Is-03 q1 Pci Asv DNS-ip-was Reports - DB

Host Plugin ID CVE CVSS Risk Protocol Port Name
64.178.217. 33929 0 High TCP 0 PCI DSS compliance
64.178.217. 159543 4 Medium TCP 443 SSL/TLS Recommended Cipher S

64.178.217. 50600 CVE-2010-38 5 Medium TCP 443 Apache Shiro URI Path Security
64.178.217. 56818 6.4 Medium TCP 443 CGI Generic Cross-Site Request
64.178.217. 119811 7.8 High TCP 443 Script Src Integrity Check

64.178.217. 64588 CVE-2007-28 7.5 High TCP 443 Microsoft ASP.NET MS-DOS De


64.178.217. 45411 5 Medium TCP 443 SSL Certificate with Wrong H
64.178.217. 88099 5 Medium TCP 443 Web Server HTTP Header Infor
Synopsis
The remote h
The remote h
The remote h
A security f
The remote w
Report extern
The remote h
The remote h
A security f
The remote w
The remote h
The remote h
A security f
A framework
The remote h
The remote h
The remote w
The remote h
The remote h
The SSL certif
The remote w
The remote w
The remote h
Description
The remote host is vulnerable to one or more conditions that are considered to be 'automatic failures' according to the PCI DSS Approved
- Vulnerabilities with a CVSS base score greater than or equal to 4.0

- Unsupported operating systems
- Internet reachable database servers (must validate whether cardholder data is stored)
- Presence of built-in or default accounts
- Unrestricted DNS Zone transfers
- Unvalidated parameters leading to SQL injection attacks
- Cross-Site Scripting (XSS) flaws
- Directory traversal vulnerabilities
- HTTP response splitting/header injection
- Detection of backdoor applications (malware, trojan horses, rootkits, backdoors)
- Use of older, insecure SSL/TLS versions (TLS v1.2 is the minimum standard)
- Use of anonymous key exchange protocols (such as anonymous Diffie-Hellman in SSL/TLS)
- Scan Interference
Details of the failed items may be found in the 'Output' section of this plugin result. These vulnerabilities and/or failure conditions will hav
If you are conducting this scan via Tenable.io and either disagree with any of the results, believe there are false-positives, or must rely on c
in Tenable.io and dispute or provide mitigation evidence for each of the residual findings.
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the follo
TLSv1.3:
- 0x13,0x01 TLS_AES_128_GCM_SHA256
- 0x13,0x03 TLS_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client relea

- Scan Interference
The version of the Apache Shiro open source security framework running on the remote web server is affected by an error in the path-bas
using directory traversal, to bypass intended access restrictions, resulting in the disclosure of sensitive information.
Nessus has found HTML forms on the remote web server. Some CGI scripts do not appear to be protected by random tokens, a common a
- Nessus did not exploit the flaw.

- Nessus cannot identify sensitive actions; for example, on an online bank, consulting an account is less sensitive than transferring mo
You will need to audit the source of the CGI scripts and check if they are actually affected.
The remote host may be vulnerable to payment entry data exfiltration due to javascript included from potentially untrusted and unverified
If the host is controlled by a 3rd party, ensure that the 3rd party is PCI DSS compliant.
TLSv1.3:
TLSv1.2:
- Scan Interference

TLSv1.3:
TLSv1.2:

- Scan Interference
The web server running on the remote host appears to be using Microsoft ASP.NET, and may be affected by a denial of service vulnerabilit
Additionally, there is speculation that this vulnerability could result in code execution if an attacker with physical access to the machine co
TLSv1.3:
TLSv1.2:
- Scan Interference

TLSv1.3:
TLSv1.2:

- Scan Interference
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.

The HTTP headers sent by the remote web server disclose information that can aid an attacker, such as the server version and languages u
TLSv1.3:
TLSv1.2:
Solution
N/A
Only enable support for recommended cipher suites.

N/A
Upgrade to Apache Shiro version 1.1.0 or later.
Restrict access to the application vulnerable to cross-site request forgery. Contact the vendor for a patch or upgrade.
Set script integrity checking on target script or remove target script.

