order ref: 111111 - amazon s3 · 2014-03-19 · 5. vulnerabilities 5.1 unambiguous vulnerability...
TRANSCRIPT
19 Mar 2014
For: example.com
Order Ref: 111111
Report Time Period: 01 Jan 2014 to 19 Mar 2014
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
1. Overview
1.1 The Evolution of threats to your online business
Websites are the new battleground between malicious hackers, security professionals and online business
owners. The game has changed; malicious hackers are targeting websites in order to compromise them, steal
precious business information and employ legitimate benign websites to do their dirty work for them. Malicious
hackers are no longer focused on defacing websites, their motivation has become even more dangerous for
online business owners. Websites are now being more commonly hacked to be used as distributors of malware,
to infect millions of visitors unknowingly with viruses and malware. These kinds of attacks destroy the reputation
of more than 6,600 websites every single day. It is imperative to sit up and take notice, and employ a mechanism
which will protect your website against these kinds of devastating attacks.
1. 2 Goodbye search engine rankings: malware can render your site invisible
When your site is infected by malware, it is quarantined by search engines such as Google, Yahoo, Bing and
many others. They don’t want you infecting innocent visitors to your site. This ‘blacklisting’ will see your
hard-fought search engine rankings drop to zero overnight, leaving your investment in Search Engine
Optimisation (SEO) a complete waste. Most modern browsers will even block your site, rendering your website
invisible. If no one can see or visit your website then your business will flat-line. Not only will your revenue and
reputation take a significant – perhaps, irreparable - hit, but recovering from blacklisting is no picnic. The effects
of being blacklisted are devastating, but this time-consuming, resource-draining and costly recovery process can
be avoided all together if malware is detected and prevented in good time.
1. 3 How HackAvert® will ensure your online business' survival
HackAvert®'s advanced services can protect the reputation of your online business. HackAvert's advanced
technology constantly evolves to stay a step ahead of the malicious hackers. This report lets you take complete
control of website (before hackers do) and helps you take measures to protect your property, improve your site’s
performance, and increase your online business.
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
2. Your HackAvert® Subscription
Order Ref 111111
Domain www.example.com
Account Code EXAMP03
Duration 1 Year
Subscription Date 01 JAN 2014 11:26
Expiry Date 01 JAN 2015 11:26
Status Active
Automatic Cleanup Disabled
Rating Bad
Last Vulnerabilities Scan 10 MAR 2014 20:01
Last Health Monitoring Scan 06 MAR 2014 08:05
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
3. Reputation Monitoring
3.1 How is your website perceived on the internet?
The Reputation section provides information to answer the above questions: Is your website on any blacklist? Is
your SSL certificate expiring soon? Are any of the search engines blacklisting your website? And much more. It
is divided into two sections:
1. Ecosystem: This section shows you the results of the reputation information regarding your IP, your host,
and whether your IP is listed in Botnets or not.
2. Blacklists: This section shows you the results of checking your domain name against various data
sources such as Google malware, Google Phishing, DNS blacklists, Phishing blacklists and much more. An
alert icon indicates that a particular data source has an unfavourable perception of your domain.
3.2 How your reputation looks today (2014-03-19)
E
C
O
S
Y
S
T
E
M
SSL Status safe (Valid)
SSL Expiration safe (Mar 2 09:56:07 2016 GMT)
SSL Type good (Standard SSL Certificate)
IP Reputation safe (Botnet activity not detected)
Network Reputation poor (26 Malicious websites hosted by your ISP)
B
L
A
C
K
L
I
S
T
S
Bing safe
Google Phishing safe
Symantec safe
Clean-MX safe (0 Spam/Phishing incidents reported)
Reputation safe (Legitimate site)
Yahoo safe
SURBL Spam Blacklists safe
McAfee safe
PhishTank safe (Active Phishing activity not reported)
Google safe
SSL Ciphers safe (DHE-RSA-AES256-SHA)
SpamCop safe (Spam activity not reported)
DNS Blacklists safe
Malware URL safe (Malware activity not reported)
Malware Patrol safe (Malware activity not reported)
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
4. Website performances
4.1 What does it mean? Why does it matter?
Customers expect good user experience when they’re visiting your website. Slow loading pages and downtime
are a sure-fire way to test your customer’s patience and commitment to their purchases.
With HackAvert® you won’t lose transactions this way. With its Speed Monitoring function you can see how fast
your webpages are loading, so you can gauge the quality of user experience, and amend the pages that are
letting you down.
