Pci Indicator Sample Report

SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013
RONLAB
PCI Indicator Report

June 10, 2013 at 4:36pm EDT
[cody]
Confidential: The following report contains confidential information. Do not distribute, email, fax,
or transfer via any electronic mechanism unless it has been approved by the recipient company's
security policy. All copies and backups of this document should be saved on protected storage at all
times. Do not share any of the information contained within this report with anyone unless they are
authorized to view the information. Violating any of the previous instructions is grounds for termination.
PCI Indicator Report SecurityCenter 4
PCI DSS Compliance

Failing PCI DSS Systems
The remote web server is vulnerable to cross-site scripting (XSS) attacks, implements old SSL2.0 cryptography, runs obsolete software, or is affected by dangerous
vulnerabilities (CVSS base score >= 4). If you are conducting this scan through the Nessus Perimeter Service Plugin, and if you disagree with the results, you may
submit this report by clicking on 'Submit for PCI Validation' and dispute the findings through our web interface.
Vulnerability Summary - Failing PCI DSS Systems
Plugin Total Severity Plugin Name

33929 1 High PCI DSS compliance
Host Summary - Non-Compliant PCI-DSS
IP Address NetBIOS Name DNS Name MAC Address Score OS CPE Total
WORKGROUP\TARGET- cpe:/
192.168.1.11 win7-pc.lab 00:21:70:38:fb:9f 10 1
WIN7 o:microsoft:windows_7:::ultimate
PCI DSS Compliance
Tenable Network Security 1

Passing PCI DSS Systems

Using the available information, Nessus did not find any disqualifying flaws for this host. Note that this result is NOT a PCI certification. To obtain a certification, you
need to run the scan through the Nessus Perimeter Service and click on 'Submit for PCI Validation' to send the results to Tenable for review.
Vulnerability Summary - Passing PCI DSS Systems
Host Summary - Compliant PCI-DSS
PCI DSS Compliance

Invalid Test Settings

The scan settings did not fulfill the PCI DSS scan validation requirements. Even if the technical tests passed, this report may be insufficient to certify this server.
Vulnerability Summary - Invalid Test Settings
Host Summary - Invalid Test Settings
PCI DSS Compliance

Insecure Communications
Applications that fail to adequately encrypt network traffic using strong cryptography are at increased risk of being compromised and exposing cardholder data. If an
attacker is able to exploit weak cryptographic processes, he/she may be able to gain control of an application or even gain clear-text access to encrypted data.
Vulnerability Summary - Insecure Communications
Host Summary - Insecure Communications
PCI DSS Compliance

Remote Access Software

Due to increased risk to the cardholder data environment when remote access software is present, please 1) justify the business need for this software to the ASV
and 2) confirm it is either implemented securely per Appendix C in the ASV Program Guide, or disabled / removed. Please consult your ASV if you have questions
about this Special Note.
Vulnerability Summary - Remote Access Software

PCI DSS Compliance : Remote Access
56209 1 Info
Software Has Been Detected
Host Summary - Remote Access Software
IP Address NetBIOS Name DNS Name MAC Address Score OS CPE Total Info
WORKGROUP\ cpe:/
192.168.1.11 win7-pc.lab 00:21:70:38:fb:9f 0 1 1
TARGET-WIN7 o:microsoft:windows_7:::ultimate
PCI DSS Compliance

Internet Reachable DB
The remote host is running a database server that is reachable from the Internet. This violates PCI DSS, section 1.3.7.
Vulnerability Summary - Internet Reachable DB
Host Summary - Internet Reachable DBs
PCI DSS Compliance

PCI-DSS Status Per Host

Last Scan > 7 Days Ago
Listed below is the IP summary of the systems scanned for PCI compliance within the passed 7 days. Both systems which failed compliance and passed compliance
are listed.



Listed below is the IP summary of systems scanned for PCI compliance within the passed 30 days. Both systems which failed compliance and passed compliance
are listed.


Web Vulnerabilities
Web Vulns
Web Server Plugins (Active & Passive) - Active plugins that check for vulnerabilities in web servers such as Apache HTTP Server, IBM Lotus Domino, Microsoft IIS,
and many more. Note: These checks only test the web server software, not the web applications hosted on the server. A set of plugins to passively detect traffic
and vulnerabilities in web servers.
CGI Abuses (Active & Passive) - Active plugin checks for web-based CGI programs with publicly documented vulnerabilities. These checks include SQL injection,
Local File Inclusion (LFI), Remote File Inclusion (RFI), Directory Traversal, and more. This family does not include checks for cross-site scripting. Active plugin checks
for web-based CGI programs with publicly documented cross-site scripting (XSS) vulnerabilities. A variety of passive plugins that check for the presence of CGI
programs, web applications, and vulnerabilities associated with them.
Web Vulnerabilities

Web Vulns

58987 24 Critical PHP Unsupported Version Detection
45004 13 Critical Apache 2.2 < 2.2.15 Multiple Vulnerabilities
Apache 2.2 < 2.2.13 APR apr_palloc Heap
57603 7 Critical
Overflow
60085 6 Critical PHP 5.3.x < 5.3.15 Multiple Vulnerabilities
Apache mod_proxy Content-Length
15555 5 Critical
Overflow
IBM WebSphere Application Server 6.1 <
49691 1 Critical
6.1.0.33 Multiple Vulnerabilities
57607 1 Critical
58966 30 High PHP < 5.3.11 Multiple Vulnerabilities
PHP < 5.3.12 / 5.4.2 CGI Query String
58988 30 High
Code Execution
55976 23 High Apache HTTP Server Byte Range DoS
48244 10 High PHP 5.2 < 5.2.14 Multiple Vulnerabilities
34460 10 High Unsupported Web Server Detection
42052 9 High Apache 2.2 < 2.2.14 Multiple Vulnerabilities
Apache < 1.3.37 mod_rewrite LDAP
31654 6 High
Protocol URL Handling Overflow
PHP 5.3.x < 5.3.13 CGI Query String Code
59056 6 High
Execution
59529 6 High PHP 5.3.x < 5.3.14 Multiple Vulnerabilities
Web Vulnerabilities


35043 4 High PHP 5 < 5.2.7 Multiple Vulnerabilities
22268 4 High PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities
mod_ssl ssl_util_uuencode_binary Remote
12255 4 High
Overflow
Apache mod_ssl ssl_engine_log.c
13651 4 High mod_proxy Hook Function Remote Format
String
66175 4 High Plesk Horde Detection
31655 3 High
31656 3 High Apache < 2.0.55 Multiple Vulnerabilities
17797 2 High PHP 5.x < 5.2.2 Information Disclosure
PHP < 4.3.11 / 5.0.3 Multiple Unspecified
18033 2 High
Vulnerabilities
Apache Tomcat 5.5.x < 5.5.34 Multiple
56301 2 High
Vulnerabilities
31649 1 High PHP 5.x < 5.2 Multiple Vulnerabilities
Apache <= 2.0.51 Satisfy Directive Access
14803 1 High
Control Bypass
23842 1 High JBoss JMX Console Unrestricted Access
IBM Lotus Domino 8.5.x Multiple
66240 1 High
Vulnerabilities
11213 150 Medium HTTP TRACE / TRACK Methods Allowed
Web Vulnerabilities