N/A


N/A
Use an ISAPI filter to block requests for URLs with MS-DOS device names.
N/A

N/A
Purchase or generate a proper SSL certificate for this service.
Modify the HTTP headers of the web server to not disclose detailed information about the underlying web server.
See Also Plugin OutpuAsset UUID VulnerabilityIP Address FQDN NetBios OS MAC AddresPlugin Famil
+ A medium risk flaw was found. See :

http://www.nessus.org/plugins/index.php?view=single&id=159543
https://www. 83d5ca09-34Active 64.178.217.7 Microsoft Windows ServePolicy Compl
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/
83d5ca09-34Active 64.178.217.7 Microsoft Windows ServeGeneral
+ A high risk flaw was found. See :
+ 3 medium risk flaws were found. See :
https://www. a8ee497c-feActive 64.178.217.19 Microsoft Windows ServePolicy Compl
------------------------------ snip ------------------------------
http://www. a8ee497c-feActive 64.178.217.19 Microsoft Windows ServeCGI abuses
The following CGIs are not protected by a random token :

/login.aspx
/Checkout/performPayment
https://en.w a8ee497c-feActive 64.178.217.19 Microsoft Windows ServeCGI abuses
- language : javascript
http://www.nessus.org/u?c9e76c4f
- src : https://mmpay.evertecinc.com/mfa_fe/mfa.js
https://www.w3.org/TR/SRI/
http://www.nessus.org/u?f39144f8
a8ee497c-feActive 64.178.217.19 Microsoft Windows ServeWeb Servers

{Cipher ID code}
Kex={key exchange}
{export flag}
a8ee497c-feActive 64.178.217.19 Microsoft Windows ServeGeneral

https://www. 8a565c26-d3Active 64.178.217. ccp.bppr.com Microsoft Windows ServePolicy Compl
------------------------------ snip ------------------------------
http://www. 8a565c26-d3Active 64.178.217. ccp.bppr.com Microsoft Windows ServeCGI abuses
/login.aspx
/Checkout/performPayment
https://en.w 8a565c26-d3Active 64.178.217. ccp.bppr.com Microsoft Windows ServeCGI abuses
{Cipher ID code}
Kex={key exchange}
{export flag}
8a565c26-d3Active 64.178.217. ccp.bppr.com Microsoft Windows ServeGeneral
+ A high risk flaw was found. See :
https://www. a7fb4dd7-cdActive 64.178.217. checkout.evertecinc.comMicrosoft Windows ServePolicy Compl
------------------------------ snip ------------------------------
http://www. a7fb4dd7-cdActive 64.178.217. checkout.evertecinc.comMicrosoft Windows ServeCGI abuses
Nessus received an HTTP 500 or related error message by requesting
the following URL :
https://seclists.org/fulldisclosure/2007/May/378
https://seclists.org/fulldisclosure/2007/May/415
https://checkout.evertecinc.com/AUX/.aspx
http://www.nessus.org/u?d32fbf50
" a7fb4dd7-cdActive 64.178.217. checkout.evertecinc.comMicrosoft Windows ServeWeb Servers

{Cipher ID code}
Kex={key exchange}
{export flag}
a7fb4dd7-cdActive 64.178.217. checkout.evertecinc.comMicrosoft Windows ServeGeneral

https://www. bc70d8ba-54Active 64.178.217. mmpay.evertecpr.com Microsoft Windows ServePolicy Compl
/wsCheckoutPayment.asmx
/wsCheckoutPayment.asmx/MakePayment
https://en.w bc70d8ba-54Active 64.178.217. mmpay.evertecpr.com Microsoft Windows ServeCGI abuses
{Cipher ID code}
Kex={key exchange}
{export flag}
bc70d8ba-54Active 64.178.217. mmpay.evertecpr.com Microsoft Windows ServeGeneral
https://www.wsathmovil.evertecinc.com
b4096466-1aActive 64.178.217.30 Microsoft Windows ServePolicy Compl
b4096466-1aActive 64.178.217.30 Microsoft Windows ServeGeneral

/xath.asmx
https://en.w b4096466-1aActive
X-AspNet-Version: 64.178.217.30
4.0.30319 Microsoft Windows ServeCGI abuses
b4096466-1aActive 64.178.217.30 Microsoft Windows ServeWeb Servers

{Cipher ID code}
Kex={key exchange}
{export flag}
b4096466-1aActive 64.178.217.30 Microsoft Windows ServeGeneral
CVSS Base S CVSS TemporCVSS TemporCVSS Vector CVSS3 Base CVSS3 Tempo
CVSS3 Tempo
CVSS3 VectoSystem TypeHost Start
0 0 0 0 unknown 2023-01-14T
4 0 AV:N/AC:H/A 4.8 0 AV:N/AC:H/Punknown 2023-01-14T