Plus, you can ensure website downtime doesn't send your customers elsewhere. HackAvert®’s Uptime
Monitoring notifies you when your site is having problems so you can rectify the situation quickly, at the expense
of the fewest customers possible.
4.2 Your uptime and speed monitoring reports
Up-time Monitoring gives you an overview of the availability of your website including details on down time. In
the event that your site went down, you should have received an email alert. Please find below the details of
your site's uptime during your selected time period. The red sector indicates the percentage of downtime your
website experienced over the duration, while the green indicates the percentage of the time your site was up.
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
Below you'll find the exact time(s) your website experienced downtime. By pinpointing the moment your site went
down, you can begin to understand why, and stop it happening again. Reducing downtime will increase user
experience for your visitors, so it's well worth noting.
Reported downtimes for www.example.com between 2014-01-10 00:00:00 and 2014-03-19 23:59:59:
Please find below the details of your site's speed and average response time over your selected time period.
With this information you get a greater understanding of how long it takes to access your site. This is important
to take into account when considering user experience.
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
5. Vulnerabilities
5.1 Unambiguous vulnerability assessment
This report shows vulnerabilities for www.example.com found between 2014-01-01 00:00:00 and
2014-03-19 23:59:59.
The standard policies of scanning, as described in Robots.txt, were respected and no attempts were made to
use brute force to gain access to restricted (login) pages. Several safety and conformance issues have been
identified and are presented in this report. To make it easier, we group vulnerabilities into: (a) server level
analysis and (b) software level analysis.
When appropriate, we associate each vulnerability that we found with the commonly-used identifier found in the
Open Source Vulnerability Database [OSVDB] and colour code them.
Risk Rating:
Critical. A vulnerability, that if exploited, can result in immediate threats to your target system and will likely
cause harmful or significant effects such as compromise of your system's confidentiality, integrity, or availability
of data and resource. It should be investigated immediately to reduce the risk of a successful attack.
Important. An important vulnerability, which may not be critical, but can still be used by a malicious hacker to
cause significant harm. It should still be investigated quickly to prevent the vulnerability becoming greater.
Informational. A vulnerability that is a low risk issue or warning and has minimal impact to your target system. If
exploited, the vulnerability won't lead to immediate data loss or system compromise. However, it should be
investigated to further minimise potential adverse effects.
In the case that we found vulnerabilities on your server and/or application during your selected time period, you'll
find a graph depicting the spread of vulnerabilities. Ranging from informational (i.e. good to know) to critical
(act-now vulnerabilities) the findings are colour-coded and should be used to prioritise amendments.
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
Server Vulnerabilities Application Vulnerabilities
Use the information in the graph below to chart your site's vulnerabilities and track the progress your site is
making.
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
5.2 Vulnerabilities summary
A total of 23 vulnerabities were found during this report period.
# Summary (6 existing vulnerabities at the end of this report period) Risk Rating Group Date Found
1 It is possible to guess the remote operating system. Important Server 2014-01-10
2 It is possible to guess the remote device type. Important Server 2014-01-10
3 Security patches are backported. Informational Server 2014-01-10
4 It was possible to obtain traceroute information. Informational Server 2014-01-10
5 It is possible to enumerate CPE names that matched on the remote\n system. Informational Server 2014-01-10
6 An FTP server is listening on this port. Informational Server 2014-01-10
# Summary (17 vulnerabities were fixed during report period) Risk Rating Group Date Fixed
7 The remote web server is prone to cross-site scripting attacks. Critical App 2014-01-10
8 SSH is configured to allow MD5 and 96-bit MAC algorithms. Important Server 2014-01-10
9 The remote web server does not return 404 error codes. Important Server 2014-01-10
10 Authentication credentials might be intercepted. Important Server 2014-01-10
11 The SSH server is configured to use Cipher Block Chaining. Important Server 2014-01-10
12 Some information about the remote HTTP configuration can be extracted. Informational Server 2014-01-10
13 An SSH server is listening on this port. Informational Server 2014-01-10
14 Security patches are backported. Informational Server 2014-01-10
15 An SSH server is listening on this port. Informational Server 2014-01-10
16 The name of the Linux distribution running on the remote host was found\n in the banner of the web
server.
Informational Server 2014-01-10
17 It is possible to obtain the version number of the remote PHP\n install. Informational Server 2014-01-10
18 A web server is running on the remote host. Informational Server 2014-01-10
19 Security patches are backported. Informational Server 2014-01-10
20 A SSH server is running on the remote host. Informational Server 2014-01-10
21 It was possible to resolve the name of the remote host. Informational Server 2014-01-10
22 The remote web server contains a 'robots.txt' file. Informational Server 2014-01-10
23 It is possible to obtain the version number of the remote PHP\n install. Informational Server 2014-03-06
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
5.3 Details regarding the still-existing vulnerabilities from the report period
5.3.1 Server level analysis
5.3.1.1 Critical vulnerabilities
No Server Critical Vulnerabilities (High Priority) were found during the requested report period.