Apache HTTP Server httpOnly Cookie
57792 129 Medium
Information Disclosure
62101 25 Medium Apache 2.2 < 2.2.23 Multiple Vulnerabilities
56216 22 Medium Apache 2.2 < 2.2.21 mod_proxy_ajp DoS
44921 20 Medium PHP < 5.3.2 / 5.2.13 Multiple Vulnerabilities
Apache Tomcat servlet/JSP container
12085 20 Medium
default files
53896 19 Medium Apache 2.2 < 2.2.18 APR apr_fnmatch DoS
43351 16 Medium PHP < 5.2.12 Multiple Vulnerabilities
PHP 5.2 < 5.2.17 / 5.3 < 5.3.5 String To
51439 15 Medium
Double Conversion DoS
Apache HTTP Server 403 Error Page
17696 13 Medium
UTF-7 Encoded XSS
Apache 2.2 < 2.2.24 Multiple Cross-Site
64912 11 Medium
Scripting Vulnerabilities
51139 10 Medium PHP 5.2 < 5.2.15 Multiple Vulnerabilities
Apache mod_status /server-status
10677 8 Medium
40467 7 Medium Apache 2.x < 2.2.12 Multiple Vulnerabilities
22254 7 Medium Web Server Expect Header XSS
Apache < 2.2.9 Multiple Vulnerabilities
33477 6 Medium
(DoS, XSS)
Tomcat Sample App hello.jsp test
25289 5 Medium
Parameter XSS
Multiple Web Server printenv CGI
10188 5 Medium
Apache Tomcat < 4.1.40 / 5.5.28 / 6.0.20
46753 4 Medium
Multiple Vulnerabilities
Web Vulnerabilities


26023 4 Medium
(DoS, XSS, Info Disc)
31118 4 Medium
(XSS, DoS)
OpenSSL < 0.9.6m / 0.9.7d Multiple
12110 4 Medium
Remote DoS
44135 3 Medium Web Server Generic Cookie Injection
CVS (Web Based) Entries File Information
10922 3 Medium
Disclosure
Apache < 2.0.63 Multiple XSS
31407 3 Medium
Vulnerabilities
33821 3 Medium .svn/entries Disclosed via Web Server
51975 3 Medium
Vulnerabilities
Apache Tomcat < 6.0.32 / 7.0.8 NIO
51987 3 Medium
Connector Denial of Service
56008 3 Medium
Vulnerabilities
62987 3 Medium
Vulnerabilities
Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x
17727 2 Medium < 5.5.23 Content-Length HTTP Request
Smuggling
Apache Tomcat 5.x < 5.5.21 Multiple
46868 2 Medium
Vulnerabilities
Apache Tomcat 5.x < 5.5.1 Information
47028 2 Medium
Disclosure
Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x <
51059 2 Medium
5.5.25 Multiple Vulnerabilities
62985 2 Medium
Denial of Service Vulnerabilities
Web Vulnerabilities


62988 2 Medium
Vulnerabilities
Apache Tomcat 7.0.x < 7.0.32 CSRF Filter
63200 2 Medium
Bypass
Apache Tomcat 5.5.x < 5.5.32 HTML
51957 2 Medium
Manager Interface XSS
Apache Tomcat 5.5.x < 5.5.36 DIGEST
62986 2 Medium Authentication Multiple Security
Weaknesses
Apache Tomcat 6.x < 6.0.30 / 7.x < 7.0.5
51526 2 Medium
Multiple XSS
Apache Tomcat RequestDispatcher
39447 2 Medium
Directory Traversal Arbitrary File Access
Apache Tomcat WAR Deployment Multiple
44314 2 Medium
Vulnerabilities
Apache mod_info /server-info Information
10678 2 Medium
Disclosure
Web Vulnerabilities

CVSS >4
This section reports on any active or passive plugins within the Web Server or CGI Abuse families that have a CVSS score greater than 4.0 and less than 10.0.
Web Vulnerabilities

CVSS >4

58987 24 Critical PHP Unsupported Version Detection
Apache 2.2 < 2.2.13 APR apr_palloc Heap
57603 7 Critical
Overflow
15555 5 Critical
Overflow
49691 1 Critical
57607 1 Critical
58988 30 High
Code Execution
34460 10 High Unsupported Web Server Detection
31654 6 High
59056 6 High
Execution
Web Vulnerabilities


12255 4 High
Overflow
String
66175 4 High Plesk Horde Detection
31655 3 High
PHP < 4.3.11 / 5.0.3 Multiple Unspecified
18033 2 High
Vulnerabilities
56301 2 High
Vulnerabilities
14803 1 High
Control Bypass
23842 1 High JBoss JMX Console Unrestricted Access
66240 1 High
Vulnerabilities
Web Vulnerabilities


57792 129 Medium
Apache Tomcat servlet/JSP container
12085 20 Medium
default files
PHP 5.2 < 5.2.17 / 5.3 < 5.3.5 String To
51439 15 Medium
17696 13 Medium
UTF-7 Encoded XSS
Apache 2.2 < 2.2.24 Multiple Cross-Site
64912 11 Medium
Scripting Vulnerabilities
Apache mod_status /server-status
10677 8 Medium
40467 7 Medium Apache 2.x < 2.2.12 Multiple Vulnerabilities
33477 6 Medium
(DoS, XSS)
25289 5 Medium
Parameter XSS
Multiple Web Server printenv CGI
10188 5 Medium
Apache Tomcat < 4.1.40 / 5.5.28 / 6.0.20
46753 4 Medium
Web Vulnerabilities


26023 4 Medium
31118 4 Medium
(XSS, DoS)
OpenSSL < 0.9.6m / 0.9.7d Multiple
12110 4 Medium
Remote DoS
44135 3 Medium Web Server Generic Cookie Injection
CVS (Web Based) Entries File Information
10922 3 Medium
Disclosure
31407 3 Medium
Vulnerabilities
33821 3 Medium .svn/entries Disclosed via Web Server
51975 3 Medium
Vulnerabilities
Apache Tomcat < 6.0.32 / 7.0.8 NIO
51987 3 Medium
Connector Denial of Service
56008 3 Medium
Vulnerabilities
62987 3 Medium
Vulnerabilities
Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x
Smuggling
46868 2 Medium
Vulnerabilities
Apache Tomcat 5.x < 5.5.1 Information
47028 2 Medium
Disclosure
Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x <
51059 2 Medium
62985 2 Medium
Web Vulnerabilities


62988 2 Medium
Vulnerabilities
63200 2 Medium
Bypass
51957 2 Medium
Apache Tomcat 5.5.x < 5.5.36 DIGEST
62986 2 Medium Authentication Multiple Security
Weaknesses
Apache Tomcat 6.x < 6.0.30 / 7.x < 7.0.5
51526 2 Medium
Multiple XSS
39447 2 Medium
44314 2 Medium
Vulnerabilities
Apache mod_info /server-info Information
10678 2 Medium
Disclosure
Web Vulnerabilities

Exploitable
This section reports on any active or passive plugins within the Web Server or CGI Abuse families that have publicly available exploits.
Web Vulnerabilities

Exploitable

15555 5 Critical
Overflow
57607 1 Critical
58988 30 High
Code Execution
31654 6 High
59056 6 High
Execution
31655 3 High
Web Vulnerabilities


56301 2 High
Vulnerabilities
14803 1 High
Control Bypass
66240 1 High
Vulnerabilities
57792 129 Medium
PHP 5.2 < 5.2.17 / 5.3 < 5.3.5 String To
51439 15 Medium
17696 13 Medium
UTF-7 Encoded XSS
Web Vulnerabilities


33477 6 Medium
(DoS, XSS)
25289 5 Medium
Parameter XSS
Apache Tomcat < 4.1.40 / 5.5.28 / 6.0.20
46753 4 Medium
26023 4 Medium
31118 4 Medium
(XSS, DoS)
31407 3 Medium
Vulnerabilities
51975 3 Medium
Vulnerabilities
62987 3 Medium
Vulnerabilities
Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x
Smuggling
46868 2 Medium
Vulnerabilities
Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x <
51059 2 Medium
62985 2 Medium
63200 2 Medium
Bypass
51957 2 Medium
Apache Tomcat 6.x < 6.0.30 / 7.x < 7.0.5
51526 2 Medium
Multiple XSS
39447 2 Medium
Web Vulnerabilities