0 0 0 0 unknown 2023-01-14T
5 3.9 E:POC/RL:OFAV:N/AC:L/A 0 0 unknown 2023-01-14T
6.4 0 AV:N/AC:L/A 6.5 0 AV:N/AC:L/PR

unknown 2023-01-14T
7.8 0 AV:N/AC:M/A 7.1 0 AV:N/AC:H/PR

unknown 2023-01-14T
0 0 0 0 unknown 2023-01-14T

unknown 2023-01-14T

0 0 0 0 unknown 2023-01-14T
7.5 5.5 E:U/RL:OF/RAV:N/AC:L/A 0 0 unknown 2023-01-14T

0 0 0 0 unknown 2023-01-14T
unknown 2023-01-14T

0 0 0 0 general-pur 2023-01-14T
5 0 AV:N/AC:L/A 5.3 0 AV:N/AC:L/Pgeneral-pur 2023-01-14T

general-pur 2023-01-14T
5 0 AV:N/AC:L/A 5.3 0 AV:N/AC:L/Pgeneral-pur 2023-01-14T
4 0 AV:N/AC:H/A 4.8 0 AV:N/AC:H/Pgeneral-pur 2023-01-14T
Host End VulnerabilityFirst Found Last Found Host Scan ScHost Scan IDIndexed At Last AuthentLast UnautheTracked
2023-01-14Tnull 2023-01-14T2023-01-14Ttemplate-12757daf93-142023-01-14T09:57:03.59 2023-01-14T 0








Risk Factor Severity Original SeveModificationPlugin FamilyPlugin Type Plugin Versi Service Plugin ModifPlugin Publi
High 3 3 NONE 39 summary 1.122 2022-11-30T2008-08-07T
Medium 2 2 NONE 30 remote 1.3 www 2022-10-07T2022-04-06T

High 3 3 NONE 11 remote 1.4 www 2020-05-11T2018-12-20T



High 3 3 NONE 11 remote 1.5 www 2019-12-04T2013-02-13T




Checks for Exploit Avail Exploited byExploited byCANVAS D2 Elliot Metasploit Core Exploit ExploitHub Default Acco
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 1 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 1 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 1 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
Patch Availa In The NewsUnsupportedLast Fixed Mnemonic Application Manager
0 0 FALSE ATHG/ATPY/CCPY/WPCB ATH Móvil BaHector River

0 0 FALSE ACHW/ACLK/CCPY/MMPY/WCHK Acculynk Vi Hector River







Leader
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Daniel Brignardello
Plugin ID CVE CVSS Risk Host Protocol Port
33929 0 High par.getnet.clTCP 0
159543 4 Medium par.getnet.clTCP 443

Name
PCI DSS compliance
SSL/TLS Recommended Cipher Suites (PCI DSS)

Synopsis
The remote host has been found to be NOT COMPLIANT with the PCI DSS external scanning requirements.
The remote host advertises discouraged SSL/TLS ciphers.

Description Solution See Also
The remote N/A https://www.pcisecuritystandards.org

host is
vulnerable
The remote Only enable support for recommended cipher suites. https://wiki.mozilla.org/Security/
to one
host hasor Server_Side_TLS
open
SSL/TLS
Plugin OutpuAsset UUID VulnerabilityIP Address FQDN NetBios OS MAC AddresPlugin Famil CVSS Base S
+A abdb26ac-32Active 23.33.29.15 par.getnet.cl Linux Kernel 2.6 Policy Compl 0

medium
risk
The flaw
remote abdb26ac-32Active 23.33.29.15 par.getnet.cl Linux Kernel 2.6 General 4
was found.
host has
listening
SSL/TLS
CVSS TemporCVSS TemporCVSS Vector CVSS3 Base CVSS3 Tempo
CVSS3 Tempo
CVSS3 VectoSystem TypeHost Start Host End
0 0 0 general-pur 2023-01-14T2023-01-14T
0 AV:N/AC:H/A 4.8 0 AV:N/AC:H/Pgeneral-pur 2023-01-14T2023-01-14T

VulnerabilityFirst Found Last Found Host Scan ScHost Scan IDIndexed At Last AuthentLast UnautheTracked Risk Factor
null 2023-01-14T2023-01-14Ttemplate-681ba49643-4c2023-01-14T09:29:42.40 2023-01-14T 0 High
null 2023-01-14T2023-01-14Ttemplate-681ba49643-4c2023-01-14T09:29:42.47 2023-01-14T 0 Medium

