERA">CSSA-2002-030.0</reference>
<reference source="CERT">CA-2002-18</reference>
<reference source="CERT-VN">369347</reference>
<reference source="CONECTIVA">CLA-2002:502</reference>
<reference source="CVE">CVE-2002-0639</reference>
<reference source="CVE">CVE-2002-0640</reference>
<reference source="DEBIAN">DSA-134</reference>
<reference source="MANDRAKE">MDKSA-2002:040</reference>
<reference source="OSVDB">6245</reference>
<reference source="OSVDB">839</reference>
<reference source="REDHAT">RHSA-2002:127</reference>
<reference source="REDHAT">RHSA-2002:131</reference>
<reference source="SUSE">SuSE-SA:2002:024</reference>
<reference source="XF">openssh-challenge-response-bo(9169)</reference>
</references><tags>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>OpenBSD OpenSSH &lt; 3.4</Paragraph>
			<Paragraph>Download and apply the upgrade from: 
			<URLLink LinkURL="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH" LinkTitle="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH"></URLLink></Paragraph>
			<Paragraph>
				<Paragraph>
    While you can always 
				<URLLink LinkURL="http://www.openssh.com/portable.html" LinkTitle="http://www.openssh.com/portable.html" href="http://www.openssh.com/portable.html">build OpenSSH from source</URLLink>,
    many platforms and distributions provide pre-built binary packages for OpenSSH. These pre-built
    packages are usually customized and optimized for a particular distribution, therefore we
    recommend that you use the packages if they are available for your operating system.
    </Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Download and apply the upgrade from: 
			<URLLink LinkURL="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH" LinkTitle="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH"></URLLink></Paragraph>
			<Paragraph>
				<Paragraph>The latest version of OpenSSH is 6.4.</Paragraph>
				<Paragraph>
    While you can always 
				<URLLink LinkURL="http://www.openssh.com/portable.html" LinkTitle="http://www.openssh.com/portable.html" href="http://www.openssh.com/portable.html">build OpenSSH from source</URLLink>,
    many platforms and distributions provide pre-built binary packages for OpenSSH. These pre-built
    packages are usually customized and optimized for a particular distribution, therefore we
    recommend that you use the packages if they are available for your operating system.
    </Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssh-openssh-pam-multiple-vulns" title="OpenSSH Portable Branch Multiple Unspecified PAM Vulnerabilities" severity="9" pciSeverity="5" cvssScore="9.3" cvssVector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" published="20041101T000000000" added="20041101T000000000" modified="20121205T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Multiple unspecified PAM-related vulnerabilities were announced on September 23rd, 2003.  These
      vulnerabilities affect the portable branch of OpenSSH versions 3.7.1p1 and earlier,
      if PAM is enabled.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="URL">http://www.openssh.com/txt/sshpam.adv</reference>
</references><tags>
<tag>OpenSSH</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH" LinkTitle="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>The latest version of OpenSSH is 6.4.</Paragraph>
		<Paragraph>
    While you can always 
		<URLLink LinkURL="http://www.openssh.com/portable.html" LinkTitle="http://www.openssh.com/portable.html" href="http://www.openssh.com/portable.html">build OpenSSH from source</URLLink>,
    many platforms and distributions provide pre-built binary packages for OpenSSH. These pre-built
    packages are usually customized and optimized for a particular distribution, therefore we
    recommend that you use the packages if they are available for your operating system.
    </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssh-openssh-valid-username-info-leak" title="OpenSSH Valid Username Information Leak" severity="4" pciSeverity="3" cvssScore="4.3" cvssVector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" published="20041101T000000000" added="20041101T000000000" modified="20121205T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>In certain situations, it is possible to determine if a username exists on the target system by analyzing differences in response timings from the OpenSSH server.  While not a vulnerability in and of itself, this information may simplify more complex attacks against the system.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>OpenSSH</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>OpenBSD OpenSSH &lt; 3.1</Paragraph>
			<Paragraph>Download and apply the upgrade from: 
			<URLLink LinkURL="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH" LinkTitle="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH"></URLLink></Paragraph>
			<Paragraph>
				<Paragraph>
    While you can always 
				<URLLink LinkURL="http://www.openssh.com/portable.html" LinkTitle="http://www.openssh.com/portable.html" href="http://www.openssh.com/portable.html">build OpenSSH from source</URLLink>,
    many platforms and distributions provide pre-built binary packages for OpenSSH. These pre-built
    packages are usually customized and optimized for a particular distribution, therefore we
    recommend that you use the packages if they are available for your operating system.
    </Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Download and apply the upgrade from: 
			<URLLink LinkURL="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH" LinkTitle="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH"></URLLink></Paragraph>
			<Paragraph>
				<Paragraph>The latest version of OpenSSH is 6.4.</Paragraph>
				<Paragraph>
    While you can always 
				<URLLink LinkURL="http://www.openssh.com/portable.html" LinkTitle="http://www.openssh.com/portable.html" href="http://www.openssh.com/portable.html">build OpenSSH from source</URLLink>,
    many platforms and distributions provide pre-built binary packages for OpenSSH. These pre-built
    packages are usually customized and optimized for a particular distribution, therefore we
    recommend that you use the packages if they are available for your operating system.
    </Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssh-pragma-sshredder-overflow" title="Pragma SecureShell SSHredder buffer overflow" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20021223T000000000" added="20041101T000000000" modified="20120730T000000000">
<description>

<ContainerBlockElement>
    Pragma SecureShell server v2.x and earlier are vulnerable to a buffer overflow      attack that can potentially give an attacker full control over the remote      system.  This buffer overflow occurs before any authentication takes place,      which means that an attacker does not need a password to be able to exploit it.
  </ContainerBlockElement></description>
<references>
<reference source="BID">6407</reference>
<reference source="CERT">CA-2002-36</reference>
<reference source="CVE">CVE-2002-1359</reference>
<reference source="OVAL">OVAL5848</reference>
<reference source="URL">http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html</reference>
<reference source="URL">http://www.pragmasys.com/PressReleases/SSHVulnerabilityFixed.htm</reference>
<reference source="XF">ssh-transport-multiple-bo(10870)</reference>
</references><tags>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="http://www.pragmasys.com/SecureShell/" LinkTitle="http://www.pragmasys.com/SecureShell/"></URLLink></Paragraph>
	<Paragraph>
      
      
      
      

      
Upgrade to 
        
Pragma SecureShell v3.0 ( http://www.pragmasys.com/SecureShell/ ) 
      or later.
    