44314 2 Medium
Vulnerabilities
lighttpd mod_fastcgi HTTP Request Header
26057 1 Medium
Remote Overflow
64992 1 Medium PHP 5.3.x < 5.3.22 Multiple Vulnerabilities
14748 1 Medium
(OF, DoS)
PHP php_variables.c Multiple Variable
15436 1 Medium
Open Bracket Memory Disclosure
Webmin / Usermin Null Byte Filtering
22300 1 Medium
Vulnerabilities
64993 1 Medium PHP 5.4.x < 5.4.12 Multiple Vulnerabilities
Web Server Directory Traversal Arbitrary
10297 1 Medium
File Access
Apache Tomcat < 5.5.26 Multiple
47576 1 Medium
Vulnerabilities
47749 1 Medium Apache Tomcat 5.5.x < 5.5.30
17728 1 Medium
Vulnerabilities
47577 1 Medium
Vulnerabilities
47578 1 Medium
Vulnerabilities
Apache Tomcat 6.0 < 6.0.28 Multiple
48255 1 Medium
Vulnerabilities
51510 1 Medium
53475 1 Medium
58594 1 Medium
Web Vulnerabilities


Apache Tomcat Cross-Application File
39479 4 Low
Manipulation
Web Server HTTP Header Internal IP
10759 4 Low
Disclosure
PHP < 4.4.2 Multiple Cross-Site Scripting
17709 2 Low
Vulnerabilities
PHP rfc1867.c $_FILES Array Crafted
14770 1 Low
MIME Header Arbitrary File Upload
Web Vulnerabilities

Web Application
This section reports on any active or passive plugins that test for generic CGI vulnerabilities.
Web Application
Web Vulnerabilities

XSS
Checks for web-based CGI programs with publicly documented cross-site scripting (XSS) vulnerabilities.
XSS

25289 5 Medium
Parameter XSS
PHP < 4.4.2 Multiple Cross-Site Scripting
17709 2 Low
Vulnerabilities
Web Vulnerabilities

SQL Injection
Listed below is the IP summary of systems with SQL injection vulnerabilities.
Web Vulnerabilities

SQL Injection IP Detail
Plugin Plugin Name Severity Total Family

PHP 5.3.x < 5.3.13
59056 CGI Query String Code High 4 CGI abuses
Execution
According to its banner, the version of PHP installed on the remote
host is 5.3.x earlier than 5.3.13 and, as such, is potentially
affected by a remote code execution and information disclosure
vulnerability.
The fix for CVE-2012-1823 does not completely correct the CGI query
vulnerability. Disclosure of PHP source code and code execution via
query parameters are still possible.
Note that this vulnerability is exploitable only when PHP is used in

CGI-based configurations. Apache with 'mod_php' is not an exploitable
configuration.
Hosts in Repository 'RonLab Remote':
10.224.32.190
10.127.106.141 - DNS : hosted-by.labtesting.int
10.61.237.32
10.126.152.2 - DNS : user.10.126.222.labtesting.int

PHP < 5.3.12 / 5.4.2
58988 CGI Query String Code High 20 CGI abuses
Execution
host is earlier than 5.3.12 / 5.4.2, and as such is potentially
affected by a remote code execution and information disclosure
vulnerability.
An error in the file 'sapi/cgi/cgi_main.c' can allow a remote attacker

to obtain PHP source code from the web server or to potentially
execute arbitrary code. In vulnerable configurations, PHP treats
certain query string parameters as command line arguments including
switches such as '-s', '-d', and '-c'.
Note that this vulnerability is exploitable only when PHP is used in
Web Vulnerabilities

CGI-based configurations. Apache with 'mod_php' is not an exploitable

configuration.
10.152.216.114 - DNS
: h10-10-216-114.host.labtesting.int
10.143.12.173 - DNS: hosted-by.labtesting.int
10.18.172.206
10.174.198.14
10.248.6.206 - DNS

PHP < 5.3.11 Multiple
58966 High 20 CGI abuses
Vulnerabilities
host is earlier than 5.3.11, and as such is potentially affected by
multiple vulnerabilities :
- During the import of environment variables, temporary

changes to the 'magic_quotes_gpc' directive are not
handled properly. This can lower the difficulty for
SQL injection attacks. (CVE-2012-0831)
- The '$_FILES' variable can be corrupted because the

names of uploaded files are not properly validated.
(CVE-2012-1172)
- The 'open_basedir' directive is not properly handled by

the functions 'readline_write_history' and
Web Vulnerabilities

'readline_read_history'.
- The 'header()' function does not detect multi-line

headers with a CR. (Bug #60227 / CVE-2011-1398)
10.152.216.114 - DNS

Apache Tomcat 5.5.x
56301 < 5.5.34 Multiple High 2 Web Servers
Vulnerabilities
According to its self-reported version number, the instance of Apache
Tomcat 5.5.x listening on the remote host is earlier than 5.5.34 and is
affected by multiple vulnerabilities:
- Several weaknesses were found in the HTTP Digest

authentication implementation. The issues are as
follows: replay attacks are possible, server nonces
are not checked, client nonce counts are not checked,
'quality of protection' (qop) values are not checked,
realm values are not checked and the server secret is
a hard-coded, known string. The effect of these issues
is that Digest authentication is no stronger than Basic
Web Vulnerabilities

authentication. (CVE-2011-1184, CVE-2011-5062,

CVE-2011-5063, CVE-2011-5064)
- An error handling issue exists related to the

MemoryUserDatabase that allows user passwords to be
disclosed through log files. (CVE-2011-2204)
- An input validation error exists that allows a local

attacker to either bypass security or carry out denial
of service attacks when the APR or NIO connectors are
enabled. (CVE-2011-2526)
- A component that Apache Tomcat relies on called 'jsvc'

contains an error in that it does not drop capabilities
after starting and can allow access to sensitive files
owned by the super user. Note this vulnerability only
affects Linux operating systems and only when 'jsvc' is
compiled with libpcap and the '-user' parameter is
used. (CVE-2011-2729)
- Specially crafted requests are incorrectly processed by

Tomcat and can cause the server to allow injection of
arbitrary AJP messages. This can lead to authentication
bypass and disclosure of sensitive information. Note
this vulnerability only occurs when the
org.apache.jk.server.JkCoyoteHandler AJP connector is
not used, POST requests are accepted, and the request
body is not processed.(CVE-2011-3190)
Note that Nessus did not actually test for the flaws but instead has
relied on the version in Tomcat's banner or error page.
10.98.233.219
10.160.194.27

Apache Tomcat 5.0.x <=
51059 5.0.30 / 5.5.x < 5.5.25 Medium 2 Web Servers
According to its self-reported version number, the Apache Tomcat
install listening on this port is 5.0.x equal to or earlier than
5.0.30 or 5.5.x earlier than 5.5.25 and, as such, may be affected by
Web Vulnerabilities

multiple vulnerabilities :
- An error exists in several JSP example files that allows

script injection via URLs using the ';' character.
(CVE-2007-2449)
- The Manager and Host Manager applications do not

properly sanitize the 'filename' parameter of the
'/manager/html/upload' script, which can lead to cross-
site scripting attacks. (CVE-2007-2450)
- An error exists in the handling of cookie values

containing single quotes which Tomcat treats as
delimiters. This can allow disclosure of sensitive
information such as session IDs. (CVE-2007-3382)
- An error exists in the handling of cookie values

containing backslashes which Tomcat treats as
delimiters. This can allow disclosure of sensitive
information such as session IDs. (CVE-2007-3385)
- An error exists in the Host Manager application which

allows script injection. (CVE-2007-3386)
Note that Nessus did not actually test for the flaws but instead has
relied on the version in Tomcat's banner or error page so this may
be a false positive.
Also note, in the case of 5.0.x versions, the issues have been fixed
by SVN revision number 588821.
10.123.129.247 - MAC: 5e:f3:fc:c0:48:4f