Severity Original SeveModificationPlugin FamilyPlugin Type Plugin Versi Service Plugin ModifPlugin Publi Checks for
3 3 NONE 39 summary 1.122 2022-11-30T2008-08-07T 0
2 2 NONE 30 remote 1.3 www 2022-10-07T2022-04-06T 0

Exploit Avail Exploited byExploited byCANVAS D2 Elliot Metasploit Core Exploit ExploitHub Default AccoPatch Availa
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
In The NewsUnsupportedLast Fixed App Mneumo
Application Application Leader
0 FALSE PPAT Pago Automát

Carlos BermuDaniel Brignardello
0 FALSE PPAT Pago Automát

Carlos BermuDaniel Brignardello
age_in_days as asset.display_ipv4_address asseassasasset.name asset asseassedefi defdedefidefi
The HTTP protoco

HTTP Strict Transp
Cyber-criminals w
8 64.178.217.22 eb64.178.217.22 eb2 5.8 CVS 7 CVSSScanner discovere
HTTP Strict Transp
140 64.178.217.23 18mmpay.evertecinc.com 18a 5.8 CVS 7 CVSSThe detected HST
The HTTP protoco
HTTP Strict Transp
Cyber-criminals w
53 64.178.217.23 18mmpay.evertecinc.com 18a 5.8 CVS 7 CVSSScanner discovere
8 64.178.217.20 0064.178.217.20 008 5.8 CVS 7 CVSSThe

59 64.178.214.99 8eeverpayweb.evertecinc.com 8e9 5.8 CVS 7 CVSSThe
139 64.178.217.23 18mmpay.evertecinc.com 18a 5 CVS 4 CVSSWhen
140 64.178.217.20 2f ccp.bppr.com 2ff 6.4 CVS 7 CVSSMicr
The HTTP protoco
HTTP Strict Transp
Cyber-criminals w
8 64.178.217.23 bb64.178.217.23 bb6 5.8 CVS 7 CVSSScanner discovere

HTTP Strict Transp
8 64.178.217.20 0064.178.217.20 008 5.8 CVS 7 CVSSThe detected HST

Amazon Web Serv
140 64.178.217.20 2f ccp.bppr.com 2ff 5 CVS 5 CVSSBy using leaked A
140 64.178.217.19 8bccpy.evertecinc.com 8b1 6.4 CVS 7 CVSSMicr
8 64.178.217.22 eb64.178.217.22 eb2 5.8 CVS 7 CVSSThe

59 64.178.214.99 8eeverpayweb.evertecinc.com 8e9 5.8 CVS 7 CVSSThe detected HST
Amazon Web Serv
140 64.178.217.19 8bccpy.evertecinc.com 8b1 5 CVS 5 CVSSBy using leaked A
8 64.178.217.22 eb64.178.217.22 eb2 5 CVS 5 CVSSThe

8 64.178.217.18 a964.178.217.18 a98 5.8 CVS 7 CVSSThe detected HST
8 64.178.217.18 a964.178.217.18 a98 5 CVS 5 CVSSThe
8 64.178.217.20 0064.178.217.20 008 5 CVS 5 CVSSThe

definPlugin Plugin Name defi defi defidefidefidefi
HTTP 98056 Missing HTTP Strict Transport Security Policy 2017202owahtt Med
HTTP 98715 Permissive HTTP Strict Transport Security Policy Detected 2019202owahtt Med
SSL/ 98617 SSL/TLS Forward Secrecy Cipher Suites Not Supported 2019202owahtt Med
Injec 98623 Host Header Injection 2019202owahtt Med
Comp 112442 Microsoft IIS Tilde Character Short File/Folder Name Disclosure 2020202owahtt Med
Data 113164 AWS Credentials Disclosure 2022202owahtt Med
Comp 112442 Microsoft IIS Tilde Character Short File/Folder Name Disclosure 2020202owahtt Med
Data 113164 AWS Credentials Disclosure 2022202owahtt Med
SSL/ 112541 SSL/TLS Certificate Common Name Mismatch 2019202owasp_aMed

SSL/ 112541 SSL/TLS Certificate Common Name Mismatch 2019202owasp_aMed
SSL/ 112541 SSL/TLS Certificate Common Name Mismatch 2019202owasp_a