5.3.1.2 Important vulnerabilities
Impact:
It is possible to guess the remote operating system.
First identified:
2014-01-10 16:57:09
Details: Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP,
etc...), it is possible to guess the name of the remote operating
system in use. It is also sometimes possible to guess the version of
the operating system.
Plugin Output: Remote operating system :
Confidence Level : 95
Method : SSH
The remote host is running
Impact:
It is possible to guess the remote device type.
First identified:
2014-01-10 16:57:09
Details: Based on the remote operating system, it is possible to determine
what the remote system type is (eg: a printer, router, general-purpose
computer, etc).
Plugin Output: Remote device type :
Confidence level : 95
5.3.1.3 Informational notices
Impact:
Security patches are backported.
First identified:
2014-01-10 16:57:09
Details: Security patches may have been 'backported' to the remote FTP server
without changing its version number.
Banner-based checks have been disabled to avoid false positives.
Note that this test is informational only and does not denote any
security problem.
Output: Give HackAvert credentials to perform local checks.
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
Impact:
It was possible to obtain traceroute information.
First identified:
2014-01-10 16:57:09
Details: Makes a traceroute to the remote host.
Output: For your information, here is the traceroute from 50.56.232.140 to
188.78.110.41 :
64.192.76.142
119.159.254.246
62.142.103.73
62.7.52.87
Impact:
It is possible to enumerate CPE names that matched on the remote\n system.
First identified:
2014-01-10 16:57:09
Details: By using information obtained from a HackAvert scan, this plugin reports
CPE (Common Platform Enumeration) matches for various hardware and
software products found on a host.
Note that if an official CPE is not available for the product, this
plugin computes the best possible CPE based on the information available
from the scan.
Output: The remote operating system matched the following CPE :
cpe:
Following application CPE's matched on the remote system :
cpe:/
cpe:/
Server 2.2.22
cpe:/
Impact:
An FTP server is listening on this port.
First identified:
2014-01-10 16:57:09
Details: It is possible to obtain the banner of the remote FTP server by
connecting to the remote port.
Output: The remote FTP banner is :
5.3.2 Application level analysis
5.3.2.1 Critical vulnerabilities
No Application Critical Vulnerabilities (High Priority) were found during the requested report period.
5.3.2.2 Important vulnerabilities
No Application Important Vulnerabilities (Medium Priority) were found during the requested report period.
5.3.2.3 Informational notices
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
No Application Informational Vulnerabilities (Low Priority) were found during the requested report period.
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
5.4 Details regarding the fixed vulnerabilities during the report period
5.4.1 Server level analysis
5.4.1.1 Critical vulnerabilities
No Server Critical Vulnerabilities (High Priority) were found during the requested report period.
5.4.1.2 Important vulnerabilities
Impact:
SSH is configured to allow MD5 and 96-bit MAC algorithms.
First identified:
2014-01-10 16:57:09
Details: The SSH server is configured to allow either MD5 or 96-bit MAC
algorithms, both of which are considered weak.
Note that this plugin only checks for the options of the SSH server and
does not check for vulnerable software versions.
Plugin Output: The following client-to-server Method Authentication Code (MAC) algorithms
are supported :
hmac-md5
hmac-sh
hmac-sh
The following server-to-client Method Authentication Code (MAC) algorithms
are supported :
hmac-
hmac-md5
hmac-sh
hmac-sh
hmac-sh
Recommendation: Contact the vendor or consult product documentation to disable MD5 and
96-bit MAC algorithms.
Impact:
The remote web server does not return 404 error codes.
First identified:
2014-01-10 16:57:09
Details: The remote web server is configured such that it does not return '404
Not Found' error codes when a nonexistent file is requested, perhaps
returning instead a site map, search page or authentication page.
HackAvert has enabled some counter measures for this. However, they
might be insufficient. If a great number of security holes are
produced for this port, they might not all be accurate.
Plugin Output: CGI scanning will be disabled for this host because the host responds
to requests for non-existent URLs with HTTP code 302
rather than 404. The requested URL was :
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
Impact:
Authentication credentials might be intercepted.