10.103.36.43

Apache 2.0 < 2.0.64 Multiple
50069 High 3 Web Servers
Vulnerabilities
According to its banner, the version of Apache 2.0 installed on the
remote host is older than 2.0.64. Such versions may be affected by
several issues, including :
- An unspecified error exists in the handling of requests
Web Vulnerabilities

without a path segment. (CVE-2010-1452)
- Several modules, including 'mod_deflate', are

vulnerable to a denial of service attack as the
server can be forced to utilize CPU time compressing
a large file after client disconnect. (CVE-2009-1891)
- An unspecified error exists in 'mod_proxy' related to

filtration of authentication credentials.
(CVE-2009-3095)
- A NULL pointer dereference issue exists in

'mod_proxy_ftp' in some error handling paths.
(CVE-2009-3094)
- An error exists in 'mod_ssl' making the server

vulnerable to the TLC renegotiation prefix injection
attack. (CVE-2009-3555)
- An error exists in the handling of subrequests such

that the parent request headers may be corrupted.
(CVE-2010-0434)
- An error exists in 'mod_proxy_http' when handling excessive

interim responses making it vulnerable to a denial of
service attack. (CVE-2008-2364)
- An error exists in 'mod_isapi' that allows the module

to be unloaded too early, which leaves orphaned callback
pointers. (CVE-2010-0425)
- An error exists in 'mod_proxy_ftp' when wildcards are

in an FTP URL, which allows for cross-site scripting
attacks. (CVE-2008-2939)
Note that the remote web server may not actually be affected by these
vulnerabilities. Nessus did not try to determine whether the affected
modules are in use or to check for the issues themselves.
10.248.6.206 - DNS: 10-248-6-206.HINET-IP.testinglab.intt

10.126.123.158 - DNS : 10.123.126.124.testinglab.int
10.37.135.2
Web Vulnerabilities


Apache Tomcat < 4.1.40 /
46753 5.5.28 / 6.0.20 Multiple Medium 4 Web Servers
Vulnerabilities
According to its self-reported version number, the Apache Tomcat
listening on the remote host is earlier than Tomcat 4.1.40 / 5.5.28 /
6.0.20 and, as such, may be affected by one or more of the following
vulnerabilities :
- The remote service may be vulnerable to a directory

traversal attack if a RequestDispatcher obtained from a
Request object is used. A specially crafted value for a
request parameter can be used to access potentially
sensitive configuration files or other files, e.g.,
files in the WEB-INF directory. (CVE-2008-5515)
- The remote service may be vulnerable to a denial of

service attack if configured to use the Java AJP
connector. An attacker can send a malicious request with
invalid headers which causes the AJP connector to be put
into an error state for a short time. This behavior can
be used as a denial of service attack. (CVE-2009-0033)
- The remote service may be vulnerable to a username

enumeration attack if configured to use FORM
authentication along with the 'MemoryRealm',
'DataSourceRealm', or 'JDBCRealm' authentication realms.
(CVE-2009-0580)
- The remote service may be affected by a script injection

vulnerability if the example JSP application,
'cal2.jsp', is installed. An unauthenticated, remote
attacker may be able to leverage this issue to inject
arbitrary HTML or script code into a user's browser to
be executed within the security context of the affected
site. (CVE-2009-0781)
- The remote service may be vulnerable to unauthorized

modification of 'web.xml', 'context.xml', or TLD files
of arbitrary web applications. This vulnerability could
allow the XML parser, used to process the XML and TLD
files, to be replaced. (CVE-2009-0783)
Web Vulnerabilities

Note that Nessus did not actually test for these flaws but instead has
relied on the version in Tomcat's banner or error page so this may
be a false positive.
10.123.129.247 - MAC: 5e:f3:fc:c0:48:4f

10.160.194.27
10.129.145.229
10.103.36.43

Apache 2.2 < 2.2.15 Multiple
45004 Critical 10 Web Servers
Vulnerabilities
According to its banner, the version of Apache 2.2 installed on the
remote host is older than 2.2.15. Such versions are potentially
affected by multiple vulnerabilities :
- A TLS renegotiation prefix injection attack is possible.

(CVE-2009-3555)
- The 'mod_proxy_ajp' module returns the wrong status code

if it encounters an error which causes the back-end
server to be put into an error state. (CVE-2010-0408)
- The 'mod_isapi' attempts to unload the 'ISAPI.dll' when

it encounters various error states which could leave
call-backs in an undefined state. (CVE-2010-0425)
- A flaw in the core sub-request process code can lead to

sensitive information from a request being handled by
the wrong thread if a multi-threaded environment is
used. (CVE-2010-0434)
- Added 'mod_reqtimeout' module to mitigate Slowloris

attacks. (CVE-2007-6750)
10.234.2.5
10.251.11.58 - DNS: abs-static-10.11.251.27.labtesting.int
10.18.172.206
10.162.110.11
10.90.230.187 - DNS
Web Vulnerabilities


Web Server Generic Cookie
44135 Medium 2 CGI abuses
Injection
The remote host is running a web server that fails to adequately
sanitize request strings of malicious JavaScript. By leveraging this
issue, an attacker may be able to inject arbitrary cookies. Depending
on the structure of the web application, it may be possible to launch
a 'session fixation' attack using this mechanism.
Please note that :
- Nessus did not check if the session fixation attack is

feasible.
- This is not the only vector of session fixation.

10.61.218.58
10.126.152.2 - DNS : user.10.126.222.testinglab.int

PHP < 5.2.11 Multiple
41014 High 8 CGI abuses
Vulnerabilities
host is older than 5.2.11. Such versions may be affected by several
security issues :
- An unspecified error occurs in certificate validation

inside 'php_openssl_apply_verification_policy'.
- An unspecified input validation vulnerability affects

the color index in 'imagecolortransparent()'.
- An unspecified input validation vulnerability affects

exif processing.
Web Vulnerabilities

- Calling 'popen()' with an invalid mode can cause a

crash under Windows. (Bug #44683)
- An integer overflow in 'xml_utf8_decode()' can make it

easier to bypass cross-site scripting and SQL injection
protection mechanisms using a specially crafted string
with a long UTF-8 encoding. (Bug #49687)
- 'proc_open()' can bypass 'safe_mode_protected_env_vars'.

(Bug #49026)
10.152.216.114 - DNS
: h10.10-216-114.host.testinglab.int
10.18.172.206
10.174.198.14
10.248.6.206 - DNS
Web Vulnerabilities

SSL Security Audits

Weak Hash
The remote service uses an SSL certificate that has been signed using a cryptographically weak hashing algorithm - MD2, MD4, or MD5. These signature algorithms
are known to be vulnerable to collision attacks. In theory, a determined attacker may be able to leverage this weakness to generate another certificate with the same
digital signature, which could allow him to masquerade as the affected service.
Weak Hash

SSL Certificate Signed using Weak Hashing
35291 34 Medium
Algorithm
SSL Security Audits

Valid In Future
The SSL certificate for the remote SSL-enabled service is not yet valid.
Valid In Future
SSL Security Audits

Expires Soon
The SSL certificate associated with the remote service will expire soon.
Expires Soon

42981 6 Info SSL Certificate Expiry - Future Expiry
SSL Security Audits

Wrong Name
The commonName (CN) of the SSL certificate presented on this service is for a different machine.
Wrong Name