      
      
      
      </Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="SSH-SSHINC-0001" title="SSH Inc Kerberos Credentials Exposure Vulnerability" severity="7" pciSeverity="5" cvssScore="7.2" cvssVector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" published="20000705T000000000" added="20041101T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>If a user logs into an SSH 1.2.27 server, and uses Kerberos during
      the session, a file called &#39;none&#39; is created in the current
      directory.  This file contains the user&#39;s Kerberos credentials, and
      if the current directory is publicly accessible (like an NFS volume),
      then another user on the system may intercept the credentials.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">1426</reference>
<reference source="CVE">CVE-2000-0575</reference>
<reference source="URL">http://www.securityfocus.com/templates/archive.pike?list=1&amp;msg=200007010511.BAA16944@syrinx.oankali.net</reference>
<reference source="XF">ssh-kerberos-tickets-disclosure(4903)</reference>
</references><tags>
<tag>NFS</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="ftp://ftp.ssh.com/pub/ssh/ssh-1.2.33.tar.gz" LinkTitle="ftp://ftp.ssh.com/pub/ssh/ssh-1.2.33.tar.gz"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>Upgrade to
      
		<URLLink LinkURL="ftp://ftp.ssh.com/pub/ssh/ssh-1.2.33.tar.gz" LinkTitle="ftp://ftp.ssh.com/pub/ssh/ssh-1.2.33.tar.gz" href="ftp://ftp.ssh.com/pub/ssh/ssh-1.2.33.tar.gz">v1.2.33</URLLink> 
      or later.</Paragraph>
		<Paragraph>See the 
		<URLLink LinkURL="http://www.ssh.com/support/downloads/" LinkTitle="http://www.ssh.com/support/downloads/" href="http://www.ssh.com/support/downloads/">SSH</URLLink>
      website for more information.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="SSH-SSHINC-0002" title="SSH Inc Logging Failure Vulnerability" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="20010627T000000000" added="20041101T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>SSH Inc &lt; 1.2.31 ceases to log authentication failures after
      four successive attempts.  This allows a remote attacker to
      brute-force login IDs without risk of detection.  This vulnerability
      is exacerbated by the fact that root logins are enabled by default.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">2345</reference>
<reference source="CVE">CVE-2001-0471</reference>
<reference source="URL">http://www.securityfocus.com/archive/1/160648</reference>
</references><tags>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="ftp://ftp.ssh.com/pub/ssh/ssh-1.2.33.tar.gz" LinkTitle="ftp://ftp.ssh.com/pub/ssh/ssh-1.2.33.tar.gz"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>Upgrade to
      
		<URLLink LinkURL="ftp://ftp.ssh.com/pub/ssh/ssh-1.2.33.tar.gz" LinkTitle="ftp://ftp.ssh.com/pub/ssh/ssh-1.2.33.tar.gz" href="ftp://ftp.ssh.com/pub/ssh/ssh-1.2.33.tar.gz">v1.2.33</URLLink> 
      or later.</Paragraph>
		<Paragraph>See the 
		<URLLink LinkURL="http://www.ssh.com/support/downloads/" LinkTitle="http://www.ssh.com/support/downloads/" href="http://www.ssh.com/support/downloads/">SSH</URLLink>
      website for more information.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="SSH-SSHINC-0004" title="SSH Secure-RPC Weak Encryption Vulnerability" severity="4" pciSeverity="2" cvssScore="3.6" cvssVector="(AV:L/AC:L/Au:N/C:P/I:P/A:N)" published="20010602T000000000" added="20041101T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>SSH Inc &lt; 1.2.31 uses a weak authentication mechanism whereby
      which a local attacker can recover another user&#39;s SUN-DES-1 magic
      phrase, and decrypt that user&#39;s private key.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">2222</reference>
<reference source="CVE">CVE-2001-0259</reference>
<reference source="URL">http://archives.neohapsis.com/archives/bugtraq/2001-01/0262.html</reference>
<reference source="URL">http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html</reference>
<reference source="XF">ssh-rpc-private-key(5963)</reference>
</references><tags>
<tag>RPC</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="ftp://ftp.ssh.com/pub/ssh/ssh-1.2.33.tar.gz" LinkTitle="ftp://ftp.ssh.com/pub/ssh/ssh-1.2.33.tar.gz"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>Upgrade to
      
		<URLLink LinkURL="ftp://ftp.ssh.com/pub/ssh/ssh-1.2.33.tar.gz" LinkTitle="ftp://ftp.ssh.com/pub/ssh/ssh-1.2.33.tar.gz" href="ftp://ftp.ssh.com/pub/ssh/ssh-1.2.33.tar.gz">v1.2.33</URLLink> 
      or later.</Paragraph>
		<Paragraph>See the 
		<URLLink LinkURL="http://www.ssh.com/support/downloads/" LinkTitle="http://www.ssh.com/support/downloads/" href="http://www.ssh.com/support/downloads/">SSH</URLLink>
      website for more information.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="SSH-SSHINC-0005" title="SSH Inc Short Password Authentication Failure Vulnerability" severity="7" pciSeverity="5" cvssScore="7.2" cvssVector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" published="20010814T000000000" added="20041101T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Under SSH Inc &lt; 3.0.1, if there exists a user whose password
      in the system password file is two characters or less, it is possible
      for an attacker to log in under that user ID with an arbitrary
      password.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">3078</reference>
<reference source="CERT-VN">737451</reference>
<reference source="CIAC">L-121</reference>
<reference source="CVE">CVE-2001-0553</reference>
<reference source="OSVDB">586</reference>
<reference source="URL">http://archives.neohapsis.com/archives/bugtraq/2001-07/0486.html</reference>
<reference source="URL">http://www.ssh.com/products/ssh/exploit.cfm</reference>
<reference source="XF">ssh-password-length-unauth-access(6868)</reference>
</references><tags>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="ftp://ftp.ssh.com/pub/ssh/ssh-3.0.1.tar.gz" LinkTitle="ftp://ftp.ssh.com/pub/ssh/ssh-3.0.1.tar.gz"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>Upgrade SSH v3.0.1 or later. 
         See the following 
		<URLLink LinkURL="http://www.ssh.com/support/downloads/" LinkTitle="http://www.ssh.com/support/downloads/" href="http://www.ssh.com/support/downloads/">link</URLLink> 
         for download information.
      </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="SSH-SSHINC-0006" title="SSH Inc Restricted Shell Bypass Vulnerability" severity="7" pciSeverity="5" cvssScore="7.2" cvssVector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" published="20021231T000000000" added="20041101T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Under SSH &lt; 3.1.1, it is possible for a user with a restricted
      shell upload scripts to a world-writable directory, then execute it.
      This allows the user to gain a regular, unrestricted shell to the
      system.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">4547</reference>
<reference source="CVE">CVE-2002-1715</reference>
<reference source="XF">ssh-bypass-restricted-shells(8908)</reference>
</references><tags>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="ftp://ftp.ssh.com/pub/ssh/ssh-3.1.1.tar.gz" LinkTitle="ftp://ftp.ssh.com/pub/ssh/ssh-3.1.1.tar.gz"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>Upgrade to v3.1.1 or later. To correct other security issues,
      we recommend upgrading to the latest 3.1 release, currently 
     