Med
definition.solution definfindfirs last
Depending on the framework being used the implementation methods will vary,
however it is advised that the `Strict-Transport-Security` header be configured on the
server.
One of the options for this header is `max-age`, which is a representation (in
milliseconds) determining the time in which the client's browser will adhere to the
header policy.
Depending on the environment and the application this time period could be from as low
as minutes to as long as days. 7298202202
The max-age must be set at least to 31536000 seconds (1 year) and includeSubDomains
directive must be specified. 86c5202202
server.
header policy.
as minutes to as long as days. 8700202202
Reconfigure the affected server to enable cipher suites providing forward secrecy (ECDHE
or DHE based cipher suites). 9596202202
Reconfigure the affected server to enable cipher suites providing forward secrecy (ECDHE or DH
9dfc202202
Web application should not trust Host and X-Forwarded-Host and should use a secure
SERVER_NAME instead of these headers. a6e9202202
As a workaround, disable the 8.3 file and directories name creation, manually remove
names already present in the fileystem and ensure that URL requests containing the tilde
character (and its unicode equivalences) are discarded before reaching the IIS server.
If possible, upgrade to the latest version of the .NET framework and IIS server. a7d6202202
server.
header policy.
as minutes to as long as days. ab8e202202
The max-age must be set at least to 31536000 seconds (1 year) and includeSubDomains
directive must be specified. abf1202202
Ensure that the detected AWS credentials are expected to be available to users, and that
the permissions are defined according to their purpose and to AWS security best
practices. ae7f202202
As a workaround, disable the 8.3 file and directories name creation, manually remove
names already present in the fileystem and ensure that URL requests containing the tilde
character (and its unicode equivalences) are discarded before reaching the IIS server.
If possible, upgrade to the latest version of the .NET framework and IIS server. b616202202
Reconfigure the affected server to enable cipher suites providing forward secrecy (ECDHE
or DHE based cipher suites). c576202202
The max-age must be set at least to 31536000 seconds (1 year) and includeSubDomains directie480202202
Ensure that the detected AWS credentials are expected to be available to users, and that
the permissions are defined according to their purpose and to AWS security best
practices. e49d202202
Purchase or generate a new SSL/TLS certificate with the right Common Name or Subject
Alternative Name to replace the existing one. f0d1202202
The max-age must be set at least to 31536000 seconds (1 year) and includeSubDomains directif678202202
Purchase or generate a new SSL/TLS certificate with the right Common Name or Subject Alterna
f7b9202202
Purchase or generate a new SSL/TLS certificate with the right Common Name or Subject
Alternative Name to replace the existing one. f981202202
output
The scanner did not find any Strict-Transport-Security header in the response returned by the target when querying URL https://64.178.21
The 'max-age' directive set within the HTTP Strict Transport Security Policy header is 16070400 and thus less than the required 31536000 s
Strict-Transport-Security source can be found below:
max-age=16070400; includeSubDomains
The scanner did not find any Strict-Transport-Security header in the response returned by the target when querying URL https://mmpay.e
TLS1.2 TLS_RSA_WITH_AES_128_CBC_SHA256 RSA 2048
TLS1.2 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA RSA 2048
Host header injection has been detected on https://mmpay.evertecinc.com/wsCheckoutPayment.asmx?op=MakePayment using the injecti
The scanner has been able to detect the presence of short files and directories names on the target server.
The scanner did not find any Strict-Transport-Security header in the response returned by the target when querying URL https://64.178.21
Strict-Transport-Security source can be found below:
The scanner detected an AWS access key ID and a secret key.
The scanner has been able to detect the presence of short files and directories names on the target server.
TLS1.2 TLS_RSA_WITH_AES_128_CBC_SHA256 RSA 2048
The scanner detected an AWS access key ID and a secret key.
Signature: sha256WithRSAEncryption
Signature: sha256WithRSAEncryption
risk_modified severity state AppMneumonic Application Name Manager Leader
NONE Medium ACTIVE WCHK EVERPAY CHECKOUT Hector RiveraDaniel Brign
NONE Medium ACTIVE MMPY MULTI MERCHANT PAYHector RiveraDaniel Brign
NONE Medium ACTIVE CCPY CALL CENTER PAY Hector RiveraDaniel Brign
NONE Medium ACTIVE EVPW EVERPAY WEB Hector RiveraDaniel Brign