First identified:
2014-01-10 16:57:09
Details: The remote FTP server allows the user's name and password to be
transmitted in clear text, which could be intercepted by a network
sniffer or a man-in-the-middle attack.
Plugin Output: This FTP server does not support 'AUTH TLS'.
Other references :
Recommendation: Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS).
In the latter case, configure the server so that control connections
are encrypted.
Impact:
The SSH server is configured to use Cipher Block Chaining.
First identified:
2014-01-10 16:57:09
Details: The SSH server is configured to support Cipher Block Chaining (CBC)
encryption. This may allow an attacker to recover the plaintext message
from the ciphertext.
Note that this plugin only checks for the options of the SSH server and
does not check for vulnerable software versions.
Plugin Output: The following client-to-server Cipher Block Chaining (CBC) algorithms
are supported :
aes192-cbc
aes256-cbc
blowfish-cbc
The following server-to-client Cipher Block Chaining (CBC) algorithms
are supported :
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
CVE :
BID : 32319
Other references : OSVDB
Recommendation: Contact the vendor or consult product documentation to disable CBC mode
cipher encryption, and enable CTR or GCM cipher mode encryption.
5.4.1.3 Informational notices
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
Impact:
Some information about the remote HTTP configuration can be extracted.
First identified:
2014-01-10 16:57:09
Details: This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem.
Output: Protocol version :
SSL :
Keep-Alive :
Options allowed : (Not implemented)
Headers :
Date: Fri, 10 Jan 2014 16:13:59 GMT
Server:
Expires:
Pragma: no-cache
Vary: Accept-Encoding
Keep-Alive:
Connection:
Transfer-Encoding:
Content-Type:
Impact:
An SSH server is listening on this port.
First identified:
2014-01-10 16:57:09
Details: It is possible to obtain information about the remote SSH
server by sending an empty authentication request.
Output: SSH version :
SSH supported authentication : publickey,password
Impact:
Security patches are backported.
First identified:
2014-01-10 16:57:09
Details: Security patches may have been 'backported' to the remote SSH server
without changing its version number.
Banner-based checks have been disabled to avoid false positives.
Note that this test is informational only and does not denote any
security problem.
Output: Give HackAvert credentials to perform local checks.
Impact:
An SSH server is listening on this port.
First identified:
2014-01-10 16:57:09
Details: This script detects which algorithms and languages are supported by the
remote service for encrypting communications.
Output: HackAvert negotiated the following encryption algorithm with the server :
aes128-cbc
The server supports the following options for kex_algorithms :
diffie-hellman-group
diffie-hellman-group1-
diffie-hellman-group
ecdh-sha2
ecdh-sha2
ecdh-sha2
The server supports the following options for server_host_key_algorithms :
ecds
ssh
ssh
The server supports the following options for
encryption_algorithms_client_to_server :
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
3des-cbc
aes128-cbc
aes128-ctr
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
The server supports the following options for
encryption_algorithms_server_to_client :
3des-cbc
aes128-cbc
aes128-ctr
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
The server supports the following options for
mac_algorithms_client_to_server :
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-256-96
hmac-sha2-512
hmac-sha2-512-96
The server supports the following options for
mac_algorithms_server_to_client :
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-256-96
hmac-sha2-512
hmac-sha2-512-96
The server supports the following options for
compression_algorithms_client_to_server :
none
The server supports the following options for
compression_algorithms_server_to_client :
none
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
Impact:
The name of the Linux distribution running on the remote host was found\n in the banner of the web server.
First identified:
2014-01-10 16:57:09
Details: test extracts the banner
Output: The linux distribution detected was :
- Ubuntu 12.04 (precise)
- Ubuntu 12.10 (quantal)
- Ubuntu 13.04 (raring)
Recommendation: If you do not wish to display this information, edit httpd.conf and
set the directive 'ServerTokens Prod' and restart
Impact:
It is possible to obtain the version number of the remote PHP\n install.
First identified:
2014-01-10 16:57:09
Details: This plugin attempts to determine the version of PHP available on the
remote web server.
Output: HackAvert was able to identify the following PHP version information :
Version :
Source :
Impact:
A web server is running on the remote host.
First identified:
2014-01-10 16:57:09
Details: This plugin attempts to determine the type and the version of the
remote web server.
Output: The remote web server type is :
You can set the directive 'ServerTokens Prod' to limit the information
emanating from the server in its response headers.
Impact:
Security patches are backported.
First identified:
2014-01-10 16:57:09
Details: Security patches may have been 'backported' to the remote HTTP server
without changing its version number.
Banner-based checks have been disabled to avoid false positives.