		<URLLink LinkURL="ftp://ftp.ssh.com/pub/ssh/ssh-3.1.1.tar.gz" LinkTitle="ftp://ftp.ssh.com/pub/ssh/ssh-3.1.1.tar.gz" href="ftp://ftp.ssh.com/pub/ssh/ssh-3.1.1.tar.gz">v3.1.1</URLLink></Paragraph>
		<Paragraph>
      See the 
		<URLLink LinkURL="http://www.ssh.com/support/downloads/" LinkTitle="http://www.ssh.com/support/downloads/" href="http://www.ssh.com/support/downloads/">SSH</URLLink>
      website for download information.
    </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="SSH-SSHINC-0007" title="SSH Inc AllowedAuthentications Override Vulnerability" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="20021231T000000000" added="20041101T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>It is sometimes possible for a remote user to circumvent the
      server&#39;s &quot;AllowedAuthentications&quot; directive.  This could allow
      authentication via a weaker mechanism (such as a password) where
      users would otherwise be required to log in using a stronger
      method (such as public keys).</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">4810</reference>
<reference source="CERT-VN">341187</reference>
<reference source="CIAC">M-081</reference>
<reference source="CVE">CVE-2002-1646</reference>
<reference source="URL">http://archives.neohapsis.com/archives/bugtraq/2002-05/0204.html</reference>
<reference source="URL">http://www.ssh.com/products/ssh/advisories/authentication.cfm</reference>
<reference source="XF">ssh-allowedauthentications-bypass-auth(9163)</reference>
</references><tags>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
      Upgrade to SSH v3.1.2 or later. See the following 
      
		<URLLink LinkURL="http://www.ssh.com/support/downloads/" LinkTitle="http://www.ssh.com/support/downloads/" href="http://www.ssh.com/support/downloads/">link</URLLink>
      for download information.
    </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssh-sshinc-getlogin-spoof-privilege-escalation" title="SSH Inc. getlogin() Spoofing Privilege Escalation Vulnerability" severity="7" pciSeverity="5" cvssScore="7.2" cvssVector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" published="20021125T000000000" added="20041101T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Due to a flaw in the process grouping logic, certain versions of SSH Inc. Secure Shell may allow a local attacker to spoof the result of the &#39;getlogin()&#39; system call.  This vulnerability allows the insertion of SSH syslog entries to be logged as coming from the root account; local attackers may also be able to elevate privileges as well.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">6247</reference>
<reference source="CERT-VN">740619</reference>
<reference source="CVE">CVE-2002-1644</reference>
<reference source="URL">http://www.ssh.com/company/newsroom/article/286/</reference>
<reference source="XF">ssh-setsid-privilege-elevation(10710)</reference>
</references><tags>
<tag>Privilege Escalation</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="ftp://ftp.ssh.com/pub/ssh/old/ssh-3.2.2.tar.gz" LinkTitle="ftp://ftp.ssh.com/pub/ssh/old/ssh-3.2.2.tar.gz"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>Upgrade to SSH v3.2.2 or later. See the 
      
		<URLLink LinkURL="http://www.ssh.com/support/downloads/" LinkTitle="http://www.ssh.com/support/downloads/" href="http://www.ssh.com/support/downloads/">SSH</URLLink>
      website for download information.
    </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssh-sshinc-rsa-signature-forging" title="SSH Inc. RSA Signature Forging Vulnerability" severity="5" pciSeverity="3" cvssScore="5.1" cvssVector="(AV:N/AC:H/Au:N/C:P/I:P/A:P)" published="20041101T000000000" added="20041101T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Certain versions of SSH Communications Secure Shell incorrectly verify invalid RSA signatures.  As a result, a remote attacker could authenticate with the server and gain shell access.  However, this attack is largely theoretical since the attacker must make (2 ^ 67) computations in order to generate a forged signature.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>
				<Paragraph>
      Upgrade to SSH v3.1.8 or later. See the 
      
				<URLLink LinkURL="http://www.ssh.com/support/downloads/" LinkTitle="http://www.ssh.com/support/downloads/" href="http://www.ssh.com/support/downloads/">SSH</URLLink>
      website for download information.
    </Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>
				<Paragraph>
				<URLLink LinkURL="http://www.ssh.com/support/downloads/" LinkTitle="http://www.ssh.com/support/downloads/" href="http://www.ssh.com/support/downloads/"></URLLink></Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>
				<Paragraph>As of July, 2003, the latest version of SSH Secure Shell is v3.2.5.  
      
      
				<URLLink LinkURL="http://www.ssh.com/support/downloads/" LinkTitle="http://www.ssh.com/support/downloads/" href="http://www.ssh.com/support/downloads/"></URLLink></Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssh-suse-default-account-suse-gm-password-123456" title="Default SSH password: suse-gm password &quot;123456&quot;" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20091104T000000000" added="20091104T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The suse-gm account has the password &quot;123456&quot;, which is one of the most
      common passwords in use.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Use the &quot;passwd&quot; command to set a more secure login
         password. A good password should consist of a mix of lower- and
         upper-case characters, numbers, and punctuation and should be at least
         8 characters long.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssh-v1-supported" title="SSH server supports SSH protocol v1 clients" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="20050421T000000000" added="20061121T000000000" modified="20130703T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The SSH server support SSH version 1 clients.  Version 1 of the SSH protocol
         contains fundamental weaknesses which make sessions vulnerable to man-in-the-middle
         attacks.  Since all modern SSH clients have supported SSH v2 for at least 5 years,
         there is no reason to support SSHv1.
      </Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="CERT-VN">684820</reference>
<reference source="CVE">CVE-2001-1473</reference>
<reference source="XF">ssh-authentication-forwarding(6603)</reference>
</references><tags>
<tag>Insecure Remote Access</tag>
<tag>SSH</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
            Configure the SSH server to support protocol version 2 only.  For OpenSSH-based
            servers, change the &quot;Protocol&quot; line in the sshd_config file to read:
         </Paragraph>
		<Paragraph preformat="true">Protocol 2</Paragraph>
		<Paragraph>
            For systems not based on OpenSSH, you may need
            to upgrade the operating system version to enable SSHv2 support.
         </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssl-self-signed-certificate" title="Self-signed TLS/SSL certificate" severity="4" pciSeverity="3" cvssScore="4.3" cvssVector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" published="19950101T000000000" added="20090716T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
         The server&#39;s TLS/SSL certificate is self-signed. Self-signed certificates cannot be
         trusted by default, especially because TLS/SSL man-in-the-middle attacks typically use
         self-signed certificates to eavesdrop on TLS/SSL connections.
      </Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Network</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Obtain a new TLS/SSL server certificate that is NOT self-signed and install it on the server.
   The exact instructions for obtaining a new certificate depend on your organization&#39;s requirements.
   Generally, you will need to generate a certificate request and save the request as a file.  This
   file is then sent to a Certificate Authority (CA) for processing.  Your organization may have its
   own internal Certificate Authority.  If not, you may have to pay for a certificate from a trusted
   external Certificate Authority, such as 
		<URLLink LinkURL="http://www.thawte.com" LinkTitle="http://www.thawte.com" href="http://www.thawte.com">Thawte</URLLink> or
   