NONE Medium ACTIVE EVPW EVERPAY WEB Hector RiveraDaniel Brign

NONE Medium ACTIVE WPDS WEB PAYMENT DASHBHector RiveraDaniel Brign
NONE Medium ACTIVE WPDS WEB PAYMENT DASHBHector RiveraDaniel Brign
URL
checkout.evertecinc.com
mmpay.evertecinc.com
ccp.bppr.com
everpayweb.evertecinc.com
ccp.bppr.com
ccp.bppr.com
ccp.bppr.com
ccpy.evertecinc.com
everpayweb.evertecinc.com
ccpy.evertecinc.com
dashboard.evertecinc.com
dashboard.evertecinc.com
ccp.bppr.com
Item
PCI Web Application Scan'!A2



Q1 PCI ASV by IP'!J5
Q1 PCI ASV by IP'!J6

Solucion
set a custom HTTP header for Strict-Transport-Security with the value max-age=31536000; includeSubDomains; preload in the
https://www.digicert.com/kb/ssl-support/ssl-enabling-perfect-forward-secrecy.htm
Security scan tools may flag Host Header related findings as a vulnerability. Here are the best practices for preventing attacker
Do not use Host Header in the code

If you have to use it, validate it in every page
Use hostnames in all IIS websites
Disable support for X-Forwarded-Host
URL Rewrite rules can be used to find malicious host headers:
Click on the site in IIS Manager

Go to “URL Rewrite” (it should be installed first)
Click “Add Rule(s)”
Select “Blank rule”
For “Match URL” section, enter (.) into the “Pattern”
In “Conditions” section, click “Add”
Enter {HTTP_HOST} into “Condition input”
Select “Does Not Match the Pattern” from “Check if input string” list
Enter ^([a-zA-Z0-9-_]+.)*domain.com$ into “Pattern” field (change domain name with yours)
For the “Action” section, select “Redirect” from the “Action type” list
Enter your domain address (https://domain.com/) in the “Redirect URL”
Select “Permanent (301)” from the “Redirect type” list
Click “Apply”
Try to scan for existing short filenames with fsutil:
fsutil 8dot3name scan /s /v E:\inetpub\wwwroot

And strip them if they are found:
fsutil 8dot3name strip /s /v E:\inetpub\wwwroot

Also looking at the log with empty magic part (magic part: ""), I wonder could that be a bug in the POC. This line in config.xml l
/webresource.axd:
<entry> key="magicFinalPartList">
<![CDATA[\a.aspx,\a.asp,/a.aspx,/a.asp,/a.shtml,/a.asmx‌,/a.ashx,/a.config,/a.php,/a.jpg,/webresource.axd,,/a.xxx]]>
</entry>
Ensure that the detected AWS credentials are expected to be available to users, and that the permissions are defined accordin
best practices.
Try to scan for existing short filenames with fsutil:
fsutil 8dot3name scan /s /v E:\inetpub\wwwroot

And strip them if they are found:
fsutil 8dot3name strip /s /v E:\inetpub\wwwroot

Also looking at the log with empty magic part (magic part: ""), I wonder could that be a bug in the POC. This line in config.xml l
/webresource.axd:
<entry> key="magicFinalPartList">
<![CDATA[\a.aspx,\a.asp,/a.aspx,/a.asp,/a.shtml,/a.asmx‌,/a.ashx,/a.config,/a.php,/a.jpg,/webresource.axd,,/a.xxx]]>
</entry>
Ensure that the detected AWS credentials are expected to be available to users, and that the permissions are defined accordin
best practices.
https://www.leaderssl.com/articles/388-common-name-mismatch-error-effective-ways-to-solve-a-problem#:~:text=If%20you
%20error%20will%20disappear%20afterwards.
https://www.leaderssl.com/articles/388-common-name-mismatch-error-effective-ways-to-solve-a-problem#:~:text=If%20you
%20error%20will%20disappear%20afterwards.
N/A
Link Is F5
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security X
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
https://techcommunity.microsoft.com/t5/iis-support-blog/host-header-vulnerability/ba-
p/1031958
https://serverfault.com/questions/670658/fixing-the-iis-tilde-vulnerability
https://aws.amazon.com/es/blogs/security/what-to-do-if-you-inadvertently-expose-an-
aws-access-key/
https://serverfault.com/questions/670658/fixing-the-iis-tilde-vulnerability
https://learn.microsoft.com/en-us/windows-server/security/tls/manage-tls
https://aws.amazon.com/es/blogs/security/what-to-do-if-you-inadvertently-expose-an-
aws-access-key/
https://www.leaderssl.com/articles/388-common-name-mismatch-error-effective-ways-to-
solve-a-problem#:~:text=If%20you%20purchased%20a%20static,The%20error%20will
%20disappear%20afterwards.
https://www.leaderssl.com/articles/388-common-name-mismatch-error-effective-ways-to-
solve-a-problem#:~:text=If%20you%20purchased%20a%20static,The%20error%20will
%20disappear%20afterwards.
https://learn.microsoft.com/en-us/windows-server/security/tls/manage-tls
https://support.huawei.com/enterprise/en/doc/EDOC1000111845/bdcf1729/33929---pci-
dss-compliance

