VAPT - Assignment2

TABLE OF CONTENTS
Vulnerabilities by Host
• zn.21stprocessing.com..............................................................................................................................................6
Vulnerabilities by Plugin
• 35450 (1) - DNS Server Spoofed Request Amplification DDoS......................................................................... 70
• 10539 (1) - DNS Server Recursive Query Cache Poisoning Weakness............................................................. 72
• 51192 (1) - SSL Certificate Cannot Be Trusted.................................................................................................... 74
• 121479 (1) - web.config File Information Disclosure..........................................................................................76
• 136929 (1) - JQuery 1.2 < 3.5.0 Multiple XSS.......................................................................................................78
• 11219 (3) - Nessus SYN scanner........................................................................................................................... 80
• 22964 (3) - Service Detection................................................................................................................................ 81
• 10107 (2) - HTTP Server Type and Version..........................................................................................................82
• 11002 (2) - DNS Server Detection.........................................................................................................................83
• 24260 (2) - HyperText Transfer Protocol (HTTP) Information............................................................................84
• 39521 (2) - Backported Security Patch Detection (WWW)................................................................................. 86
• 48204 (2) - Apache HTTP Server Version............................................................................................................. 87
• 57323 (2) - OpenSSL Version Detection............................................................................................................... 89
• 100669 (2) - Web Application Cookies Are Expired............................................................................................ 90
• 122364 (2) - Python Remote HTTP Detection..................................................................................................... 92
• 10287 (1) - Traceroute Information...................................................................................................................... 93
• 10302 (1) - Web Server robots.txt Information Disclosure................................................................................94
• 10386 (1) - Web Server No 404 Error Code Check............................................................................................. 95
• 10863 (1) - SSL Certificate Information................................................................................................................ 96
• 11936 (1) - OS Identification..................................................................................................................................98
• 12053 (1) - Host Fully Qualified Domain Name (FQDN) Resolution................................................................. 99
• 18261 (1) - Apache Banner Linux Distribution Disclosure...............................................................................100
• 19506 (1) - Nessus Scan Information.................................................................................................................101
• 21643 (1) - SSL Cipher Suites Supported...........................................................................................................103
• 25220 (1) - TCP/IP Timestamps Supported....................................................................................................... 105
• 31422 (1) - Reverse NAT/Intercepting Proxy Detection....................................................................................106
• 43111 (1) - HTTP Methods Allowed (per directory).......................................................................................... 108
• 45590 (1) - Common Platform Enumeration (CPE)...........................................................................................110
• 46180 (1) - Additional DNS Hostnames............................................................................................................. 111
• 54615 (1) - Device Type........................................................................................................................................113
• 56984 (1) - SSL / TLS Versions Supported......................................................................................................... 114
• 57041 (1) - SSL Perfect Forward Secrecy Cipher Suites Supported................................................................115
• 84502 (1) - HSTS Missing From HTTPS Server.................................................................................................. 117
• 106658 (1) - JQuery Detection.............................................................................................................................118
• 136318 (1) - TLS Version 1.2 Protocol Detection.............................................................................................. 119
• 156439 (1) - jQuery UI Detection........................................................................................................................ 120
Remediations
• Suggested Remediations......................................................................................................................................123
Exploitable Vulnerabilities Report

• Exploitable Vulnerabilities: Top 25......................................................................................................................125
• Exploitable Vulnerabilities: Hosts by Plugin...................................................................................................... 126
Hosts with Vulnerabilities Report

• Hosts with Vulnerabilities: Top 25 Vulnerabilities by Plugin........................................................................... 128
• Hosts with Vulnerabilities: Hosts by Plugin....................................................................................................... 129
Hosts with Vulnerabilities > 1 Year Old Report

• Hosts with Vulnerabilities > 1 Year Old: Top 25............................................................................................... 131
• Hosts with Vulnerabilities > 1 Year Old: Hosts by Plugin................................................................................ 132
Default/Known Accounts Report

• No Results:............................................................................................................................................................. 134
OS Detections Report
• OS Detections: Counts by Confidence Level..................................................................................................... 136
• OS Detections: Max Severity by OS Family (Confidence > 50)........................................................................ 137
• OS Detections: Details (Confidence > 50)..........................................................................................................138
Unsupported Software Report

• No Results:............................................................................................................................................................. 140
• zn.21stprocessing.com......................................................................................................................................... 142
Overview
• Vulnerability Instances: all and exploitable, by severity.................................................................................. 145
Top 10 Critical Vulnerabilities

• No Results:............................................................................................................................................................. 147
• No Results:............................................................................................................................................................. 148
Top 10 High Vulnerabilities

• No Results:............................................................................................................................................................. 150
• Top 10 High Vulnerabilities: (CVSS v3.0)............................................................................................................ 151
Top 10 Most Prevalent Vulnerabilities

• Top 10 Most Prevalent Vulnerabilities: (VPR).................................................................................................... 153
• Top 10 Most Prevalent Vulnerabilities: (CVSS v3.0).......................................................................................... 154
zn.21stprocessing.com
0 1 4 0 43
CRITICAL HIGH MEDIUM LOW INFO
Scan Information
Start time: Thu Jan 28 15:06:43 2023

End time: Thu Jan 28 15:35:36 2023
Host Information
DNS Name: zn.21stprocessing.com

IP: 24.246.117.13
OS: Linux Kernel 3.10 on CentOS Linux release 7
Vulnerabilities
35450 - DNS Server Spoofed Request Amplification DDoS
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root
zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a
remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party
host using the remote DNS server.
See Also
https://isc.sans.edu/diary/DNS+queries+for+/5713
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
zn.21stprocessing.com 6
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2006-0987
Plugin Information
Published: 2009/01/22, Modified: 2020/08/21
Plugin Output
udp/53/dns
The DNS query was 17 bytes long, the answer is 228 bytes long.
10539 - DNS Server Recursive Query Cache Poisoning Weakness
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if
allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such
as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service
attacks against another network or system.
See Also
http://www.nessus.org/u?c4dcf24a
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN
connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of
your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:

'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
Risk Factor
Medium
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Plugin Output
udp/53/dns
136929 - JQuery 1.2 < 3.5.0 Multiple XSS
Synopsis
The remote web server is affected by multiple cross site scripting vulnerability.
Description
According to the self-reported version in the script, the version of JQuery hosted on the remote web server
is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting
vulnerabilities.
Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios
required for successful exploitation do not exist on devices running a PAN-OS release.
See Also
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://security.paloaltonetworks.com/PAN-SA-2020-0007
Solution
Upgrade to JQuery version 3.5.0 or later.
Risk Factor
Medium
6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.5 (CVSS:3.0/E:P/RL:O/RC:C)
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.4 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2020-11022
CVE CVE-2020-11023
XREF IAVB:2020-B-0030
Plugin Information
Plugin Output
tcp/443/www
URL : https://zn.21stprocessing.com/js/jquery.js
Installed version : 1.12.4
Fixed version : 3.5.0
51192 - SSL Certificate Cannot Be Trusted
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Plugin Output
tcp/443/www
The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : C=US/O=Internet Security Research Group/CN=ISRG Root X1

|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
121479 - web.config File Information Disclosure
Synopsis
The remote web server hosts an application that is affected by an information disclosure vulnerability.
Description
An information disclosure vulnerability exists in the remote web server due to the disclosure of the
web.config file. An unauthenticated, remote attacker can exploit this, via a simple GET request, to disclose
potentially sensitive configuration information.
Solution
Ensure proper restrictions are in place, or remove the web.config file if the file is not required.
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin Information
Plugin Output
tcp/443/www
Nessus was able to exploit the issue using the following request :
GET /web.config HTTP/1.1

Host: zn.21stprocessing.com
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
This produced the following truncated output (limited to 5 lines) :

------------------------------ snip ------------------------------

[...]
------------------------------ snip ------------------------------
46180 - Additional DNS Hostnames
Synopsis
Nessus has detected potential virtual hosts.
Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus
has generated a list of hostnames that point to the remote host. Note that these are only the alternate
hostnames for vhosts discovered on a web server.
Different web servers may be hosted on name-based virtual hosts.
See Also
https://en.wikipedia.org/wiki/Virtual_hosting
Solution
If you want to test them, re-scan using the special vhost syntax, such as :
www.example.com[192.0.32.10]
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
The following hostnames point to the remote host :