45411 60 Medium SSL Certificate with Wrong Hostname
SSL Security Audits

Blacklisted CERT
Blacklisted SSL Certificate - The remote service uses an SSL certificate that is either fraudulent or was issued from a certificate authority that is considered to be
untrustworthy.
SSL Certificate Signed with the Compromised Fortigate Key - The X.509 certificate of the remote host was signed by a certificate belonging to a Certificate Authority
(CA) found in Fortigate devices. The private key corresponding to the CA has been compromised, meaning that the remote host's X.509 certificate cannot be trusted.
Certificate chains descending from this CA could allow an attacker to perform man-in-the-middle attacks and decode traffic.
SSL Certificate Chain Contains Illegitimate TURKTRUST Intermediate CA - The X.509 certificate chain sent by the remote host either contains or is signed by an
intermediate Certificate Authority (CA) that was accidentally issued by TURKTRUST. Certificate chains descending from this intermediate CA could allow an attacker
to perform man-in-the-middle attacks and decode traffic.
APT1-Related SSL Certificate Detected - An SSL certificate associated with the group known as APT1 was detected on the remote host. APT1's command and
control infrastructure uses several self-signed certificates to encrypt communications in their command and control infrastructure. The remote host appears to be
using one of these certificates, which indicates it may have been compromised.
Blacklisted CERT
SSL Security Audits

Known CERT
Well-known SSL Certificate Used in Remote Device - The X.509 certificate of the remote host is known to be shipping by default with the remote service / device.
The private key for this cert has been published, therefore the SSL communications done with the remote host can not be considered as being secret as anyone
with the ability to snoop the traffic between the remote host and the clients could decipher the traffic.
SSL Certificate Signed with the Publicly Known Cyberoam Key - The X.509 certificate of the remote host was signed by a certificate belonging to a Certificate
Authority (CA) found in Cyberoam devices. The private key corresponding to the CA was discovered and publicly disclosed, meaning that the remote host's X.509
certificate cannot be trusted.
Known CERT
SSL Security Audits

No Trust
SSL Certificate Cannot Be Trusted - The server's X.509 certificate does not have a signature from a known public certificate authority. This situation can occur in
three different ways, each of which results in a break in the chain below which certificates cannot be trusted.
First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of
the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known
public certificate authority.
Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's
'notBefore' dates, or after one of the certificate's 'notAfter' dates.
Third, the certificate chain may contain a signature that either didn't match the certificate's information, or could not be verified. Bad signatures can be fixed by getting
the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm
that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the
remote host.
No Trust

51192 381 Medium SSL Certificate Cannot Be Trusted
SSL Security Audits

Name Mismatch
SSL Certificate commonName Mismatch - This service presents an SSL certificate for which the 'commonName' (CN) does not match the host name on which
the service listens.
Name Mismatch

45410 212 Info SSL Certificate commonName Mismatch
SSL Security Audits

Revoked DigiNotar
SSL Certificate Signed with the Revoked DigiNotar Certificate Authority - The X.509 certificate of the remote host was signed by a certificate belonging to a Certificate
Authority (CA) called DigiNotar, which was revoked due to a known compromise. You should verify that the remote certificate indeed was obtained legally, and you
should get a new CA to sign it, as most web browsers are being updated to stop trusting this authority.
Revoked DigiNotar
SSL Security Audits

CA Signing Issue
SSL Certificate Fails to Adhere to Basic Constraints / Key Usage Extensions - An X.509 certificate sent by the remote host contains one or more violations of the
restrictions imposed on it by RFC 5280. This means that either a root or intermediate Certificate Authority signed a certificate incorrectly. Certificates that fail to
adhere to the restrictions in their extensions may be rejected by certain software. The existence of such certificates indicates either an oversight in the signing
process, or malicious intent.
SSL Certificate Chain Not Sorted - At least one of the X.509 certificates sent by the remote host is not in order. Some certificate authorities publish certificate
bundles that are in descending instead of ascending order, which is incorrect according to RFC 4346, Section 7.4.2. Some SSL implementations, often those found
in embedded devices, cannot handle unordered certificate chains.
SSL Certificate Chain Contains Unnecessary Certificates - At least one of the X.509 certificates sent by the remote host is not required to form a path from the
server's own certificate to the CA. This may indicate that the certificate bundle installed with the server's certificate is for certificates lower in the certificate hierarchy.
Some SSL implementations, often those found in embedded devices, cannot handle certificate chains with unused certificates.
CA Signing Issue

56471 2 Info SSL Certificate Chain Not Sorted
SSL Security Audits

Weak RSA Key

SSL Certificate Chain Contains Weak RSA Keys|At least one of the X.509 certificates sent by the remote host has a key that is shorter than 1024 bits. Such keys
are considered weak due to advances in available computing power decreasing the time required to factor cryptographic keys. Some SSL implementations, notably
Microsoft's, may consider this SSL chain to be invalid due to the length of one or more of the RSA keys it contains.
Weak RSA Key

SSL Certificate Chain Contains Weak RSA
60108 14 Medium
Keys
SSL Security Audits

SSL Vulns
Listed below are the Critical and High severity plugin's which are related to SSL vulnerabilities.
SSL Vulns

12255 4 High
Overflow
String
SSL Security Audits

PCI Configuration Issues

PCI 1.0
PCI Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
Firewalls are devices that control computer traffic allowed between an entity’s networks (internal) and untrusted networks (external), as well as traffic into and out of
more sensitive areas within an entity’s internal trusted networks. The cardholder data environment is an example of a more sensitive area within an entity’s trusted
network.
A firewall examines all network traffic and blocks those transmissions that do not meet the specified security criteria. All systems must be protected from unauthorized
access from untrusted networks, whether entering the system via the Internet as e-commerce, employee Internet access through desktop browsers, employee e-
mail access, dedicated connections such as business-to-business connections, via wireless networks, or via other sources. Often, seemingly insignificant paths to
and from untrusted networks can provide unprotected pathways into key systems. Firewalls are a key protection mechanism for any computer network.
Other system components may provide firewall functionality, provided they meet the minimum requirements for firewalls as provided in Requirement 1. Where
other system components are used within the cardholder data environment to provide firewall functionality, these devices must be included within the scope and
assessment of Requirement 1.
PCI 1.0

PCI 1.2 Build firewall and router
1001094 1 High configurations that restrict connections
between untrusted networks
PCI 1.2.1/1.3/1.3.2 Restrict inbound and
1001095 1 High outbound traffic to that which is necessary
for the cardholder data environment

PCI 2.0
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Malicious individuals (external and internal to an entity) often use vendor default passwords and other vendor default settings to compromise systems. These
passwords and settings are well known by hacker communities and are easily determined via public information.