		<URLLink LinkURL="http://www.verisign.com" LinkTitle="http://www.verisign.com" href="http://www.verisign.com">Verisign</URLLink>.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="ssl-weak-ciphers" title="TLS/SSL Server Supports Weak Cipher Algorithms" severity="6" pciSeverity="3" cvssScore="5.8" cvssVector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" published="19960101T000000000" added="20090212T000000000" modified="20130515T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
        The TLS/SSL server supports cipher suites based on weak algorithms. This may
        enable an attacker to launch man-in-the-middle attacks and monitor or
        tamper with sensitive data. In general, the following ciphers are
        considered weak:
     </Paragraph>
     
	<UnorderedList>
		<ListItem>So called &quot;null&quot; ciphers, because they do not encrypt data.</ListItem>
		<ListItem>Export ciphers using secret key lengths restricted to 40 bits.
           This is usually indicated by the word EXP/EXPORT in the name of the cipher suite.</ListItem>
		<ListItem>Obsolete encryption algorithms with secret key lengths considered short by
           today&#39;s standards, eg. DES or RC4 with 56-bit keys.</ListItem></UnorderedList>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Network</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Configure the server to disable support for weak ciphers.</Paragraph>
		<Paragraph>For Microsoft IIS web servers, see Microsoft Knowledgebase article 
		<URLLink LinkURL="http://support.microsoft.com/kb/245030/" LinkTitle="http://support.microsoft.com/kb/245030/" href="http://support.microsoft.com/kb/245030/">245030</URLLink>
    for instructions on disabling weak ciphers.</Paragraph>
		<Paragraph>For Apache web servers with mod_ssl, edit the Apache configuration file and change the SSLCipherSuite line to read:</Paragraph>
		<Paragraph preformat="true">SSLCipherSuite ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</Paragraph>
		<Paragraph>For other servers, refer to the respective vendor documentation to disable the weak ciphers</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="sslv2-and-up-enabled" title="TLS/SSL Server Supports SSLv2" severity="6" pciSeverity="3" cvssScore="5.8" cvssVector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" published="19960101T000000000" added="20090209T000000000" modified="20131011T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Although the server accepts clients using TLS or SSLv3, it also accepts clients using SSLv2.
         SSLv2 is an older implementation of the Secure Sockets Layer protocol.
         It suffers from a number of security flaws allowing attackers to
         capture and alter information passed between a client and the server,
         including the following weaknesses:</Paragraph>

      
	<UnorderedList>
		<ListItem>No protection from against man-in-the-middle attacks during the handshake.</ListItem>
		<ListItem>Weak MAC construction and MAC relying solely on the MD5 hash function.</ListItem>
		<ListItem>Exportable cipher suites unnecessarily weaken the MACs</ListItem>
		<ListItem>Same cryptographic keys used for message authentication and encryption.</ListItem>
		<ListItem>Vulnerable to truncation attacks by forged TCP FIN packets</ListItem></UnorderedList>

      
	<Paragraph>SSLv2 has been deprecated and is no longer recommended. Note that neither
      SSLv2 nor SSLv3 meet the U.S. FIPS 140-2 standard, which governs cryptographic
      modules for use in federal information systems. Only the newer TLS (Transport
      Layer Security) protocol meets FIPS 140-2 requirements. In addition, the
      presence of an SSLv2-only service on a host is deemed a failure by the PCI
      (Payment Card Industry) Data Security Standard.</Paragraph>

      
	<Paragraph>Note that this vulnerability will be reported when the remote server
      supports SSLv2 regardless of whether TLS or SSLv3 are also supported.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="URL">http://www.eucybervote.org/Reports/MSI-WP2-D7V1-V1.0-02.htm</reference>
<reference source="URL">https://www.pcisecuritystandards.org/pdfs/pcissc_assessors_nl_2008-11.pdf</reference>
</references><tags>
<tag>Network</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>Apache HTTPD</Paragraph>
			<Paragraph>
				<Paragraph>For Apache web servers with mod_ssl, edit the Apache configuration file and change the SSLCipherSuite line to read:</Paragraph>
				<Paragraph preformat="true">SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!SSLv2</Paragraph>
				<Paragraph>The ! (exclamation point) before SSLv2 is what disables this protocol.</Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Windows</Paragraph>
			<Paragraph>
				<Paragraph>Configure the server to require clients to use at least SSLv3 or TLS.</Paragraph>
				<Paragraph>
      For Microsoft Windows before Windows 2003, see 
				<URLLink LinkURL="http://support.microsoft.com/kb/187498" LinkTitle="http://support.microsoft.com/kb/187498" href="http://support.microsoft.com/kb/187498">KB187498</URLLink>.
      For newer versions of Microsoft Windows, see 
				<URLLink LinkURL="http://support.microsoft.com/kb/245030" LinkTitle="http://support.microsoft.com/kb/245030" href="http://support.microsoft.com/kb/245030">KB245030</URLLink>.
    </Paragraph></Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="tcp-seq-num-approximation" title="TCP Sequence Number Approximation Vulnerability" severity="5" pciSeverity="2" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" published="20040421T000000000" added="20100125T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
         TCP, when using a large Window Size, makes it easier for remote
         attackers to guess sequence numbers and cause a denial of service
         (connection loss) to persistent TCP connections by repeatedly
         injecting a TCP RST packet, especially in protocols that use
         long-lived connections, such as BGP.
      </Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">10183</reference>
<reference source="CERT">TA04-111A</reference>
<reference source="CERT-VN">415294</reference>
<reference source="CVE">CVE-2004-0230</reference>
<reference source="MS">MS05-019</reference>
<reference source="MS">MS06-064</reference>
<reference source="NETBSD">NetBSD-SA2004-006</reference>
<reference source="OSVDB">4030</reference>
<reference source="OVAL">OVAL2689</reference>
<reference source="OVAL">OVAL270</reference>
<reference source="OVAL">OVAL3508</reference>
<reference source="OVAL">OVAL4791</reference>
<reference source="OVAL">OVAL5711</reference>
<reference source="SECUNIA">11440</reference>
<reference source="SECUNIA">11458</reference>
<reference source="SECUNIA">22341</reference>
<reference source="SGI">20040403-01-A</reference>
<reference source="URL">ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc</reference>
<reference source="URL">http://tools.ietf.org/html/draft-ietf-tcpm-tcpsecure-12</reference>
<reference source="URL">http://www.uniras.gov.uk/vuls/2004/236929/index.htm</reference>
<reference source="XF">tcp-rst-dos(15886)</reference>
</references><tags>
<tag>Denial of Service</tag>
<tag>Network</tag>
</tags>
<solution>