- adm.21charles.com
- dev.citymarketwb.com
- dev.myuncleleo.com
- dev.runandgunbaseball.com
- devd.citymarketwb.com
- devul.myuncleleo.com
- post.21stprocessing.com
- xx562yy.informationnetworksinc.com
- winfonet.21stprocessing.com
- ts.21stprocessing.com
- py.preoh.com
- dev.bluewaterhillwestport.com
- dccn.21stprocessing.com
- ctdodgers.21stprocessing.com
- blank.21stprocessing.com
- bd.21charles.com
18261 - Apache Banner Linux Distribution Disclosure
Synopsis
The name of the Linux distribution running on the remote host was found in the banner of the web server.
Description
Nessus was able to extract the banner of the Apache web server and determine which Linux distribution
the remote host is running.
Solution
If you do not wish to display this information, edit 'httpd.conf' and set the directive 'ServerTokens Prod' and
restart Apache.
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
The Linux distribution detected was :

- CentOS 7
48204 - Apache HTTP Server Version
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the
version number from the banner.
See Also
https://httpd.apache.org/
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0530
Plugin Information
Plugin Output
tcp/80/www
URL : http://zn.21stprocessing.com/
Version : 2.4.6
backported : 1
modules : OpenSSL/1.0.2zzzz-fips mod_wsgi/3.4 Python/2.7.5
os : CentOS
48204 - Apache HTTP Server Version
Synopsis
Description
See Also
Solution
n/a
Risk Factor
None
References
Plugin Information
Plugin Output
tcp/443/www
URL : https://zn.21stprocessing.com/
Version : 2.4.6
backported : 1
os : CentOS
39521 - Backported Security Patch Detection (WWW)
Synopsis
Security patches are backported.
Description
Security patches may have been 'backported' to the remote HTTP server without changing its version
number.
Banner-based checks have been disabled to avoid false positives.
Note that this test is informational only and does not denote any security problem.
See Also
https://access.redhat.com/security/updates/backporting/?sc_cid=3093
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
Give Nessus credentials to perform local checks.
39521 - Backported Security Patch Detection (WWW)
Synopsis
Description
number.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
The remote operating system matched the following CPE :
cpe:/o:centos:centos:7 -> CentOS
Following application CPE's matched on the remote system :
cpe:/a:apache:http_server:2.4.6 -> Apache Software Foundation Apache HTTP Server

cpe:/a:jquery:jquery:1.12.4 -> jQuery
cpe:/a:jquery:jquery_ui:1.12.1 -> jQuery UI
cpe:/a:openssl:openssl:1.0.2k-fips -> OpenSSL Project OpenSSL
cpe:/a:python:python:2.7.5 -> Python
11002 - DNS Server Detection
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames
and IP addresses.
See Also
https://en.wikipedia.org/wiki/Domain_Name_System
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available
externally.
Risk Factor
None
Plugin Information
Plugin Output
tcp/53/dns
11002 - DNS Server Detection
Synopsis
Description
and IP addresses.
See Also
Solution
externally.
Risk Factor
None
Plugin Information
Plugin Output
udp/53/dns
54615 - Device Type
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
Remote device type : general-purpose

Confidence level : 95
84502 - HSTS Missing From HTTPS Server
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional
response header that can be configured on the server to instruct the browser to only communicate via
HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens
cookie-hijacking protections.
See Also
https://tools.ietf.org/html/rfc6797
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
The remote HTTPS server does not send the HTTP

"Strict-Transport-Security" header.
43111 - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each
directory.
The following HTTP methods are considered insecure:

PUT, DELETE, CONNECT, TRACE, HEAD
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the
response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access
GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed
unauthorized blind submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web
applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if
it receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any
security vulnerabilities.
See Also
http://www.nessus.org/u?d9c03a9a
http://www.nessus.org/u?b019cbdb
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Based on the response to an OPTIONS request :
- HTTP methods GET HEAD are allowed on :
10107 - HTTP Server Type and Version
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
Plugin Information
Plugin Output
tcp/80/www
The remote web server type is :
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5
10107 - HTTP Server Type and Version
Synopsis
Description
Solution
n/a
Risk Factor
None
References
Plugin Information
Plugin Output
tcp/443/www
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
24.246.117.13 resolves as 18f6600d.cst.lightpath.net.
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-
Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
Response Code : HTTP/1.1 301 Moved Permanently
Protocol version : HTTP/1.1

SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
Date: Thu, 07 Jul 2022 09:54:38 GMT

Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5
X-Frame-Options: SAMEORIGIN
Location: https://zn.21stprocessing.com/
Content-Length: 238
Keep-Alive: timeout=5, max=100
Content-Type: text/html; charset=iso-8859-1
Response Body :
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://zn.21stprocessing.com/">here</a>.</p>
</body></html>
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Response Code : HTTP/1.1 200 OK

SSL : yes
Keep-Alive : yes
Headers :
Date: Thu, 07 Jul 2022 09:54:43 GMT

Cache-Control: no-cache, private
Set-Cookie: XSRF-
TOKEN=eyJpdiI6Ikx3d2t4bWYzbHg2M01xeGtnU1lSNEE9PSIsInZhbHVlIjoidUQzcHBNbWxYUTY5NE1XVEdvK2FcL2RlemtcL3J3SHBtS09KN0Zh
expires=Thu, 07-Jul-2022 11:54:43 GMT; Max-Age=7200; path=/; samesite=lax
Set-Cookie:
laravel_session=eyJpdiI6Ikt0SWhVeXlEajBEcTExVWxMNnZlQkE9PSIsInZhbHVlIjoiS2FpTWN0K0lGZTdaWXNVNjVUQTFHQ1UxQUJGYlhQS
%3D%3D; expires=Thu, 07-Jul-2022 11:54:43 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta charset="UTF-8">
<meta name="keywords" content="Zone Nation Sports - Baseball, Basketball, Soccer, Football,
Cheer, Cornhole, Volleyball ,Sports, Sports Training, Basketball Court, Batting Cages, CT Sports
Teams, CT Baseball, Hittrax, Pitching Tunnel, Birthday Party, Bachelor Party, Graduation Party,
Gym, Sports Conditioning, Travel Baseball, Batting lessons, Hitting lessons, sports camp | sports
clinic">
<meta name="description" content="Zone Nation - Athletic development in CT">
<link rel="icon" type="image/png" href="/favicon.png" />
<title> Run and Gun </title>
<link rel="stylesheet" href="/css/bootstrap.css">
<link rel="stylesheet" href="/css/fonts.css?v= [...]
106658 - JQuery Detection
Synopsis
The web server on the remote host uses JQuery.
Description
Nessus was able to detect JQuery on the remote host.
See Also
https://jquery.com/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Version : 1.12.4
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might
cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the
network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Plugin Output
tcp/53/dns
Port 53/tcp was found to be open
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
19506 - Nessus Scan Information
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.

- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
Information about this scan :
Nessus version : 10.2.0

Nessus build : 20075
Plugin feed version : 202207070547
Scanner edition used : Nessus
Scanner OS : WINDOWS
Scanner distribution : win-x86-64
Scan type : Normal
Scan name : znBasicNetworkScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.1.100
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 292.058 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 30
Max checks : 4
Recv timeout : 5
Backports : Detected
Allow post-scan editing : Yes
Scan Start Date : 2022/7/7 15:06 India Standard Time
Scan duration : 1720 sec
11936 - OS Identification
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
Remote operating system : Linux Kernel 3.10 on CentOS Linux release 7

Method : HTTP
The remote host is running Linux Kernel 3.10 on CentOS Linux release 7
57323 - OpenSSL Version Detection
Synopsis
Nessus was able to detect the OpenSSL version.
Description
Nessus was able to extract the OpenSSL version from the web server's banner. Note that security patches
in many cases are backported and the displayed version number does not show the patch level. Using it to
identify vulnerable software is likely to lead to false detections.
See Also
https://www.openssl.org/
Solution
n/a
Risk Factor
None
References
Plugin Information
Plugin Output
tcp/80/www
Source : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5

Reported version : 1.0.2k
Backported version : 1.0.2zzzz
57323 - OpenSSL Version Detection
Synopsis
Description
See Also
Solution
n/a
Risk Factor
None
References
Plugin Information
Plugin Output
tcp/443/www