Is-03 q1 Pci Asv DNS-ip-was Reports - DB

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Is-03 q1 Pci Asv DNS-ip-was Reports - DB

Uploaded by

Copyright:

Available Formats

Host Plugin ID CVE CVSS Risk Protocol Port Name

64.178.217. 33929 0 High TCP 0 PCI DSS compliance

64.178.217. 159543 4 Medium TCP 443 SSL/TLS Recommended Cipher S

64.178.217. 33929 0 High TCP 0 PCI DSS compliance

64.178.217. 159543 4 Medium TCP 443 SSL/TLS Recommended Cipher S

64.178.217. 33929 0 High TCP 0 PCI DSS compliance

64.178.217. 159543 4 Medium TCP 443 SSL/TLS Recommended Cipher S

- Vulnerabilities with a CVSS base score greater than or equal to 4.0

- Presence of built-in or default accounts

- Unrestricted DNS Zone transfers

- Unvalidated parameters leading to SQL injection attacks

- Cross-Site Scripting (XSS) flaws

- Directory traversal vulnerabilities

- HTTP response splitting/header injection

- Detection of backdoor applications (malware, trojan horses, rootkits, backdoors)

- Use of anonymous key exchange protocols (such as anonymous Diffie-Hellman in SSL/TLS)

- Unsupported operating systems

- Presence of built-in or default accounts

- Unrestricted DNS Zone transfers

- Unvalidated parameters leading to SQL injection attacks

- Cross-Site Scripting (XSS) flaws

- Directory traversal vulnerabilities

- HTTP response splitting/header injection

- Detection of backdoor applications (malware, trojan horses, rootkits, backdoors)

- Use of anonymous key exchange protocols (such as anonymous Diffie-Hellman in SSL/TLS)

- Nessus did not exploit the flaw.

- Vulnerabilities with a CVSS base score greater than or equal to 4.0

- Unsupported operating systems

- Presence of built-in or default accounts

- Unrestricted DNS Zone transfers

- Unvalidated parameters leading to SQL injection attacks

- Cross-Site Scripting (XSS) flaws

- Directory traversal vulnerabilities

- HTTP response splitting/header injection

- Detection of backdoor applications (malware, trojan horses, rootkits, backdoors)

- Use of anonymous key exchange protocols (such as anonymous Diffie-Hellman in SSL/TLS)

- Nessus did not exploit the flaw.

- Unsupported operating systems

- Presence of built-in or default accounts

- Unrestricted DNS Zone transfers

- Unvalidated parameters leading to SQL injection attacks

- Cross-Site Scripting (XSS) flaws

- Directory traversal vulnerabilities

- HTTP response splitting/header injection

- Detection of backdoor applications (malware, trojan horses, rootkits, backdoors)

- Use of anonymous key exchange protocols (such as anonymous Diffie-Hellman in SSL/TLS)

- Vulnerabilities with a CVSS base score greater than or equal to 4.0

- Unsupported operating systems

- Presence of built-in or default accounts

- Unrestricted DNS Zone transfers

- Unvalidated parameters leading to SQL injection attacks

- Cross-Site Scripting (XSS) flaws

- Directory traversal vulnerabilities

- HTTP response splitting/header injection

- Detection of backdoor applications (malware, trojan horses, rootkits, backdoors)

- Use of anonymous key exchange protocols (such as anonymous Diffie-Hellman in SSL/TLS)

- Nessus did not exploit the flaw.

- Unsupported operating systems

- Presence of built-in or default accounts

- Unrestricted DNS Zone transfers

- Unvalidated parameters leading to SQL injection attacks

- Cross-Site Scripting (XSS) flaws

- Directory traversal vulnerabilities