PCI 2.0

PCI 2.2.3 - Verify that common security
1000998 2 High parameter settings are included - 'no SUID
or SGID files exist'
1001004 2 High parameter settings are included - 'default
umask = 27'
1001005 2 High parameter settings are included - '/etc/motd
contains the appropriate text'
1001006 2 High parameter settings are included - 'default
herald is set to appropriate text'
PCI 2.2.2 Enable only necessary and
1001007 2 High secure services, protocols, daemons - Block
talk/write - '/etc/csh.login contains mesg n'
1001008 2 High secure services, protocols, daemons - Block
talk/write - '/etc/profile contains mesg n'
1001009 2 High secure services, protocols, daemons -
'writesrv has been disabled'
1001014 2 High secure services, protocols, daemons - '/etc/
inittab - rcnfs has been disabled'
inittab - qdaemon has been disabled'
inittab - piobe has been disabled'
rc.tcpip - syslogd is disabled'
rc.tcpip - snmpmibd is disabled'


rc.tcpip - snmpd is disabled'
rc.tcpip - sendmail is disabled'
rc.tcpip - portmap is disabled'
rc.tcpip - inetd is disabled'
rc.tcpip - hostmibd is disabled'
rc.tcpip - aixmibd is disabled'
inetd.conf - xmquery is disabled'
inetd.conf - wsmserver is disabled'
inetd.conf - time-udp is disabled'
inetd.conf - time-tcp is disabled'
inetd.conf - telnet is disabled'
inetd.conf - shell is disabled'


inetd.conf - ntalk is disabled'
inetd.conf - login is disabled'
inetd.conf - ftp is disabled'
inetd.conf - exec is disabled'
inetd.conf - daytime-udp is disabled'
inetd.conf - daytime-tcp is disabled'
PCI 2.2.3 Configure system security
1000588 1 High parameters to prevent misuse '/etc/default/
security UMASK'
1000597 1 High parameters to prevent misuse '/etc/
securetty perms'
1000598 1 High parameters to prevent misuse 'registrar
deny'
1000599 1 High parameters to prevent misuse 'registrar
allow'
1000600 1 High parameters to prevent misuse 'recserv
deny'
1000601 1 High parameters to prevent misuse 'recserv
allow'


1000602 1 High
parameters to prevent misuse 'dtspc deny'
1000603 1 High
parameters to prevent misuse 'dtspc allow'
1000604 1 High
parameters to prevent misuse 'klogin deny'
1000605 1 High
parameters to prevent misuse 'klogin allow'
1000606 1 High
parameters to prevent misuse 'kshell deny'
1000607 1 High
parameters to prevent misuse 'kshell allow'
1000608 1 High
parameters to prevent misuse 'rpc deny'
1000609 1 High
parameters to prevent misuse 'rpc allow'
1000610 1 High parameters to prevent misuse 'chargen
deny'
1000611 1 High parameters to prevent misuse 'chargen
allow'
1000612 1 High
parameters to prevent misuse 'discard deny'
1000613 1 High parameters to prevent misuse 'discard
allow'
1000614 1 High
parameters to prevent misuse 'echo deny'
1000615 1 High
parameters to prevent misuse 'echo allow'
1000616 1 High
parameters to prevent misuse 'time deny'
1000617 1 High
parameters to prevent misuse 'time allow'


1000618 1 High parameters to prevent misuse 'daytime
deny'
1000619 1 High parameters to prevent misuse 'daytime
allow'
1000620 1 High
parameters to prevent misuse 'printer deny'
1000621 1 High
parameters to prevent misuse 'printer allow'
1000622 1 High
parameters to prevent misuse 'ident deny'
1000623 1 High
parameters to prevent misuse 'ident allow'
1000624 1 High
parameters to prevent misuse 'ntalk deny'
1000625 1 High
parameters to prevent misuse 'ntalk allow'
1000626 1 High
parameters to prevent misuse 'exec deny'
1000627 1 High
parameters to prevent misuse 'exec allow'
1000628 1 High
parameters to prevent misuse 'shell deny'
1000629 1 High
parameters to prevent misuse 'shell allow'
1000630 1 High
parameters to prevent misuse 'login deny'
1000631 1 High
parameters to prevent misuse 'login allow'
1000632 1 High
parameters to prevent misuse 'telnet deny'
1000633 1 High
parameters to prevent misuse 'telnet allow'
1000634 1 High
parameters to prevent misuse 'ftp deny'


1000635 1 High
parameters to prevent misuse 'ftp allow'
1000636 1 High
parameters to prevent misuse 'lockTimeout'
1000638 1 High parameters to prevent misuse
'Dtlogin.requestPort'
'SYSLOGD_OPTS'
1000640 1 High
parameters to prevent misuse '/etc/shadow'
1000641 1 High parameters to prevent misuse 'no
passwords in /etc/passwd'
1000642 1 High parameters to prevent misuse '/etc/
rc.config.d/nddconf perms'
'ip_send_redirects=0'
'ip_forwarding=0'
'tcp_isn_passprase=<RANDOM_STRING>'
'ip_respond_to_echo_broadcast=0'
'ip_respond_to_address_mask_broadcast=0'
'ip_respond_to_timestamp_broadcast=0'


'ip_respond_to_timestamp=0'
'ip_forward_directed_broadcasts=0'
'ip_forward_src_routed=0'
'arp_cleanup_interval=60000'
'tcp_syn_rcvd_max=4096'
'executable_stack=0'
1000656 1 High parameters to prevent misuse '/opt/ssh/etc/
sshd_config perms'
1000657 1 High
parameters to prevent misuse 'Banner'
'PermitRootLogin=no'
'RhostsRSAAuthentication=no'
'RhostsAuthentication=no'
'IgnoreRhosts=yes'
1000664 1 High
parameters to prevent misuse 'Protocol=2'


1000672 1 High secure services, protocols, daemons
'NFS_CLIENT=0'
'NFS_SERVER=0'
'CIFSCLIENT=0'
'VTDAEMON_START=0'
'PTYDAEMON_START=0'

PCI 3.0
Requirement 3: Protect stored cardholder data
Protection methods such as encryption, truncation, masking, and hashing are critical components of cardholder data protection. If an intruder circumvents other
security controls and gains access to encrypted data, without the proper cryptographic keys, the data is unreadable and unusable to that person. Other effective
methods of protecting stored data should be considered as potential risk mitigation opportunities. For example, methods for minimizing risk include not storing
cardholder data unless absolutely necessary, truncating cardholder data if full PAN is not needed, and not sending unprotected PANs using end-user messaging
technologies, such as e-mail and instant messaging.
PCI 3.0

PCI 4.0
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Sensitive information must be encrypted during transmission over networks that are easily accessed by malicious individuals. Misconfigured wireless networks and
vulnerabilities in legacy encryption and authentication protocols continue to be targets of malicious individuals who exploit these vulnerabilities to gain privileged
access to cardholder data environments.

PCI 4.0

PCI 4.1 - Verify that the proper encryption
1000847 1 High strength is implemented - client protocol -
'Protocol 2'
PCI 4.1 - Verify that the proper encryption
1000848 1 High strength is implemented - server protocol -
'Protocol 2'
PCI 4.1 - Verify that the protocol
1000849 1 High is implemented to use only secure
configurations- 'Banner = /etc/motd'
1000852 1 High is implemented to use only secure
configurations - 'rlogin = false'
is implemented to use only secure
1000853 1 High
configurations - '/etc/ssh/sshd_config
HostbasedAuthentication = no'
1000854 1 High
UsePrivilegeSeparation = yes'
1000855 1 High
PermitEmptyPasswords = no'
1000856 1 High
IgnoreRhosts = yes'
1000857 1 High
PermitRootLogin = no'
1000858 1 High
configurations - '/etc/ssh/ssh_config
root:system 600'


1000859 1 High
root:system 600'
PCI 4.1 - verify that cardholder data is
1000865 1 High encrypted during transit - 'openssh.license
is installed'

PCI 5.0
Requirement 5: Use and regularly update anti-virus software or programs
Malicious software, commonly referred to as #malware#—including viruses, worms, and Trojans—enters the network during many business- approved activities
including employee e-mail and use of the Internet, mobile computers, and storage devices, resulting in the exploitation of system vulnerabilities. Anti-virus software
must be used on all systems commonly affected by malware to protect systems from current and evolving malicious software threats.
PCI 5.0

PCI 6.0
Requirement 6: Develop and maintain secure systems and applications
Unscrupulous individuals use security vulnerabilities to gain privileged access to systems. Many of these vulnerabilities are fixed by vendor- provided security patches,
which must be installed by the entities that manage the systems. All critical systems must have the most recently released, appropriate software patches to protect
against exploitation and compromise of cardholder data by malicious individuals and malicious software.
PCI 6.0

PCI 7.0
Requirement 7: Restrict access to cardholder data by business need to know
To ensure critical data can only be accessed by authorized personnel, systems and processes must be in place to limit access based on need to know and according
to job responsibilities. Need to know# is when access rights are granted to only the least amount of data and privileges needed to perform a job.