122364 - Python Remote HTTP Detection
Synopsis
Python is running on the remote host.
Description
A web server is running Python on the remote host.
Note that the web server may be running on top of Python, or just running an embedded version.
See Also
https://www.python.org/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
Path : /
Version : 2.7.5
Backported : 1
Product : Python
122364 - Python Remote HTTP Detection
Synopsis
Description
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Path : /
Version : 2.7.5
Backported : 1
Product : Python
31422 - Reverse NAT/Intercepting Proxy Detection
Synopsis
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in
the way.
Description
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the
same IP address.
Based on OS fingerprinting results, it seems that different operating systems are listening on different
remote ports.
Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic
shaper.
See Also
https://en.wikipedia.org/wiki/Proxy_server#Intercepting_proxy_server
Solution
Make sure that this setup is authorized by your security policy
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
+ On the following port(s) :

- 443 (24 hops away)
- 80 (24 hops away)
The operating system was identified as :
Linux Kernel 2.6

- 53 (11 hops away)
Linux Kernel 2.2

Linux Kernel 2.4
Linux Kernel 2.6
56984 - SSL / TLS Versions Supported
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
This port supports TLSv1.2.
10863 - SSL Certificate Information
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Subject Name:
Common Name: adm.21charles.com
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 04 B9 D3 33 8A DB 84 7E D8 91 2B D4 54 A0 E8 62 0D 19
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Jul 04 05:36:48 2022 GMT

Not Valid After: Oct 02 05:36:47 2022 GMT
Public Key Info:
Algorithm: RSA Encryption

Key Length: 2048 bits
Public Key: 00 DD 06 91 B7 42 20 1B 52 74 55 BB 29 02 0A 7B 1A 04 40 23
33 8C 8B B4 9F 32 30 C5 76 54 15 BE D1 3E 4B CE 01 E2 CD F4
8F B5 23 DF E3 66 F3 35 47 E2 28 D2 19 3A BC 0F 3A 66 53 E4
29 18 82 B7 31 B7 D0 44 A0 A3 48 62 FE B1 88 42 30 2D 81 EE
9F FC 6A 91 F3 0D 32 6A 69 61 DB 31 C9 E1 13 90 1F DC BC 9A
50 65 92 60 E6 06 44 FC C1 C0 CF 1E DD F9 08 E9 A8 BE 93 13
B7 A3 7B 51 54 F6 77 23 49 8D 8A 36 3E E7 74 26 81 F7 1F C7
1E 63 72 78 0D 9D FE 8E D3 A7 A1 8E 20 F9 29 63 69 26 F1 05
D0 28 BA 63 77 9B BC 1C 09 CC CB FF 3D 39 D9 32 4E D4 EC A8
0A BF 4E E1 39 8F 48 E3 C9 3E 57 EF 1B D9 F4 E4 DF 3D 8C C0
2F FC ED E6 E2 09 12 9E 1B 4C 91 C8 68 54 00 19 55 CD 28 2B
C4 E7 3E DF F1 B5 DF B8 96 E7 B3 80 A6 AD B6 C2 96 DA 57 3C
EA E6 38 4E F7 8C 3E 55 7C A2 6B EE 28 D2 98 D8 E3
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits

Signature: 00 67 74 DB BC F7 CA A9 22 82 1F 9C 7D D4 D9 17 A4 A2 BB 8C
AE 38 75 4C 9B 02 B2 8F B8 87 16 FF FC F7 2E B4 84 9F B4 B4
6B A7 04 C4 07 4A F7 E6 5F 31 A7 EB 49 64 A1 FD 9F 0F D1 9D
E4 87 97 12 38 40 6C 5D 19 67 8F 57 22 DC 62 5F 16 35 F3 A3
A1 88 98 B2 3A FB 92 E2 2D C6 CB 00 13 4A CC 3E F6 0F 17 B8
05 AB 4D 6D 10 FA FC CC 45 7D 5F 4C 73 16 1B 6E B7 47 B2 DB
23 C8 13 38 F8 6A 76 AF 0A 97 60 8B EB EB C4 D7 F5 43 D7 41
FD C4 AB CB 8A 3B 8F 4D BB B9 2A 71 F9 3E 97 33 84 DC 75 05
D9 F6 96 F0 EB 51 8C 07 E6 22 BC CD 57 83 93 48 E7 59 8 [...]
21643 - SSL Cipher Suites Supported
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
http://www.nessus.org/u?3a040ada
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL ciphers supported by the remote server :

Each group is reported per SSL Version.
SSL Version : TLSv12

High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC

---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128)
SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256)
SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128)
SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256)
SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Here is the list of SSL PFS ciphers supported by the remote server :

---------------------- ---------- --- ---- --------------------- ---
SHA256
SHA384
SHA256
SHA384
{Cipher ID code}
Kex={key exchange}
{export flag}
22964 - Service Detection
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends
when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
A web server is running on this port.
22964 - Service Detection
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
A TLSv1.2 server answered on this port.
tcp/443/www
A web server is running on this port through TLSv1.2.
25220 - TCP/IP Timestamps Supported
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/0
136318 - TLS Version 1.2 Protocol Detection
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
TLSv1.2 is enabled and the server supports at least one cipher.
10287 - Traceroute Information
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
udp/0
For your information, here is the traceroute from 192.168.1.100 to 24.246.117.13 :

192.168.1.100
192.168.1.1
192.168.0.1
103.105.226.6
103.105.226.5
103.42.72.58
125.18.67.25
116.119.42.208
?
63.223.35.106
63.223.35.106
65.19.102.201
64.15.0.199
64.15.10.50
64.15.3.153
?
69.74.114.28
69.74.114.29
24.246.117.13
Hop Count: 18
100669 - Web Application Cookies Are Expired
Synopsis
HTTP cookies have an 'Expires' attribute that is set with a past date or time.
Description
The remote web application sets various cookies throughout a user's unauthenticated and authenticated
session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is
set with a past date or time, meaning that these cookies will be removed by the browser.
See Also
Solution
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a
security decision.
If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie
attribute altogether to convert the cookie to a session cookie.
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
The following cookies are expired :
Name : laravel_session
Path : /
Value :
eyJpdiI6ImdXOHlzbWs5d2FVUVwvbWhqNytKRDR3PT0iLCJ2YWx1ZSI6IllLZkhjY3gwd0VTVzh6YkJFcG5aMytcL2ZYSjRKVTBPQklQSlFjUXE1T
Domain :
Version : 1
Expires : Thu, 07-Jul-2022 11:44:55 GMT
Comment :
Secure : 0
Httponly : 1
Port :
Name : XSRF-TOKEN
Path : /
Value :
eyJpdiI6Iis5VGRyUnA5aWlnOFl5dzFUZUVEdHc9PSIsInZhbHVlIjoiS2ZSWEdQaWhjNjA0QmU0V1wvczhlWFJUWW4zRDZRRHNLQzZram9rR3VTK
Domain :
Version : 1
Comment :
Secure : 0
Httponly : 0
Port :
100669 - Web Application Cookies Are Expired
Synopsis
Description
See Also
Solution
security decision.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Path : /
Value :
Domain :
Version : 1
Comment :
Secure : 0
Httponly : 1
Port :
Name : XSRF-TOKEN
Path : /
Value :
Domain :
Version : 1
Comment :
Secure : 0
Httponly : 0
Port :
10386 - Web Server No 404 Error Code Check
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a
nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great
number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/80/www
CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 301
rather than 404. The requested URL was :
http://zn.21stprocessing.com/WM_bVRpOERQ0.html
10302 - Web Server robots.txt Information Disclosure
Synopsis
The remote web server contains a 'robots.txt' file.
Description
The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting
certain directories in a website for maintenance or indexing purposes. A malicious user may also be able
to use the contents of this file to learn of sensitive documents or directories on the affected site and either
retrieve them directly or target them for other attacks.
See Also
http://www.robotstxt.org/orig.html
Solution
Review the contents of the site's robots.txt file, use Robots META tags instead of entries in the robots.txt
file, and/or adjust the web server's access controls to limit access to sensitive material.
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
Contents of robots.txt :
User-agent: *
Disallow:
156439 - jQuery UI Detection
Synopsis
The web server on the remote host uses jQuery UI.
Description
See Also
https://releases.jquery.com/ui/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
tcp/443/www
URL : https://zn.21stprocessing.com/js/jquery-ui.js
Version : 1.12.1
Vulnerabilities by Plugin
35450 (1) - DNS Server Spoofed Request Amplification DDoS
Synopsis
The remote DNS server could be used in a distributed denial of service attack.
Description
The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root
zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a
remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party
host using the remote DNS server.
See Also
https://isc.sans.edu/diary/DNS+queries+for+/5713
Solution
Restrict access to your DNS server from public network or reconfigure it to reject such queries.
Risk Factor
Medium
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
References
CVE CVE-2006-0987
Plugin Information
Plugin Output
zn.21stprocessing.com (udp/53/dns)
35450 (1) - DNS Server Spoofed Request Amplification DDoS 70