<ContainerBlockElement>
	<UnorderedList>
		<ListItem>
			<Paragraph>Microsoft Windows Server 2003 &lt; SP1 (x86), Microsoft Windows Server 2003, Standard Edition &lt; SP1 (x86), Microsoft Windows Server 2003, Enterprise Edition &lt; SP1 (x86), Microsoft Windows Server 2003, Datacenter Edition &lt; SP1 (x86), Microsoft Windows Server 2003, Web Edition &lt; SP1 (x86), Microsoft Windows Small Business Server 2003 &lt; SP1 (x86)</Paragraph>
			<Paragraph>Download and apply the patch from: 
			<URLLink LinkURL="http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003-kb893066-v2-x86-enu_ed6adba942906756fec6fea17347ba1a526c594b.exe" LinkTitle="http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003-kb893066-v2-x86-enu_ed6adba942906756fec6fea17347ba1a526c594b.exe"></URLLink></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows 2000 SP4 OR SP3 (x86), Microsoft Windows 2000 Professional SP4 OR SP3 (x86), Microsoft Windows 2000 Server SP4 OR SP3 (x86), Microsoft Windows 2000 Advanced Server SP4 OR SP3 (x86), Microsoft Windows 2000 Datacenter Server SP4 OR SP3 (x86)</Paragraph>
			<Paragraph>Download and apply the patch from: 
			<URLLink LinkURL="http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windows2000-kb893066-v2-x86-enu_a5b95ec14e70e531e784ea83e633d24a0ea83795.exe" LinkTitle="http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windows2000-kb893066-v2-x86-enu_a5b95ec14e70e531e784ea83e633d24a0ea83795.exe"></URLLink></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows XP Professional SP2 OR SP1 (x86), Microsoft Windows XP Home SP2 OR SP1 (x86)</Paragraph>
			<Paragraph>Download and apply the patch from: 
			<URLLink LinkURL="http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsxp-kb893066-v2-x86-enu_3d2029a4300c0b7943b20c1287c8143087045d52.exe" LinkTitle="http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsxp-kb893066-v2-x86-enu_3d2029a4300c0b7943b20c1287c8143087045d52.exe"></URLLink></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows Server 2003 SP1 OR &lt; SP1 (x86), Microsoft Windows Server 2003, Standard Edition SP1 OR &lt; SP1 (x86), Microsoft Windows Server 2003, Enterprise Edition SP1 OR &lt; SP1 (x86), Microsoft Windows Server 2003, Datacenter Edition SP1 OR &lt; SP1 (x86), Microsoft Windows Server 2003, Web Edition SP1 OR &lt; SP1 (x86), Microsoft Windows Small Business Server 2003 SP1 OR &lt; SP1 (x86)</Paragraph>
			<Paragraph>Download and apply the patch from: 
			<URLLink LinkURL="http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003-kb922819-x86-enu_22c5d80f99afb4a79b6245a4b5db1e8c95cb03fa.exe" LinkTitle="http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003-kb922819-x86-enu_22c5d80f99afb4a79b6245a4b5db1e8c95cb03fa.exe"></URLLink></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows Server 2003 SP1 (x86_64), Microsoft Windows Server 2003, Standard Edition SP1 (x86_64), Microsoft Windows Server 2003, Enterprise Edition SP1 (x86_64), Microsoft Windows Server 2003, Datacenter Edition SP1 (x86_64), Microsoft Windows Server 2003, Web Edition SP1 (x86_64), Microsoft Windows Small Business Server 2003 SP1 (x86_64)</Paragraph>
			<Paragraph>Download and apply the patch from: 
			<URLLink LinkURL="http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003.windowsxp-kb922819-x64-enu_4c34629b0664f2d2cd78c0276e4bd6b5e72ede61.exe" LinkTitle="http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003.windowsxp-kb922819-x64-enu_4c34629b0664f2d2cd78c0276e4bd6b5e72ede61.exe"></URLLink></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows XP Professional SP1 OR SP2 (x86), Microsoft Windows XP Home SP1 OR SP2 (x86)</Paragraph>
			<Paragraph>Download and apply the patch from: 
			<URLLink LinkURL="http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsxp-kb922819-x86-enu_e4dceecdd4a72e5ad91cc78fe5f4572f91ee5db0.exe" LinkTitle="http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsxp-kb922819-x86-enu_e4dceecdd4a72e5ad91cc78fe5f4572f91ee5db0.exe"></URLLink></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows Server 2003 SP1 OR &lt; SP1 (ia64), Microsoft Windows Server 2003, Standard Edition SP1 OR &lt; SP1 (ia64), Microsoft Windows Server 2003, Enterprise Edition SP1 OR &lt; SP1 (ia64), Microsoft Windows Server 2003, Datacenter Edition SP1 OR &lt; SP1 (ia64), Microsoft Windows Server 2003, Web Edition SP1 OR &lt; SP1 (ia64), Microsoft Windows Small Business Server 2003 SP1 OR &lt; SP1 (ia64)</Paragraph>
			<Paragraph>Download and apply the patch from: 
			<URLLink LinkURL="http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003-kb922819-ia64-enu_34ecda284c6fc7b6fbbbfd6e2c823525ab9c838a.exe" LinkTitle="http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003-kb922819-ia64-enu_34ecda284c6fc7b6fbbbfd6e2c823525ab9c838a.exe"></URLLink></Paragraph></ListItem>
		<ListItem>
			<Paragraph>Microsoft Windows XP Professional SP1 (x86_64)</Paragraph>
			<Paragraph>Download and apply the patch from: 
			<URLLink LinkURL="http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003.windowsxp-kb922819-x64-enu_4c34629b0664f2d2cd78c0276e4bd6b5e72ede61.exe" LinkTitle="http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003.windowsxp-kb922819-x64-enu_4c34629b0664f2d2cd78c0276e4bd6b5e72ede61.exe"></URLLink></Paragraph></ListItem>
		<ListItem>
			<Paragraph>
				<Paragraph>
        Enable the TCP MD5 signature option as documented in
        