PCI 7.0

PCI 7.1.4/7.2.1/7.2.3 Automated access
1000574 1 High
control / default deny
PCI 7.1.4 Implementation of an automated
1000575 1 High access control system 'pass in from
<allowed net>/<mask>'
PCI 7.1.4 Implementation of an automated
1000576 1 High access control system / default deny 'block
in all'
PCI 7.1.1 Restriction of access rights
1000577 1 High to privileged user IDs to least privileges
necessary 'secure RPC'
necessary 'securetty perms'
necessary 'crontab perms'
necessary 'at.allow perms'
necessary 'cron.allow perms'
PCI 7.1.1/7.2.3 Restrict access rights /
1000583 1 High
default deny 'cron.allow, root'
PCI 7.1.1/7.2.3 Restrict access rights /
1000584 1 High
default deny 'at.allow, root'
PCI 7.2.3 - Default 'deny-all' setting - '/etc/
1000840 1 High
hosts.allow root:system 600'
PCI 7.2.3 - Default 'deny-all' setting -
1000841 1 High
'hosts.allow contains %VALUE%'
1000842 1 High
hosts.deny root:system 600'
1000843 1 High
hosts.deny file contains ALL:ALL'


1000846 1 High to least privileges necessary - 'sudo is
installed'

PCI 8.0
Requirement 8: Assign a unique ID to each person with computer access
Assigning a unique identification (ID) to each person with access ensures that each individual is uniquely accountable for his or her actions. When such accountability
is in place, actions taken on critical data and systems are performed by, and can be traced to, known and authorized users.

PCI 8.0

PCI 8.5.13 Limit repeated access attempts
1000545 1 High by locking out the user ID after not more
than six attempts
PCI 8.5.12 Do not allow an individual to
1000546 1 High submit a new password that is the same as
any of the last four passwords
PCI 8.5.11 Use passwords containing
1000547 1 High both numeric and alphabetic characters
'digit=<1'
PCI 8.5.8.a Generic user IDs and accounts
1000552 1 High
are disabled or removed 'hpdb'
1000554 1 High
are disabled or removed 'nobody'
1000555 1 High
are disabled or removed 'lp'
1000556 1 High
are disabled or removed 'bin'
1000557 1 High
are disabled or removed 'daemon'
1000558 1 High
are disabled or removed 'adm'
1000559 1 High
are disabled or removed 'nuucp'
1000560 1 High
are disabled or removed 'uucp'
1000566 1 High
are disabled or removed 'smbnull'
1000567 1 High
are disabled or removed 'sys'
1000568 1 High
are disabled or removed 'www'
PCI 8.4 Render all passwords unreadable
1000569 1 High
during transmission and storage on


all system components using strong
cryptography 'shadowing'
PCI 8.4 Render all passwords unreadable
during transmission and storage on
1000570 1 High
all system components using strong
cryptography '/etc/passwd'
PCI 8.5.12 - Password parameters require
new passwords do not repeat the four
1000795 1 High
previously used - /etc/security/user -
'histexpire >= 13'
new passwords do not repeat the four
1000796 1 High
previously used - /etc/security/user -
'histsize >= 4'
1000797 1 High both numeric and alphabetic characters - /
etc/security/user - 'mindiff >= 4'
etc/security/user - 'maxrepeats <= 2'
etc/security/user - 'minother >= 2'
etc/security/user - 'minalpha >= 2'
1000801 1 High passwords to be at least seven characters
- /etc/security/user - 'minlen >= 7'
users to change passwords at least every
1000802 1 High
90 days - /etc/security/user - 'maxexpired
<= 2'
1000803 1 High
90 days - /etc/security/user - 'minage >=
1'


1000804 1 High
90 days - /etc/security/user - 'maxage <=
13'
PCI 8.5.8 - Generic user IDs and accounts
1000805 1 High are disabled or removed - 'uucp group has
been removed'
1000806 1 High are disabled or removed - 'staff group has
been removed'
1000807 1 High are disabled or removed - 'snapp group has
been removed'
1000808 1 High are disabled or removed - 'printq group has
been removed'
1000810 1 High are disabled or removed - 'mail group has
been removed'
1000811 1 High are disabled or removed - 'lp group has
been removed'
1000812 1 High are disabled or removed - 'ipsec group has
been removed'
1000813 1 High are disabled or removed - 'invscout group
has been removed'
1000814 1 High are disabled or removed - 'ecs group has
been removed'
1000816 1 High are disabled or removed - 'sys login=false
rlogin=false'
1000818 1 High are disabled or removed - 'snapp
login=false rlogin=false'


1000821 1 High are disabled or removed - 'nuucp
1000822 1 High are disabled or removed - 'nobody
1000823 1 High are disabled or removed - 'lpd login=false
rlogin=false'
1000824 1 High are disabled or removed - 'lp login=false
rlogin=false'
1000825 1 High are disabled or removed - 'ipsec login=false
rlogin=false'
1000826 1 High are disabled or removed - 'invscout
1000827 1 High are disabled or removed - 'guest login=false
rlogin=false'
1000829 1 High are disabled or removed - 'daemon
1000830 1 High are disabled or removed - 'bin login=false
rlogin=false'
1000831 1 High are disabled or removed - 'adm login=false
rlogin=false'
PCI 8.5.1 - Control addition, deletion, and
1000832 1 High modification of user IDs - Permissions and
Ownership - '/etc/passwd root:security 644'
PCI 8.1 - Verify that all users are assigned a
1000836 1 High
unique ID - 'guest account removal'


PCI 8.1 - Verify that all users are assigned
1000838 1 High a unique ID - 'all unlocked accounts must
have a password'
PCI 8.5.15 Re-authenticate to re-activate
1000355 1 High the terminal or session if idle for 15 or more
minutes (MaxIdleTime)
PCI 8.5.10 Require a minimum password
1000549 1 High
length of at least seven characters
PCI 8.5.9 Change user passwords at least
1000550 1 High
every 90 days
PCI 8.5.10 Require a minimum password
1001353 1 High
length of at least seven characters - PAM
PCI 8.5.11 Use passwords containing both
1001354 1 High
numeric and alphabetic characters - PAM
PCI 8.5.12 Do not allow an individual to
1001355 1 High
reuse last 4 or more passwords - PAM
PCI 8.5.13 Limit repeated access attempts
1001356 1 High
by locking out the user - PAM

PCI 9.0
Requirement 9: Restrict physical access to cardholder data
Any physical access to data or systems that house cardholder data provides the opportunity for individuals to access devices or data and to remove systems or
hardcopies, and should be appropriately restricted.
PCI 9.0

PCI 9.7 Maintain strict control over the
1000359 1 High internal or external distribution of any kind
of media - 'UsbStor\Start'
of media - Disable USB Devices
internal or external distribution of any
1001358 1 High
kind of media - Disable User-Mounted
Removable File Systems
of media - 'audit successful mounts'

PCI 10.0
Requirement 10: Track and monitor all access to network resources and cardholder data
Logging mechanisms and the ability to track user activities are critical in preventing, detecting, or minimizing the impact of a data compromise. The presence of
logs in all environments allows thorough tracking, alerting, and analysis when something does go wrong. Determining the cause of a compromise is very difficult,
if not impossible, without system activity logs.