The DNS query was 17 bytes long, the answer is 228 bytes long.
35450 (1) - DNS Server Spoofed Request Amplification DDoS 71

10539 (1) - DNS Server Recursive Query Cache Poisoning Weakness
Synopsis
The remote name server allows recursive queries to be performed by the host running nessusd.
Description
It is possible to query the remote name server for third-party names.
If this is your internal nameserver, then the attack vector may be limited to employees or guest access if
allowed.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names (such
as www.nessus.org).
This allows attackers to perform cache poisoning attacks against this nameserver.
If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service
attacks against another network or system.
See Also
http://www.nessus.org/u?c4dcf24a
Solution
Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN
connected to it).
If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of
your named.conf.
If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command.
Then, within the options block, you can explicitly state:

'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
Risk Factor
Medium
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
10539 (1) - DNS Server Recursive Query Cache Poisoning Weakness 72

References
BID 136
BID 678
CVE CVE-1999-0024
XREF CERT-CC:CA-1997-22
Plugin Information
Plugin Output
10539 (1) - DNS Server Recursive Query Cache Poisoning Weakness 73

51192 (1) - SSL Certificate Cannot Be Trusted
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which
the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public
certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are missing that would connect the top of the certificate chain
to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can
occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users
to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-
middle attacks against the remote host.
See Also
https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
51192 (1) - SSL Certificate Cannot Be Trusted 74

Plugin Information
Plugin Output
zn.21stprocessing.com (tcp/443/www)
The following certificate was at the top of the certificate

chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : C=US/O=Internet Security Research Group/CN=ISRG Root X1

|-Issuer : O=Digital Signature Trust Co./CN=DST Root CA X3
51192 (1) - SSL Certificate Cannot Be Trusted 75

121479 (1) - web.config File Information Disclosure
Synopsis
The remote web server hosts an application that is affected by an information disclosure vulnerability.
Description
An information disclosure vulnerability exists in the remote web server due to the disclosure of the
web.config file. An unauthenticated, remote attacker can exploit this, via a simple GET request, to disclose
potentially sensitive configuration information.
Solution
Ensure proper restrictions are in place, or remove the web.config file if the file is not required.
Risk Factor
Medium
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin Information
Plugin Output
Nessus was able to exploit the issue using the following request :
GET /web.config HTTP/1.1

Host: zn.21stprocessing.com
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
This produced the following truncated output (limited to 5 lines) :

------------------------------ snip ------------------------------

[...]
------------------------------ snip ------------------------------
121479 (1) - web.config File Information Disclosure 77

136929 (1) - JQuery 1.2 < 3.5.0 Multiple XSS
Synopsis
The remote web server is affected by multiple cross site scripting vulnerability.
Description
According to the self-reported version in the script, the version of JQuery hosted on the remote web server
is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting
vulnerabilities.
Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios
required for successful exploitation do not exist on devices running a PAN-OS release.
See Also
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://security.paloaltonetworks.com/PAN-SA-2020-0007
Solution
Upgrade to JQuery version 3.5.0 or later.
Risk Factor
Medium
6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.5 (CVSS:3.0/E:P/RL:O/RC:C)
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.4 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
II
136929 (1) - JQuery 1.2 < 3.5.0 Multiple XSS 78

References
CVE CVE-2020-11022
CVE CVE-2020-11023
XREF IAVB:2020-B-0030
Plugin Information
Plugin Output
Installed version : 1.12.4
Fixed version : 3.5.0
136929 (1) - JQuery 1.2 < 3.5.0 Multiple XSS 79

11219 (3) - Nessus SYN scanner
Synopsis
Description
network is loaded.
Solution
Risk Factor
None
Plugin Information
Plugin Output
zn.21stprocessing.com (tcp/53/dns)
11219 (3) - Nessus SYN scanner 80

22964 (3) - Service Detection
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
A web server is running on this port.
A TLSv1.2 server answered on this port.
A web server is running on this port through TLSv1.2.
22964 (3) - Service Detection 81

10107 (2) - HTTP Server Type and Version
Synopsis
Description
Solution
n/a
Risk Factor
None
References
Plugin Information
Plugin Output
10107 (2) - HTTP Server Type and Version 82

11002 (2) - DNS Server Detection
Synopsis
Description
and IP addresses.
See Also
Solution
externally.
Risk Factor
None
Plugin Information
Plugin Output
zn.21stprocessing.com (tcp/53/dns)
11002 (2) - DNS Server Detection 83

24260 (2) - HyperText Transfer Protocol (HTTP) Information
Synopsis
Description
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
Response Code : HTTP/1.1 301 Moved Permanently

SSL : no
Keep-Alive : yes
Headers :
Date: Thu, 07 Jul 2022 09:54:38 GMT

Location: https://zn.21stprocessing.com/
Content-Length: 238
Content-Type: text/html; charset=iso-8859-1
Response Body :
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://zn.21stprocessing.com/">here</a>.</p>
24260 (2) - HyperText Transfer Protocol (HTTP) Information 84

</body></html>
Response Code : HTTP/1.1 200 OK

SSL : yes
Keep-Alive : yes
Headers :
Date: Thu, 07 Jul 2022 09:54:43 GMT

Cache-Control: no-cache, private
Set-Cookie: XSRF-
TOKEN=eyJpdiI6Ikx3d2t4bWYzbHg2M01xeGtnU1lSNEE9PSIsInZhbHVlIjoidUQzcHBNbWxYUTY5NE1XVEdvK2FcL2RlemtcL3J3SHBtS09KN0Zh
expires=Thu, 07-Jul-2022 11:54:43 GMT; Max-Age=7200; path=/; samesite=lax
Set-Cookie:
laravel_session=eyJpdiI6Ikt0SWhVeXlEajBEcTExVWxMNnZlQkE9PSIsInZhbHVlIjoiS2FpTWN0K0lGZTdaWXNVNjVUQTFHQ1UxQUJGYlhQS
%3D%3D; expires=Thu, 07-Jul-2022 11:54:43 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Response Body :
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta charset="UTF-8">
<meta name="keywords" content="Zone Nation Sports - Baseball, Basketball, Soccer, Football,
Cheer, Cornhole, Volleyball ,Sports, Sports Training, Basketball Court, Batting Cages, CT Sports
Teams, CT Baseball, Hittrax, Pitching Tunnel, Birthday Party, Bachelor Party, Graduation Party,
Gym, Sports Conditioning, Travel Baseball, Batting lessons, Hitting lessons, sports camp | sports
clinic">
<meta name="description" content="Zone Nation - Athletic development in CT">
<link rel="icon" type="image/png" href="/favicon.png" />
<title> Run and Gun </title>
<link rel="stylesheet" href="/css/bootstrap.css">
<link rel="stylesheet" href="/css/fonts.css?v= [...]
24260 (2) - HyperText Transfer Protocol (HTTP) Information 85

39521 (2) - Backported Security Patch Detection (WWW)
Synopsis
Description
number.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
39521 (2) - Backported Security Patch Detection (WWW) 86

48204 (2) - Apache HTTP Server Version
Synopsis
Description
See Also
Solution
n/a
Risk Factor
None
References
Plugin Information
Plugin Output
URL : http://zn.21stprocessing.com/
Version : 2.4.6
backported : 1
os : CentOS
URL : https://zn.21stprocessing.com/
Version : 2.4.6
backported : 1
48204 (2) - Apache HTTP Server Version 87

os : CentOS
48204 (2) - Apache HTTP Server Version 88

57323 (2) - OpenSSL Version Detection
Synopsis
Description
See Also
Solution
n/a
Risk Factor
None
References
Plugin Information
Plugin Output