				<URLLink LinkURL="http://www.ietf.org/rfc/rfc2385.txt" LinkTitle="http://www.ietf.org/rfc/rfc2385.txt" href="http://www.ietf.org/rfc/rfc2385.txt">RFC 2385</URLLink>. It was
        designed to reduce the danger from certain security attacks on BGP,
        such as TCP resets.
     </Paragraph></Paragraph></ListItem>
		<ListItem>
			<Paragraph>
      In many situations, target systems are, by themselves, patched or
          otherwise unaffected by this vulnerability.  In certain
          configurations, however, unaffected systems can be made vulnerable if
          the path between an attacker and the target system contains an
          affected and unpatched network device such as a firewall or router
          and that device is responsible for handling TCP connections for the
          target.  In this case, locate and apply remediation steps for network
          devices along the route that are affected.
      </Paragraph></ListItem></UnorderedList></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="telnet-avaya-default-login-diag" title="Undocumented Default Account:  diag" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20041101T000000000" added="20041101T000000000" modified="20120716T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Certain software versions for Avaya switches come with a default account, &#39;diag&#39;, which has read-write access.  This account is completely undocumented and cannot be removed unless the firmware is upgraded.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>Telnet</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="http://support.avaya.com" LinkTitle="http://support.avaya.com"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>Upgrade to firmware v5.3.0 or later, and disable the accounts:
        
        

		<URLLink LinkURL="http://support.avaya.com" LinkTitle="http://support.avaya.com" href="http://support.avaya.com">http://support.avaya.com</URLLink> ( http://support.avaya.com ) </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="telnet-avaya-default-login-manuf" title="Undocumented Default Account:  manuf" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20041101T000000000" added="20041101T000000000" modified="20120716T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>Certain software versions for Avaya switches come with a default account, &#39;manuf&#39;, which has read-write access.  This account is completely undocumented and cannot be removed unless the firmware is upgraded.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>Telnet</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>Download and apply the upgrade from: 
	<URLLink LinkURL="http://support.avaya.com" LinkTitle="http://support.avaya.com"></URLLink></Paragraph>
	<Paragraph>
		<Paragraph>Upgrade to firmware v5.3.0 or later, and disable the accounts:
        
        

		<URLLink LinkURL="http://support.avaya.com" LinkTitle="http://support.avaya.com" href="http://support.avaya.com">http://support.avaya.com</URLLink> ( http://support.avaya.com ) </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="telnet-db2-default-login-db2as" title="Telnet DB2 Default Login: db2as" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="20010216T000000000" added="20041101T000000000" modified="20120716T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>After installing certain versions of IBM&#39;s DB2 server, a system account named &#39;db2as&#39; is automatically created with a default password of &#39;ibmdb2&#39;.  This default password should be changed immediately to prevent database and system exploitation.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">2068</reference>
<reference source="CVE">CVE-2001-0051</reference>
<reference source="URL">http://www.securityfocus.com/archive/1/149222</reference>
<reference source="XF">ibm-db2-gain-access(5662)</reference>
</references><tags>
<tag>Default Account</tag>
<tag>IBM</tag>
<tag>IBM DB2</tag>
<tag>Telnet</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Change the password to a non-default value.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="telnet-db2-default-login-db2fenc1" title="Telnet DB2 Default Login: db2fenc1" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="20010216T000000000" added="20041101T000000000" modified="20120716T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>After installing certain versions of IBM&#39;s DB2 server, a system account named &#39;db2fenc1&#39; is automatically created with a default password of &#39;ibmdb2&#39;.  This default password should be changed immediately to prevent database and system exploitation.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">2068</reference>
<reference source="CVE">CVE-2001-0051</reference>
<reference source="URL">http://www.securityfocus.com/archive/1/149222</reference>
<reference source="XF">ibm-db2-gain-access(5662)</reference>
</references><tags>
<tag>Default Account</tag>
<tag>IBM</tag>
<tag>IBM DB2</tag>
<tag>Telnet</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Change the password to a non-default value.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="telnet-db2-default-login-db2inst1" title="Telnet DB2 Default Login: db2inst1" severity="8" pciSeverity="5" cvssScore="7.5" cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" published="20010216T000000000" added="20041101T000000000" modified="20120716T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>After installing certain versions of IBM&#39;s DB2 server, a system account named &#39;db2inst1&#39; is automatically created with a default password of &#39;ibmdb2&#39;.  This default password should be changed immediately to prevent database and system exploitation.</Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="BID">2068</reference>
<reference source="CVE">CVE-2001-0051</reference>
<reference source="URL">http://www.securityfocus.com/archive/1/149222</reference>
<reference source="XF">ibm-db2-gain-access(5662)</reference>
</references><tags>
<tag>Default Account</tag>
<tag>IBM</tag>
<tag>IBM DB2</tag>
<tag>Telnet</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Change the password to a non-default value.</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="telnet-default-account-admin-password-password" title="Default Telnet password: admin password &quot;password&quot;" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="19700101T000000000" added="20090512T000000000" modified="20120716T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The admin account uses a password of &quot;password&quot;.  This would allow
      anyone to log into the machine via telnet and take complete
      control.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>Telnet</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
          Change the password to a non-default value.
        </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="telnet-default-account-root-password-password" title="Default Telnet password: root password &quot;password&quot;" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20050125T000000000" added="20050125T000000000" modified="20120716T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>The root account uses a password of &quot;password&quot;.  This would allow
      anyone to log into the machine via Telnet and take complete control.</Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>Telnet</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>Use the &quot;passwd&quot; command to set a more secure login password. A good
      password should consist of a mix of lower- and upper-case characters,
      numbers, and punctuation and should be at least 8 characters long.
      You may also want to disable the Telnet service altogether and switch
      to something like SSH.  If you switch to SSH, consider disabling root
      login via SSH, which you can do in OpenSSH by adding the following to
      sshd.conf:</Paragraph>
		<Paragraph preformat="true">PermitRootLogin: no</Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="TELNET-GENERIC-0001" title="TELNET access with no account and password admin" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20041101T000000000" added="20041101T000000000" modified="20120716T000000000">
<description>

<ContainerBlockElement>
    Many systems, such as routers, do not require an account name. This system appears to use the password &quot;admin&quot;. It is best practice to remove default accounts, if possible. For accounts required by the system, the default password should be changed.
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>Telnet</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
      Remove or disable the account if it is not critical for the system to function. Otherwise, the password should be changed to a non-default value.
      </Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="TELNET-GENERIC-0002" title="TELNET access with account admin and password admin" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20041101T000000000" added="20041101T000000000" modified="20120716T000000000">
<description>

<ContainerBlockElement>
    Many systems, such as routers, use an administrative account &quot;admin&quot; with the password &quot;admin&quot;. It is best practice to remove default accounts, if possible. For accounts required by the system, the default password should be changed.
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>Telnet</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
      Remove or disable the account if it is not critical for the system to function. Otherwise, the password should be changed to a non-default value.
      </Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="TELNET-GENERIC-0003" title="TELNET access with no account and password password" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20041101T000000000" added="20041101T000000000" modified="20120716T000000000">
<description>