Note that this test is informational only and does not denote any
security problem.
Output: Give HackAvert credentials to perform local checks.
Impact:
A SSH server is running on the remote host.
First identified:
2014-01-10 16:57:09
Details: This plugin determines the versions of the SSH protocol supported by
the remote SSH daemon.
Output: The remote SSH daemon supports the following versions of the
SSH protocol :
- 1.99
- 2.0
SSHv2 host key fingerprint :
Impact:
It was possible to resolve the name of the remote host.
First identified:
2014-01-10 16:57:09
Details: HackAvert was able to resolve the FQDN of the remote host.
Output:
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
Impact:
The remote web server contains a 'robots.txt' file.
First identified:
2014-01-10 16:57:09
Details: The remote host contains a file named 'robots.txt' that is intended to
prevent web 'robots' from visiting certain directories in a web site for
maintenance or indexing purposes. A malicious user may also be able to
use the contents of this file to learn of sensitive documents or
directories on the affected site and either retrieve them directly or
target them for other attacks.
Output: Contents of robots.txt :
User-agent: *
Disallow:
Disallow:
Disallow:
Disallow:
Disallow:
Disallow:
Disallow:
Other references :
Recommendation: Review the contents of the site's robots.txt file, use Robots META tags
instead of entries in the robots.txt file, and/or adjust the web
server's access controls to limit access to sensitive material.
Impact:
It is possible to obtain the version number of the remote PHP\n install.
First identified:
2014-03-06 12:09:13
Details: This plugin attempts to determine the version of PHP available on the
remote web server.
Output: HackAvert was able to identify the following PHP version information :
Version :
Source :
5.4.2 Application level analysis
5.4.2.1 Critical vulnerabilities
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
Impact:
The remote web server is prone to cross-site scripting attacks.
First identified:
2014-01-10 16:57:09
Details: The remote host is running a web server that fails to adequately
sanitize request strings of malicious JavaScript. By leveraging this
issue, an attacker may be able to cause arbitrary HTML and script code
to be executed in a user's browser within the security context of the
affected site.
Output: The request string used to detect this flaw was :
The output was :
HTTP/1.1 200 OK
Date: F
Server:
X-Powered-By:
Expires:
Pragma: no-cache
Vary: Accept-Encoding
Keep-Alive:
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01
<div id=header_row1>
<div id=header_row1_l>
CVE-2012-3382
BID : 5011, 5305, 7344, 7353, 8037, 14473, 17408, 54344
Other references : OSVDB:4989, OSVDB:18525, OSVDB:24469, OSVDB:42314,
OSVDB:58976, OSVDB:83683, CWE:79, CWE:80, CWE:81, CWE:83, CWE:20, CWE:74,
CWE:442, CWE:712, CWE:722, CWE:725, CWE:811, CWE:751, CWE:801, CWE:116
Recommendation: Contact the vendor for a patch or upgrade.
5.4.2.2 Important vulnerabilities
No Application Important Vulnerabilities (Medium Priority) were found during the requested report period.
5.4.2.3 Informational notices
No Application Informational Vulnerabilities (Low Priority) were found during the requested report period.
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk
6. Disclaimer
Except as expressly stated in an agreement between you and SSL247 LTD or SSL247 SARL, all content
provided on this file is provided "as is" without warranty of any kind, either expressed or implied. SSL247 LTD
and SSL247 SARL and its suppliers and licensors disclaim all warranties, expressed or implied including, without
limitation, those of merchantability, fitness for a particular purpose and noninfringement. You are solely
responsible for the appropriateness of this file and its content offered by SSL247 LTD or SSL247 SARL for your
personal information only, and not intended to be relied upon for any action or decision. This information is
gathered through automated means and is subject to change. SSL247 LTD and SSL247 SARL do not warrant
that this file and its content meet your requirements. Subject to the terms of any agreement between you and
SSL247 LTD or SSL247 SARL, its suppliers and licensors shall not be liable for any errors, inaccuracies, or
delays in content, or for any actions taken in reliance thereon or for any direct, indirect, special, consequential,
incidental, or punitive damages, even if SSL247 LTD or SSL247 SARL, its suppliers or licensors have been
advised of the possibility of such damages. Certain state laws do not allow limitations on implied warranties or
the exclusion or limitation of certain damages. If these laws apply to you, some or all of the above disclaimers,
exclusions, or limitations may not apply to you, and you might have additional rights.
Copyright © 2014 SSL247 Ltd. All rights reserved.
Phone: 0207 060 3775 | e-Mail: [email protected] | website: www.ssl247.co.uk