57323 (2) - OpenSSL Version Detection 89

100669 (2) - Web Application Cookies Are Expired
Synopsis
Description
See Also
Solution
security decision.
Risk Factor
None
Plugin Information
Plugin Output
Path : /
Value :
Domain :
Version : 1
Comment :
Secure : 0
Httponly : 1
Port :
Name : XSRF-TOKEN
100669 (2) - Web Application Cookies Are Expired 90

Path : /
Value :
Domain :
Version : 1
Comment :
Secure : 0
Httponly : 0
Port :
Path : /
Value :
Domain :
Version : 1
Comment :
Secure : 0
Httponly : 1
Port :
Name : XSRF-TOKEN
Path : /
Value :
Domain :
Version : 1
Comment :
Secure : 0
Httponly : 0
Port :
100669 (2) - Web Application Cookies Are Expired 91

122364 (2) - Python Remote HTTP Detection
Synopsis
Description
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
Path : /
Version : 2.7.5
Backported : 1
Product : Python
Path : /
Version : 2.7.5
Backported : 1
Product : Python
122364 (2) - Python Remote HTTP Detection 92

10287 (1) - Traceroute Information
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
zn.21stprocessing.com (udp/0)
For your information, here is the traceroute from 192.168.1.100 to 24.246.117.13 :

192.168.1.100
192.168.1.1
192.168.0.1
103.105.226.6
103.105.226.5
103.42.72.58
125.18.67.25
116.119.42.208
?
63.223.35.106
63.223.35.106
65.19.102.201
64.15.0.199
64.15.10.50
64.15.3.153
?
69.74.114.28
69.74.114.29
24.246.117.13
Hop Count: 18
10287 (1) - Traceroute Information 93

10302 (1) - Web Server robots.txt Information Disclosure
Synopsis
The remote web server contains a 'robots.txt' file.
Description
The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting
certain directories in a website for maintenance or indexing purposes. A malicious user may also be able
to use the contents of this file to learn of sensitive documents or directories on the affected site and either
retrieve them directly or target them for other attacks.
See Also
http://www.robotstxt.org/orig.html
Solution
Review the contents of the site's robots.txt file, use Robots META tags instead of entries in the robots.txt
file, and/or adjust the web server's access controls to limit access to sensitive material.
Risk Factor
None
Plugin Information
Plugin Output
Contents of robots.txt :
User-agent: *
Disallow:
10302 (1) - Web Server robots.txt Information Disclosure 94

10386 (1) - Web Server No 404 Error Code Check
Synopsis
The remote web server does not return 404 error codes.
Description
The remote web server is configured such that it does not return '404 Not Found' error codes when a
nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.
Nessus has enabled some counter measures for this. However, they might be insufficient. If a great
number of security holes are produced for this port, they might not all be accurate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 301
rather than 404. The requested URL was :
http://zn.21stprocessing.com/WM_bVRpOERQ0.html
10386 (1) - Web Server No 404 Error Code Check 95

10863 (1) - SSL Certificate Information
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
Subject Name:
Common Name: adm.21charles.com
Issuer Name:
Country: US
Organization: Let's Encrypt
Common Name: R3
Serial Number: 04 B9 D3 33 8A DB 84 7E D8 91 2B D4 54 A0 E8 62 0D 19
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Jul 04 05:36:48 2022 GMT

Not Valid After: Oct 02 05:36:47 2022 GMT
Public Key Info:
Algorithm: RSA Encryption

Key Length: 2048 bits
Public Key: 00 DD 06 91 B7 42 20 1B 52 74 55 BB 29 02 0A 7B 1A 04 40 23
33 8C 8B B4 9F 32 30 C5 76 54 15 BE D1 3E 4B CE 01 E2 CD F4
8F B5 23 DF E3 66 F3 35 47 E2 28 D2 19 3A BC 0F 3A 66 53 E4
29 18 82 B7 31 B7 D0 44 A0 A3 48 62 FE B1 88 42 30 2D 81 EE
9F FC 6A 91 F3 0D 32 6A 69 61 DB 31 C9 E1 13 90 1F DC BC 9A
50 65 92 60 E6 06 44 FC C1 C0 CF 1E DD F9 08 E9 A8 BE 93 13
B7 A3 7B 51 54 F6 77 23 49 8D 8A 36 3E E7 74 26 81 F7 1F C7
1E 63 72 78 0D 9D FE 8E D3 A7 A1 8E 20 F9 29 63 69 26 F1 05
10863 (1) - SSL Certificate Information 96

D0 28 BA 63 77 9B BC 1C 09 CC CB FF 3D 39 D9 32 4E D4 EC A8
0A BF 4E E1 39 8F 48 E3 C9 3E 57 EF 1B D9 F4 E4 DF 3D 8C C0
2F FC ED E6 E2 09 12 9E 1B 4C 91 C8 68 54 00 19 55 CD 28 2B
C4 E7 3E DF F1 B5 DF B8 96 E7 B3 80 A6 AD B6 C2 96 DA 57 3C
EA E6 38 4E F7 8C 3E 55 7C A2 6B EE 28 D2 98 D8 E3
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits

Signature: 00 67 74 DB BC F7 CA A9 22 82 1F 9C 7D D4 D9 17 A4 A2 BB 8C
AE 38 75 4C 9B 02 B2 8F B8 87 16 FF FC F7 2E B4 84 9F B4 B4
6B A7 04 C4 07 4A F7 E6 5F 31 A7 EB 49 64 A1 FD 9F 0F D1 9D
E4 87 97 12 38 40 6C 5D 19 67 8F 57 22 DC 62 5F 16 35 F3 A3
A1 88 98 B2 3A FB 92 E2 2D C6 CB 00 13 4A CC 3E F6 0F 17 B8
05 AB 4D 6D 10 FA FC CC 45 7D 5F 4C 73 16 1B 6E B7 47 B2 DB
23 C8 13 38 F8 6A 76 AF 0A 97 60 8B EB EB C4 D7 F5 43 D7 41
FD C4 AB CB 8A 3B 8F 4D BB B9 2A 71 F9 3E 97 33 84 DC 75 05
D9 F6 96 F0 EB 51 8C 07 E6 22 BC CD 57 83 93 48 E7 59 8 [...]
10863 (1) - SSL Certificate Information 97

11936 (1) - OS Identification
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess
the name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
zn.21stprocessing.com (tcp/0)
Remote operating system : Linux Kernel 3.10 on CentOS Linux release 7

Method : HTTP
The remote host is running Linux Kernel 3.10 on CentOS Linux release 7
11936 (1) - OS Identification 98

12053 (1) - Host Fully Qualified Domain Name (FQDN) Resolution
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
24.246.117.13 resolves as 18f6600d.cst.lightpath.net.
12053 (1) - Host Fully Qualified Domain Name (FQDN) Resolution 99

18261 (1) - Apache Banner Linux Distribution Disclosure
Synopsis
The name of the Linux distribution running on the remote host was found in the banner of the web server.
Description
Nessus was able to extract the banner of the Apache web server and determine which Linux distribution
the remote host is running.
Solution
If you do not wish to display this information, edit 'httpd.conf' and set the directive 'ServerTokens Prod' and
restart Apache.
Risk Factor
None
Plugin Information
Plugin Output
The Linux distribution detected was :

- CentOS 7
18261 (1) - Apache Banner Linux Distribution Disclosure 100

19506 (1) - Nessus Scan Information
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.

- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
Information about this scan :
Nessus version : 10.2.0

Nessus build : 20075
Plugin feed version : 202207070547
Scanner edition used : Nessus
Scanner OS : WINDOWS
Scanner distribution : win-x86-64
Scan type : Normal
19506 (1) - Nessus Scan Information 101

Scan name : znBasicNetworkScan
Scan policy used : Basic Network Scan
Scanner IP : 192.168.1.100
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 292.058 ms
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin launched)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 30
Max checks : 4
Recv timeout : 5
Backports : Detected
Allow post-scan editing : Yes
Scan Start Date : 2022/7/7 15:06 India Standard Time
Scan duration : 1720 sec
19506 (1) - Nessus Scan Information 102

21643 (1) - SSL Cipher Suites Supported
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
http://www.nessus.org/u?3a040ada
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
Here is the list of SSL ciphers supported by the remote server :

Each group is reported per SSL Version.
SSL Version : TLSv12


---------------------- ---------- --- ---- --------------------- ---
SHA256
SHA384
SHA256
SHA384
{Cipher ID code}
Kex={key exchange}
21643 (1) - SSL Cipher Suites Supported 103

{export flag}
21643 (1) - SSL Cipher Suites Supported 104

25220 (1) - TCP/IP Timestamps Supported
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that
the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
25220 (1) - TCP/IP Timestamps Supported 105

31422 (1) - Reverse NAT/Intercepting Proxy Detection
Synopsis
The remote IP address seems to connect to different hosts via reverse NAT, or an intercepting proxy is in
the way.
Description
Reverse NAT is a technology which lets multiple computers offer public services on different ports via the
same IP address.
Based on OS fingerprinting results, it seems that different operating systems are listening on different
remote ports.
Note that this behavior may also indicate the presence of a intercepting proxy, a load balancer or a traffic
shaper.
See Also
https://en.wikipedia.org/wiki/Proxy_server#Intercepting_proxy_server
Solution
Make sure that this setup is authorized by your security policy
Risk Factor
None
Plugin Information
Plugin Output

- 443 (24 hops away)
- 80 (24 hops away)
Linux Kernel 2.6

- 53 (11 hops away)
Linux Kernel 2.2

Linux Kernel 2.4
31422 (1) - Reverse NAT/Intercepting Proxy Detection 106

Linux Kernel 2.6
31422 (1) - Reverse NAT/Intercepting Proxy Detection 107

43111 (1) - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each
directory.
The following HTTP methods are considered insecure:

PUT, DELETE, CONNECT, TRACE, HEAD
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the
response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access
GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed
unauthorized blind submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web
applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if
it receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any
security vulnerabilities.
See Also
http://www.nessus.org/u?d9c03a9a
http://www.nessus.org/u?b019cbdb
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
43111 (1) - HTTP Methods Allowed (per directory) 108

Based on the response to an OPTIONS request :
- HTTP methods GET HEAD are allowed on :
43111 (1) - HTTP Methods Allowed (per directory) 109

45590 (1) - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE
based on the information available from the scan.
See Also
http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
The remote operating system matched the following CPE :
cpe:/o:centos:centos:7 -> CentOS
Following application CPE's matched on the remote system :
cpe:/a:apache:http_server:2.4.6 -> Apache Software Foundation Apache HTTP Server

cpe:/a:jquery:jquery:1.12.4 -> jQuery
cpe:/a:jquery:jquery_ui:1.12.1 -> jQuery UI
cpe:/a:openssl:openssl:1.0.2k-fips -> OpenSSL Project OpenSSL
cpe:/a:python:python:2.7.5 -> Python
45590 (1) - Common Platform Enumeration (CPE) 110

46180 (1) - Additional DNS Hostnames
Synopsis
Nessus has detected potential virtual hosts.
Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus
has generated a list of hostnames that point to the remote host. Note that these are only the alternate
hostnames for vhosts discovered on a web server.
Different web servers may be hosted on name-based virtual hosts.
See Also
https://en.wikipedia.org/wiki/Virtual_hosting
Solution
If you want to test them, re-scan using the special vhost syntax, such as :
www.example.com[192.0.32.10]
Risk Factor
None
Plugin Information
Plugin Output
The following hostnames point to the remote host :

- adm.21charles.com
- dev.citymarketwb.com
- dev.myuncleleo.com
- dev.runandgunbaseball.com
- devd.citymarketwb.com
- devul.myuncleleo.com
- post.21stprocessing.com
- xx562yy.informationnetworksinc.com
- winfonet.21stprocessing.com
- ts.21stprocessing.com
- py.preoh.com
- dev.bluewaterhillwestport.com
- dccn.21stprocessing.com
- ctdodgers.21stprocessing.com
- blank.21stprocessing.com
46180 (1) - Additional DNS Hostnames 111

- bd.21charles.com
46180 (1) - Additional DNS Hostnames 112

54615 (1) - Device Type
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
Remote device type : general-purpose

54615 (1) - Device Type 113

56984 (1) - SSL / TLS Versions Supported
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
This port supports TLSv1.2.
56984 (1) - SSL / TLS Versions Supported 114

57041 (1) - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality
even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These
cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is
compromised.
See Also
https://www.openssl.org/docs/manmaster/man1/ciphers.html
https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
Here is the list of SSL PFS ciphers supported by the remote server :

---------------------- ---------- --- ---- --------------------- ---
SHA256
SHA384
SHA256
SHA384
57041 (1) - SSL Perfect Forward Secrecy Cipher Suites Supported 115
{Cipher ID code}
Kex={key exchange}
{export flag}
57041 (1) - SSL Perfect Forward Secrecy Cipher Suites Supported 116
84502 (1) - HSTS Missing From HTTPS Server
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional
response header that can be configured on the server to instruct the browser to only communicate via
HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens
cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Plugin Output
The remote HTTPS server does not send the HTTP

"Strict-Transport-Security" header.
84502 (1) - HSTS Missing From HTTPS Server 117

106658 (1) - JQuery Detection
Synopsis
The web server on the remote host uses JQuery.
Description
Nessus was able to detect JQuery on the remote host.
See Also
https://jquery.com/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
Version : 1.12.4
106658 (1) - JQuery Detection 118

136318 (1) - TLS Version 1.2 Protocol Detection
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Plugin Output
TLSv1.2 is enabled and the server supports at least one cipher.
136318 (1) - TLS Version 1.2 Protocol Detection 119

156439 (1) - jQuery UI Detection
Synopsis
Description
See Also
https://releases.jquery.com/ui/
Solution
n/a
Risk Factor
None
Plugin Information
Plugin Output
URL : https://zn.21stprocessing.com/js/jquery-ui.js
Version : 1.12.1
156439 (1) - jQuery UI Detection 120

Remediations
Suggested Remediations
Suggested Remediations 123

Exploitable Vulnerabilities Report
Exploitable vulnerabilities create gaps in the network's integrity, which
attackers can take advantage of to gain access to the network. Once inside
the network, an attacker can perform malicious attacks, steal sensitive data,
and cause significant damage to critical systems. This report provides a
summary of the most prevalent exploitable vulnerabilities.
Exploitable Vulnerabilities: Top 25
The Exploitable Vulnerabilities: Top 25 table uses the plugin attribute "exploit_available"
to identify software that has working exploits in the wild. The data is then sorted using
the count, which is a representation of the affected hosts. While some plugins may be
present more than one time on a single host, for the most part a plugin will only be
present once on each host. This list of vulnerabilities exposes the organization to many
different attach frameworks and script kiddie attacks. These vulnerabilities should be
prioritized and the software removed or updated to a supported version as soon as
possible.
Severity Plugin Plugin Name Count
(CVSS v3.0) ID
1
MEDIUM 136929 JQuery 1.2 < 3.5.0 Multiple XSS
Exploitable Vulnerabilities: Top 25 125

Exploitable Vulnerabilities: Hosts by Plugin
The Exploitable Vulnerabilities: Hosts by Plugin table provides the IT operations team
with an action plan and the identified hosts for each vulnerability. IT managers are
able to use this information in planning patch deployments and in working with the
information security team in risk mitigation efforts. The table also uses the plugin
attribute "exploit_available" to identify exploitable software and then sorts the scan
results using severity, then plugin ID. The entries in the "Hosts" column are then sorted
in ascending order.
Severity Plugin Plugin Name Hosts
(CVSS v3.0) ID
MEDIUM 136929 JQuery 1.2 < 3.5.0 Multiple
XSS
Exploitable Vulnerabilities: Hosts by Plugin 126