<ContainerBlockElement>
    Many systems, such as routers, do not require an account name. This system appears to use the password &quot;password&quot;. It is best practice to remove default accounts, if possible. For accounts required by the system, the default password should be changed.
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>Telnet</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
      Remove or disable the account if it is not critical for the system to function. Otherwise, the password should be changed to a non-default value.
      </Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="TELNET-GENERIC-0004" title="TELNET access with root and password root" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20041101T000000000" added="20041101T000000000" modified="20120716T000000000">
<description>

<ContainerBlockElement>
    Many systems, such as Unix systems, have an administrative account with the user ID &quot;root&quot; and password &quot;root&quot;. It is best practice to remove default accounts, if possible. For accounts required by the system, the default password should be changed.      This account often grants full access to the system.
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>Telnet</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
      Remove or disable the account if it is not critical for the system to function. Otherwise, the password should be changed to a non-default value.
      </Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="TELNET-GENERIC-0005" title="TELNET access with root and no password" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="20041101T000000000" added="20041101T000000000" modified="20120716T000000000">
<description>

<ContainerBlockElement>
    Many systems, such as Unix systems, have an administrative account with the user ID &quot;root&quot; and password &quot;&quot;. It is best practice to remove default accounts, if possible. For accounts required by the system, the default password should be changed.      This account often grants full access to the system.
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>Telnet</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
      Remove or disable the account if it is not critical for the system to function. Otherwise, the password should be changed to a non-default value.
      </Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="telnet-netscreen-default-netscreen-netscreen" title="Netscreen device default password: netscreen" severity="10" pciSeverity="5" cvssScore="10.0" cvssVector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" published="19980101T000000000" added="20090212T000000000" modified="20120716T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
      Many Netscreen devices use the default password &quot;netscreen&quot;.
      It is best practice to change the default password on all devices.
    </Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Default Account</tag>
<tag>Telnet</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
          Change the password to a non-default value.
        </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="telnet-open-port" title="Unencrypted Telnet Service Available" severity="3" pciSeverity="3" cvssScore="2.9" cvssVector="(AV:A/AC:M/Au:N/C:P/I:N/A:N)" published="20100101T000000000" added="20100930T000000000" modified="20130703T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
         Telnet is an unencrypted protocol, as such it sends sensitive data 
         (usernames and passwords) in clear text. For this reason, it is a 
         violation of PCI DSS section 2.3 to have telnet enabled, unless a 
         business case can be made for why it is required.
      </Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="URL">https://www.pcisecuritystandards.org/security_standards/download.html?id=pci_dss_v1-2.pdf</reference>
</references><tags>
<tag>Insecure Remote Access</tag>
<tag>Telnet</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
               Disable the telnet service. Replace it with technologies
               such as SSH, VPN, or TLS.
            </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="tls-server-cert-expired" title="X.509 Server Certificate Is Invalid/Expired" severity="7" pciSeverity="4" cvssScore="6.8" cvssVector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" published="19950101T000000000" added="20090716T000000000" modified="20121019T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
         The TLS/SSL server&#39;s X.509 certificate either contains a start date
         in the future or is expired. Please refer to the proof for more details.
     </Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Network</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
        Obtain a new certificate and install it on the server. The exact
        instructions for obtaining a new certificate depend on your
        organization&#39;s requirements. Generally, you will need to generate a
        certificate request and save the request as a file. This file is then
        sent to a Certificate Authority (CA) for processing. Please ensure that
        the start date and the end date on the new certificate are valid.
     </Paragraph>
		<Paragraph>
        Your organization may have its own internal Certificate Authority. If not, you
        may have to pay for a certificate from a trusted external Certificate Authority.
     </Paragraph>
		<Paragraph>
        After you have received a new certificate file from the Certificate
        Authority, you will have to install it on the TLS/SSL server. The
        exact instructions for installing a certificate differ for each product.
        Please follow their documentation.
     </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="tls-server-cert-sig-alg-md5" title="MD5-based Signature in TLS/SSL Server X.509 Certificate" severity="5" pciSeverity="3" cvssScore="5.0" cvssVector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" published="20040817T000000000" added="20090105T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
       Multiple weaknesses exist in the MD5 cryptographic hash function, which make
       it insecure when used to sign X.509 certificates. Namely:
    </Paragraph>
    
	<UnorderedList>
		<ListItem>
          In August 2004, Xiaoyun Wang, Dengguo Feng, Xuejia Lai, and Hongbo Yu
          published the results of a
          
		<URLLink LinkURL="http://eprint.iacr.org/2004/199" LinkTitle="http://eprint.iacr.org/2004/199" href="http://eprint.iacr.org/2004/199">collision attack</URLLink>.
       </ListItem>
		<ListItem>
          In October 2006, Marc Stevens, Arjen K. Lenstra, and Benne de Weger
          produced a
          
		<URLLink LinkURL="http://www.win.tue.nl/hashclash/TargetCollidingCertificates/" LinkTitle="http://www.win.tue.nl/hashclash/TargetCollidingCertificates/" href="http://www.win.tue.nl/hashclash/TargetCollidingCertificates/">pair
             of colliding X.509 certificates for different identities</URLLink>. The
          method used to produce them was later published in the EuroCrypt 2007 Proceedings,
          and described as one practical application of
          
		<URLLink LinkURL="http://www.win.tue.nl/hashclash/ChosenPrefixCollisions/" LinkTitle="http://www.win.tue.nl/hashclash/ChosenPrefixCollisions/" href="http://www.win.tue.nl/hashclash/ChosenPrefixCollisions/">chosen-prefix
             collision attacks</URLLink>.
       </ListItem>
		<ListItem>
          In December 2008, a larger team of security researchers used this attack to create a
          