PCI 10.0

PCI 10.7 Retain audit trail history for at least
1000526 1 High
one year 'rotation in months'
1000527 1 High
one year 'rotation schedule'
PCI 10.5.3 Promptly back up audit trail files
1000528 1 High
to a centralized log server 'server IP'
1000529 1 High to a centralized log server '/etc/rsyslog.conf
perms'
PCI 10.4/10.4.3 Using time-synchronization
technology / Time settings are received
1000536 1 High
from industry-accepted time sources 'ntp
tertiary'
1000537 1 High
secondary'
1000538 1 High
primary'
1000539 1 High PCI 10.4.2 Time data is protected
PCI 10.4 Using time-synchronization
1000540 1 High technology, synchronize all critical system
clocks and times
PCI 10.2 Implement automated audit
1000541 1 High trails for all system components
'AUDEVENT_ARGS1=-P -F -r basic'
PCI 10.2 Implement automated audit trails
1000542 1 High
for all system components 'AUDITING=1'
PCI 10.2 Implement automated audit trails
1000543 1 High
for all system components 'audsys running'
PCI 10.1 Establish a process for linking
1000544 1 High all access to system components to each
individual user


clocks and times 'TIMESYNC'
clocks and times 'server 1'
1000516 1 High
one year '/var/log/system.log'
1000517 1 High
one year '/var/log/secure.log'
PCI 10.7 - Audit log retention policies - 'cron
1000759 1 High
audit rotation has been implemented'
PCI 10.6 - Security log review - sar
1000760 1 High accounting - 'daily summaries are being
prepared'
1000761 1 High accounting - 'activity reports are generated
hourly on weekday 6p-7a'
hourly on weekends'
every 20 minutes or less on weekday 8a-5p'
PCI 10.5.4 - Write logs for external-facing
technologies onto a log server on the
1000764 1 High
internal LAN - Accept remote messages
disabled
1000765 1 High
internal LAN - '*.info;auth.none remote entry
exists in /etc/syslog.conf'
1000766 1 High
internal LAN - 'auth.info remote entry exists
in /etc/syslog.conf'


PCI 10.5.2 - Protect audit trail files from
1000767 1 High unauthorized modifications - '/var/adm/ras/*
files are not world readable or writable'
1000768 1 High unauthorized modifications - '/var/adm/
syslog exists'
1000769 1 High unauthorized modifications - '/var/adm/
authlog exists'
1000770 1 High unauthorized modifications - '/var/ct/
RMstart.log root:system 640'
1000772 1 High unauthorized modifications- '/var/adm/sa
adm:adm 755'
1000774 1 High unauthorized modifications - '/smit.log
root:system 640'
PCI 10.3.2 - Verify type of event is included
1000780 1 High in log entries - 'user auditclasses =
general,SRC,cron,tcpip'
1000781 1 High in log entries - '/etc/security/audit/config -
<user> = general,SRC,cron,tcpip'
1000782 1 High in log entries - '/etc/security/audit/config root
= general,SRC,mail,cron,tcpip,ipsec,lvm'
PCI 10.2.6 - Initialization of the audit logs -
1000790 1 High
'audit has been enabled'
PCI 10.2.4 - Invalid logical access attempts
1000791 1 High - '*.info;auth.none entry exists in /etc/
syslog.conf'
PCI 10.2.4 - Invalid logical access attempts
1000792 1 High
- 'auth.info entry exists in /etc/syslog.conf'
1000367 1 High
one year - Retain application log


1000368 1 High
one year - Retain security log
1000369 1 High
one year - Retain system log
PCI 10.2.1 Monitor all individual accesses
1001361 1 High
to cardholder data - '/var/log/faillog'
1001362 1 High
to cardholder data - '/var/log/lastlog'
1001363 1 High
to cardholder data - '/var/log/tallylog'
1001364 1 High
to cardholder data - '/var/log/btmp'
PCI 10.2.2 Monitor all actions taken by
1001365 1 High any individual with root or administrative
privileges
1001366 1 High PCI 10.2.3 Access to all audit trails
PCI 10.2.4 Invalid logical access attempts -
1001367 1 High
'EACCES'
PCI 10.2.4 Invalid logical access attempts -
1001368 1 High
'EPERM'
technology, synchronize all critical system
1001370 1 High
clocks and times - Make sure 'ntpd' process
is turned on
PCI 10.4/10.4.3 Using time-
synchronization technology, synchronize
1001371 1 High
all critical system clocks and times -
'authorized_NTP_server_primary'
1001372 1 High
'authorized_NTP_server_secondary'
1001373 1 High
'authorized_NTP_server_tertiary'


PCI 10.4.2 Time data is protected - check '/
1001374 1 High
etc/ntp.conf' file permissions
PCI 10.5/10.5.1/10.5.2 Secure audit trails
1001375 1 High so they cannot be altered - check '/var/log/
btmp' file permissions
PCI 10.5/10.5.1/10.5.2 Secure audit trails
1001398 1 High so they cannot be altered - check '/var/log/
wtmp' file permissions
1001400 1 High to a centralized log server - check '/etc/
rsyslog.conf' file permissions
PCI 10.5.3 Promptly back up audit trail
1001401 1 High files to a centralized log server - configure
remote logging.

PCI 11.0
Requirement 11: Regularly test security systems and processes.
Vulnerabilities are being discovered continually by malicious individuals and researchers, and being introduced by new software. System components, processes,
and custom software should be tested frequently to ensure security controls continue to reflect a changing environment.
PCI 11.0

PCI 12.0
Requirement 12: Maintain a policy that addresses information security for all personnel.
A strong security policy sets the security tone for the whole entity and informs personnel what is expected of them. All personnel should be aware of the sensitivity
of data and their responsibilities for protecting it.
PCI 12.0

Pci Indicator Sample Report

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Pci Indicator Sample Report

Uploaded by

Copyright:

Available Formats

SecurityCenter 4

TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013

PCI Indicator Report

PCI DSS Compliance

Vulnerability Summary - Failing PCI DSS Systems

Plugin Total Severity Plugin Name

Host Summary - Non-Compliant PCI-DSS

PCI DSS Compliance

Tenable Network Security 1

Passing PCI DSS Systems

Vulnerability Summary - Passing PCI DSS Systems

Host Summary - Compliant PCI-DSS

PCI DSS Compliance

Tenable Network Security 2

Invalid Test Settings

Vulnerability Summary - Invalid Test Settings

Host Summary - Invalid Test Settings

PCI DSS Compliance

Tenable Network Security 3

Vulnerability Summary - Insecure Communications

Host Summary - Insecure Communications

PCI DSS Compliance

Tenable Network Security 4

Remote Access Software

Vulnerability Summary - Remote Access Software

Plugin Total Severity Plugin Name

Host Summary - Remote Access Software

PCI DSS Compliance

Tenable Network Security 5

Vulnerability Summary - Internet Reachable DB

Host Summary - Internet Reachable DBs

PCI DSS Compliance

Tenable Network Security 6

PCI-DSS Status Per Host

Last Scan > 7 Days Ago

Plugin Total Severity Plugin Name

PCI-DSS Status Per Host

Tenable Network Security 7

Last Scan > 30 Days Ago

Last Scan > 30 Days Ago

Plugin Total Severity Plugin Name

PCI-DSS Status Per Host

Tenable Network Security 8

Tenable Network Security 9

Plugin Total Severity Plugin Name

Tenable Network Security 10

Plugin Total Severity Plugin Name

Tenable Network Security 11

Plugin Total Severity Plugin Name

Tenable Network Security 12

Plugin Total Severity Plugin Name

Tenable Network Security 13

Plugin Total Severity Plugin Name

Tenable Network Security 14

Tenable Network Security 15

Plugin Total Severity Plugin Name

Tenable Network Security 16

Plugin Total Severity Plugin Name

Tenable Network Security 17

Plugin Total Severity Plugin Name

Tenable Network Security 18

Plugin Total Severity Plugin Name

Tenable Network Security 19