Hosts with Vulnerabilities Report
Any vulnerabilities create gaps in the network's integrity, which attackers can
take advantage of to gain access to the network. Once inside the network,
an attacker can perform malicious attacks, steal sensitive data, and cause
significant damage to critical systems. This report provides a summary of
the most prevalent vulnerabilities.
Hosts with Vulnerabilities: Top 25 Vulnerabilities by Plugin
The Hosts with Vulnerabilities: Top 25 table organizes the most prevalent vulnerabilities
detected. The data is sorted using the count, which is a representation of the affected
hosts. While some plugins may be present more than one time on a single host, for
the most part a plugin will only be present once on each host. This list of vulnerabilities
exposes the organization to many different attack frameworks and script kiddie attacks.
These vulnerabilities should be prioritized and the software removed or updated to a
supported version as soon as possible.
(CVSS v3.0) ID
1
HIGH 35450 DNS Server Spoofed Request Amplification DDoS
1
MEDIUM 10539 DNS Server Recursive Query Cache Poisoning Weakness
1
MEDIUM 51192 SSL Certificate Cannot Be Trusted
1
MEDIUM 121479 web.config File Information Disclosure
1
Hosts with Vulnerabilities: Top 25 Vulnerabilities by Plugin 128

Hosts with Vulnerabilities: Hosts by Plugin
The Hosts with Vulnerabilities: Hosts by Plugin table provides the IT operations team
with an action plan and the identified hosts for each vulnerability. IT managers are
able to use this information in planning patch deployments and in working with the
information security team in risk mitigation efforts. The table provides all detected
vulnerabilities and sorts the scan results using severity, then plugin ID. The entries in
the "Hosts" column are then sorted in ascending order.
(CVSS v3.0) ID
HIGH 35450 DNS Server Spoofed Request
Amplification DDoS
MEDIUM 10539 DNS Server Recursive Query
Cache Poisoning Weakness
MEDIUM 51192 SSL Certificate Cannot Be
Trusted
MEDIUM 121479 web.config File Information
Disclosure
XSS
Hosts with Vulnerabilities: Hosts by Plugin 129

Hosts with Vulnerabilities > 1 Year Old Report
Any vulnerabilities create gaps in the network's integrity, which attackers can
take advantage of to gain access to the network. Once inside the network,
an attacker can perform malicious attacks, steal sensitive data, and cause
significant damage to critical systems. The longer a vulnerability exists, the
more likely it can be easily compromised. This report provides a summary of
the most prevalent vulnerabilities published more than a year ago. Note, the
data shown in these tables is based on "vulnerability publication date", not
to be confused with the "plugin publication date". Both of these dates can
be seen when the plugin details link is accessed.
Hosts with Vulnerabilities > 1 Year Old: Top 25
Hosts with Vulnerabilities > 1 Year Old: Top 25 table organizes the most prevalent
vulnerabilities detected. The data is sorted using the count, which is a representation of
the affected hosts. While some plugins may be present more than one time on a single
host, for the most part a plugin will only be present once on each host. This list of
vulnerabilities exposes the organization to many different attack frameworks and script
kiddie attacks. The longer a vulnerability has existed, the more people become aware of
it, and can result in more script kiddie attacks. These vulnerabilities should be prioritized
and the software removed or updated to a supported version as soon as possible.
(CVSS v3.0) ID
1
HIGH 35450 DNS Server Spoofed Request Amplification DDoS
1
MEDIUM 10539 DNS Server Recursive Query Cache Poisoning Weakness
1
Hosts with Vulnerabilities > 1 Year Old: Top 25 131

Hosts with Vulnerabilities > 1 Year Old: Hosts by Plugin
Hosts with Vulnerabilities > 1 Year Old: Hosts by Plugin table provides the IT operations
team with an action plan and the identified hosts for each vulnerability. IT managers
are able to use this information in planning patch deployments and in working with
the information security team in risk mitigation efforts. The table provides all detected
vulnerabilities and sorts the scan results using severity, then plugin ID. The entries in
the "Hosts" column are then sorted in ascending order.
(CVSS v3.0) ID
HIGH 35450 DNS Server Spoofed Request
Amplification DDoS
MEDIUM 10539 DNS Server Recursive Query
XSS
Hosts with Vulnerabilities > 1 Year Old: Hosts by Plugin 132

Default/Known Accounts Report
Default and/or known accounts create an easy entry point for attackers to
take advantage of to gain access to the network and hosts. Once inside the
network, an attacker can perform malicious attacks, steal sensitive data, and
cause significant damage to critical systems. This report provides a summary
of the most prevalent detections of default and known accounts.
No Results:
No Default/Known Accounts Found
No Results: 134
OS Detections Report
System administrators and the security team work together to identify
systems at the most risk. A good first step is to understand the operating
systems in the network. This report provides a summary of the most
prevalent operating systems on the network.
OS Detections: Counts by Confidence Level
Nessus leverages several attributes such as "operating-system", "operating-system-
unsupported", "os" and "operating-system-conf" to group the hosts into different OS
families. In doing so this report organizes the system counts first using a matrix style
table, that displays rows by the confidence level and then by an OS family using
columns. The All column displays the total count of plugin present at the respective
Confidence Level. The Windows, MacOS, and Linux, columns filter based on the key
words "windows", "mac", or "linux". The Other column will match on anything that does
match the aforementioned key words.
Confidence All Windows MacOS Linux Other
0-9 0 0 0 0 0
10 - 19 0 0 0 0 0
20 - 29 0 0 0 0 0
30 - 39 0 0 0 0 0
40 - 49 0 0 0 0 0
50 - 59 0 0 0 0 0
60 - 69 0 0 0 0 0
70 - 79 0 0 0 0 0
80 - 89 0 0 0 0 0
90 - 100 1 0 0 1 0
Totals
1 0 0 1 0
OS Detections: Counts by Confidence Level 136

OS Detections: Max Severity by OS Family (Confidence > 50)
Building upon the previous matrix, the OS Detections: Max Severity by OS Family
(Confidence > 50) table provides the security team with summary view of risk based on
operating system. The counts represented in this table are based on system count by
OS family and if a vulnerability with the indicated severity is present. For example, in
the Windows column and the High severity row, say there is a number 15. The number
represents that there are 15 assets identified to have a Windows operating system with
at least 1 high severity vulnerability.
Severity (CVSS v3.0) All Windows MacOS Linux Other
CRITICAL 0 0 0 0 0
HIGH 1 0 0 1 0
MEDIUM 0 0 0 0 0
LOW 0 0 0 0 0
INFO 0 0 0 0 0
Totals
1 0 0 1 0
OS Detections: Max Severity by OS Family (Confidence > 50) 137

OS Detections: Details (Confidence > 50)
The OS Detections: Details (Confidence > 50) table presents all of the OS family
detections, along with assets within each OS. The table also displays if the OS is
supported by the vendor.
OS Count Unsupported Hosts
Linux Kernel 3.10 on CentOS Linux release 7 1 no zn.21stprocessing.com
OS Detections: Details (Confidence > 50) 138

Unsupported Software Report
The proliferation of unsupported and end-of-life (EOL) software is an issue
for many organizations and increases the effort required to minimize risk.
As software reaches end-of-life, vendors often stop providing updates and
support for the older versions. This report provides system administrators
with a summary of the software that is no longer supported and puts the
organization at the most risk.
No Results:
No Unsupported Software Found
No Results: 140
0 1 4 0 31
CRITICAL HIGH MEDIUM LOW INFO
Vulnerabilities Total: 36
SEVERITY CVSS PLUGIN NAME

V3.0
HIGH 7.5 35450 DNS Server Spoofed Request Amplification DDoS
MEDIUM 6.5 51192 SSL Certificate Cannot Be Trusted
MEDIUM 6.1 136929 JQuery 1.2 < 3.5.0 Multiple XSS
MEDIUM 5.3 121479 web.config File Information Disclosure
MEDIUM 5.0* 10539 DNS Server Recursive Query Cache Poisoning Weakness
INFO N/A 46180 Additional DNS Hostnames
INFO N/A 18261 Apache Banner Linux Distribution Disclosure
INFO N/A 48204 Apache HTTP Server Version
INFO N/A 39521 Backported Security Patch Detection (WWW)
INFO N/A 45590 Common Platform Enumeration (CPE)
INFO N/A 11002 DNS Server Detection
INFO N/A 54615 Device Type
INFO N/A 84502 HSTS Missing From HTTPS Server
INFO N/A 43111 HTTP Methods Allowed (per directory)
INFO N/A 10107 HTTP Server Type and Version
INFO N/A 12053 Host Fully Qualified Domain Name (FQDN) Resolution
INFO N/A 24260 HyperText Transfer Protocol (HTTP) Information
INFO N/A 106658 JQuery Detection
INFO N/A 11219 Nessus SYN scanner
INFO N/A 19506 Nessus Scan Information
INFO N/A 11936 OS Identification
INFO N/A 57323 OpenSSL Version Detection
INFO N/A 122364 Python Remote HTTP Detection
INFO N/A 31422 Reverse NAT/Intercepting Proxy Detection
INFO N/A 56984 SSL / TLS Versions Supported
INFO N/A 10863 SSL Certificate Information
INFO N/A 21643 SSL Cipher Suites Supported
INFO N/A 57041 SSL Perfect Forward Secrecy Cipher Suites Supported
INFO N/A 22964 Service Detection
INFO N/A 25220 TCP/IP Timestamps Supported
INFO N/A 136318 TLS Version 1.2 Protocol Detection
INFO N/A 10287 Traceroute Information
INFO N/A 100669 Web Application Cookies Are Expired
INFO N/A 10386 Web Server No 404 Error Code Check
INFO N/A 10302 Web Server robots.txt Information Disclosure
INFO N/A 156439 jQuery UI Detection
* indicates the v3.0 score was not available; the v2.0 score is shown
Overview
The Overview section contains two matrices that provide summary counts,
by severity, using VPR or CVSS. Within each cell there is a number for
the vulnerability count, and in parentheses the count of exploitable
vulnerabilities. Also provided is the count based on severity level.
Vulnerability Instances: all and exploitable, by severity
VPR: all(exploitable)
0(0) 0(0) 3(1)