		<URLLink LinkURL="http://www.win.tue.nl/hashclash/rogue-ca/" LinkTitle="http://www.win.tue.nl/hashclash/rogue-ca/" href="http://www.win.tue.nl/hashclash/rogue-ca/">rogue CA certificate</URLLink>,
          allowing them to impersonate any website on the Internet, including banking and
          e-commerce sites secured using the HTTPS protocol.
       </ListItem></UnorderedList>
  </ContainerBlockElement></description>
<references>
<reference source="BID">33065</reference>
<reference source="CERT-VN">836068</reference>
<reference source="CVE">CVE-2004-2761</reference>
<reference source="REDHAT">RHSA-2010:0837</reference>
<reference source="REDHAT">RHSA-2010:0838</reference>
<reference source="SECUNIA">33826</reference>
<reference source="SECUNIA">34281</reference>
<reference source="SECUNIA">42181</reference>
<reference source="URL">http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx</reference>
<reference source="URL">http://www.microsoft.com/technet/security/advisory/961509.mspx</reference>
</references><tags>
<tag>Network</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
             Stop using signature algorithms relying on MD5, such as &quot;MD5withRSA&quot;,
             when signing X.509 certificates. Instead, use SHA-1, or preferably the
             SHA-2 family (SHA-224, SHA-256, SHA-384, and SHA-512).
          </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="tls-server-cert-to-expire" title="X.509 Server Certificate Will Expire Within 30 Days" severity="1" pciSeverity="1" cvssScore="-0.0" cvssVector="(AV:L/AC:H/Au:N/C:N/I:N/A:N)" published="19950101T000000000" added="20121018T000000000" modified="20121018T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
         The TLS/SSL server&#39;s X.509 certificate will expire within 30 days.
         Please refer to the proof for more details.
     </Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Network</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
        Obtain a new certificate and install it on the server. The exact
        instructions for obtaining a new certificate depend on your
        organization&#39;s requirements. Generally, you will need to generate a
        certificate request and save the request as a file. This file is then
        sent to a Certificate Authority (CA) for processing. Please ensure that
        the start date and the end date on the new certificate are valid.
     </Paragraph>
		<Paragraph>
        Your organization may have its own internal Certificate Authority. If not, you
        may have to pay for a certificate from a trusted external Certificate Authority.
     </Paragraph>
		<Paragraph>
        After you have received a new certificate file from the Certificate
        Authority, you will have to install it on the TLS/SSL server. The
        exact instructions for installing a certificate differ for each product.
        Please follow their documentation.
     </Paragraph></Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="udp-ipid-zero" title="UDP IP ID Zero" severity="1" pciSeverity="1" cvssScore="0.0" cvssVector="(AV:N/AC:L/Au:N/C:N/I:N/A:N)" published="20020812T000000000" added="20110523T000000000" modified="20120712T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
      The remote host responded with a UDP packet whose IP ID was zero.
      Normally the IP ID should be set to a unique value and is used in the
      reconstruction of fragmented packets.  Generally this behavior is only
      seen with systems derived from a Linux kernel, which may allow an
      attacker to fingerprint the target&#39;s operating system.
    </Paragraph>
  </ContainerBlockElement></description>
<references>
</references><tags>
<tag>Network</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
      Many vendors do not consider this to be a vulnerability,
        or a vulnerability worth fixing, so there are no vendor-provided
        solutions aside from putting a firewall or other filtering device
        between the target and hostile attackers that is capable of
        randomizing IP IDs.
      </Paragraph></ContainerBlockElement></solution>
</vulnerability>

<vulnerability id="weak-crypto-key" title="Weak Cryptographic Key" severity="3" pciSeverity="3" cvssScore="3.2" cvssVector="(AV:A/AC:H/Au:N/C:P/I:P/A:N)" published="20050101T000000000" added="20111024T000000000" modified="20130718T000000000">
<description>

<ContainerBlockElement>
    
	<Paragraph>
       The key length used by a cryptographic algorithm determines the highest
       security it can offer. Newly discovered theoretical attacks and hardware
       advances constantly erode this security level over time.  Taking this
       into account, as of 2011, governmental, academic, and private
       organizations providing guidance on cryptographic security, such as
       the 
	<URLLink LinkURL="http://www.nist.gov" LinkTitle="http://www.nist.gov" href="http://www.nist.gov">National Institute of Standards and Technology</URLLink> (NIST),
       the 
	<URLLink LinkURL="http://www.ecrypt.eu.org" LinkTitle="http://www.ecrypt.eu.org" href="http://www.ecrypt.eu.org">European Network of Excellence in Cryptology II</URLLink> (ECRYPT II),
       make the following general recommendations to provide short to medium term
       security against even the most well-funded attackers (eg. intelligence agencies):
    
		<UnorderedList>
			<ListItem>Symmetric key lengths of at least 80-112 bits.</ListItem>
			<ListItem>Elliptic curve key lengths of at least 160-224 bits.</ListItem>
			<ListItem>RSA key lengths of at least 1248-2048 bits.
          In particular, the CA/Browser Forum
          
			<URLLink LinkURL="http://www.cabforum.org/EV_Certificate_Guidelines.pdf" LinkTitle="http://www.cabforum.org/EV_Certificate_Guidelines.pdf" href="http://www.cabforum.org/EV_Certificate_Guidelines.pdf">Extended Validation (EV) Guidelines</URLLink>
          require a minimum key length of 2048 bits.
          Also, current research shows that factoring a 1024-bit RSA modulus
          
			<URLLink LinkURL="http://people.csail.mit.edu/tromer/papers/tromer-phd-dissertation-11pt.pdf" LinkTitle="http://people.csail.mit.edu/tromer/papers/tromer-phd-dissertation-11pt.pdf" href="http://people.csail.mit.edu/tromer/papers/tromer-phd-dissertation-11pt.pdf">is within practical reach.</URLLink>
       </ListItem>
			<ListItem>DSA key lengths of at least 2048 bits.</ListItem></UnorderedList>
   </Paragraph>
     
	<Paragraph>
       Additionally, starting in 2014, the Certificate Authority/Browser Forum has mandated that 1024-bit RSA keys no
       longer be supported for SSL certificates or code signing.
     </Paragraph>
  </ContainerBlockElement></description>
<references>
<reference source="URL">http://www.symantec.com/page.jsp?id=1024-bit-certificate-support</reference>
<reference source="URL">http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf</reference>
<reference source="URL">http://csrc.nist.gov/groups/ST/toolkit/key_management.html</reference>
<reference source="URL">http://www.bundesnetzagentur.de/SharedDocs/Downloads/DE/BNetzA/Sachgebiete/QES/Veroeffentlichungen/Algorithmen/2011_2_AlgoKatpdf.pdf</reference>
<reference source="URL">http://www.ecrypt.eu.org/documents/D.SPA.17.pdf</reference>
<reference source="URL">http://www.keylength.com</reference>
<reference source="URL">http://www.ssi.gouv.fr/IMG/pdf/RGS_B_1.pdf</reference>
</references><tags>
<tag>Network</tag>
<tag>Web</tag>
</tags>
<solution>

<ContainerBlockElement>
	<Paragraph>
		<Paragraph>
           If the weak key is used in an X.509 certificate (for example for an HTTPS server),
           generate a longer key and recreate the certificate.
        </Paragraph></Paragraph>
	<Paragraph>
        Please also refer to 
	<URLLink LinkURL="http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf" LinkTitle="http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf" href="http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf">NIST&#39;s 
        recommendations on cryptographic algorithms and key lengths</URLLink>.
      </Paragraph></ContainerBlockElement></solution>
</vulnerability>
</VulnerabilityDefinitions>
</NexposeReport>