CRITICAL HIGH MEDIUM
CVSS v3.0: all(exploitable)
0(0) 1(0) 4(1)

CRITICAL HIGH MEDIUM
Vulnerability Instances: all and exploitable, by severity 145

Top 10 Critical Vulnerabilities
The two tables in this chapter provide a top 10 vulnerabilities grouped using
the critical VPR or critical CVSS. For VPR and CVSS v3.0 the rating is 9.0 -
10, for CVSS v2.0 the rating is 10. The vulnerabilities identified using VPR
are the most active in the wild, and based on an in-depth threat analysis,
are considered the most critical to mitigate. Traditionally, the method for
identifying risk was most commonly with CVSS v3.0 or CVSS v2.0. While each
still remain very important, and should be mitigated, these vulnerabilities are
not given the same context as VPR identified vulnerabilities.
No Results:
No Top 10 Critical Vulnerabilities: (VPR) Found
No Results: 147
No Results:
No Top 10 Critical Vulnerabilities: (CVSS v3.0) Found
No Results: 148
Top 10 High Vulnerabilities
The two tables in this chapter provide a top ' + limit + ' vulnerabilities
grouped using the High VPR or High CVSS. For VPR and CVSS v3.0 the
rating is 7.0 - 8.9, for CVSS v2.0 the rating is 7.0 - 9.9. The vulnerabilities
identified using VPR are the most active in the wild and based on an
in-depth threat analysis are considered the most critical to mitigate.
Traditionally, the method for identifying risk was most commonly with CVSS
v3.0 or CVSS v2.0. While each still remain very important, and should be
mitigated, these vulnerabilities are not given the same context as VPR
identified vulnerabilities.
No Results:
No Top 10 High Vulnerabilities: (VPR) Found
No Results: 150
Top 10 High Vulnerabilities: (CVSS v3.0)
Top 10 most prevalent high vulnerabilities
Plugin Plugin Name Plugin CVSS v3.0 Known Publication Count
ID Family Exploit? Date
DNS 7.5 - 2006/02/28 1
35450 DNS Server Spoofed Request
Amplification DDoS
Top 10 High Vulnerabilities: (CVSS v3.0) 151

Top 10 Most Prevalent Vulnerabilities
The two tables in this chapter provide a top 10 vulnerabilities grouped
using the Medium through Critical. For VPR, CVSS v3.0, and CVSS v2.0 the
rating is 4.0 - 10. The vulnerabilities identified using VPR are the most active
in the wild and based on an in-depth threat analysis are considered the
most critical to mitigate. Traditionally, the method for identifying risk was
most commonly with CVSS v3.0 or CVSS v2.0. While each still remain very
important, and should be mitigated, these vulnerabilities are not given the
same context as VPR identified vulnerabilities.
Top 10 Most Prevalent Vulnerabilities: (VPR)
Top 10 most prevalent (medium, high, critical) vulnerabilities
Plugin Plugin Name Plugin VPR Known Publication Count
CGI 5.7 Yes 2020/04/29 1
136929 JQuery 1.2 < 3.5.0 Multiple XSS abuses :
XSS
Top 10 Most Prevalent Vulnerabilities: (VPR) 153

Top 10 Most Prevalent Vulnerabilities: (CVSS v3.0)
Top 10 most prevalent (medium, high, critical) vulnerabilities
Plugin Plugin Name Plugin CVSS v3.0 Known Publication Count
DNS 7.5 - 2006/02/28 1
35450 DNS Server Spoofed Request
Amplification DDoS
General 6.5 - 2010/12/15 1
51192 SSL Certificate Cannot Be
Trusted
CGI 6.1 Yes 2020/04/29 1
136929 JQuery 1.2 < 3.5.0 Multiple XSS abuses :
XSS
CGI 5.3 - 2019/01/30 1
121479 web.config File Information abuses
Disclosure
DNS 5.0* - 1997/08/01 1
10539 DNS Server Recursive Query
Top 10 Most Prevalent Vulnerabilities: (CVSS v3.0) 154

VAPT - Assignment2

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

VAPT - Assignment2

Uploaded by

Copyright:

Available Formats

TABLE OF CONTENTS

Exploitable Vulnerabilities Report

Hosts with Vulnerabilities Report

Hosts with Vulnerabilities > 1 Year Old Report

Default/Known Accounts Report

Unsupported Software Report

Top 10 Critical Vulnerabilities

Top 10 High Vulnerabilities

Top 10 Most Prevalent Vulnerabilities

Start time: Thu Jan 28 15:06:43 2023

DNS Name: zn.21stprocessing.com

CVSS v2.0 Base Score

CVSS v2.0 Temporal Score

Published: 2009/01/22, Modified: 2020/08/21

It is possible to query the remote name server for third-party names.

Then, within the options block, you can explicitly state:

If you are using another name server, consult its documentation.

CVSS v2.0 Base Score

CVSS v2.0 Temporal Score

Published: 2000/10/27, Modified: 2018/06/27

Upgrade to JQuery version 3.5.0 or later.

CVSS v3.0 Base Score

CVSS v3.0 Temporal Score

CVSS v2.0 Base Score

CVSS v2.0 Temporal Score

Published: 2020/05/28, Modified: 2021/09/09

The SSL certificate for this service cannot be trusted.

Purchase or generate a proper SSL certificate for this service.

CVSS v3.0 Base Score

CVSS v2.0 Base Score

Published: 2010/12/15, Modified: 2020/04/27

The following certificate was at the top of the certificate

|-Subject : C=US/O=Internet Security Research Group/CN=ISRG Root X1

CVSS v3.0 Base Score

CVSS v2.0 Base Score

Published: 2019/01/30, Modified: 2020/04/27

GET /web.config HTTP/1.1

This produced the following truncated output (limited to 5 lines) :

------------------------------ snip ------------------------------

Nessus has detected potential virtual hosts.

Different web servers may be hosted on name-based virtual hosts.

Published: 2010/04/29, Modified: 2020/06/12

The following hostnames point to the remote host :

Published: 2005/05/15, Modified: 2022/03/21

The Linux distribution detected was :

Published: 2010/07/30, Modified: 2020/09/22

Published: 2010/07/30, Modified: 2020/09/22

Security patches are backported.

Banner-based checks have been disabled to avoid false positives.

Published: 2009/06/25, Modified: 2015/07/07

Give Nessus credentials to perform local checks.

Security patches are backported.

Banner-based checks have been disabled to avoid false positives.

Published: 2009/06/25, Modified: 2015/07/07

Give Nessus credentials to perform local checks.

Published: 2010/04/21, Modified: 2022/05/24

The remote operating system matched the following CPE :

cpe:/o:centos:centos:7 -> CentOS

Following application CPE's matched on the remote system :

cpe:/a:apache:http_server:2.4.6 -> Apache Software Foundation Apache HTTP Server

A DNS server is listening on the remote host.

Published: 2003/02/13, Modified: 2017/05/16

A DNS server is listening on the remote host.

Published: 2003/02/13, Modified: 2017/05/16