payment card industry (pci) executive report

Payment Card Industry (PCI) Executive Report page 1

Payment Card Industry (PCI) Executive Report02/20/2012

ASV Scan Report Attestation of Scan Compliance

Scan Customer Information Approved Scanning Vendor Information

Scan Status

* Compliance Status :

* Number of unique components scanned: 16

* Number of identified failing vulnerabilities: 291

* Number of components found by ASV but not scanned because scan customer confirmed components were out of scope: 8

* Date scan completed: 02/18/2012

* Scan expiration date (90 days from date scan completed): 05/18/2012

Scan Customer Attestation

�attests�on�2012-02-20�06:01:32�that�this�scan�includes�all�components*�which�should�be�in�scope�for�PCI�DSS,�any�component�consideredout-of-scope for this scan is properly segmented from my cardholder data environment, and any evidence submitted to the ASV to resolve scan exceptions isaccurate�and�complete.also�acknowledges�the�following:�1)�proper�scoping�of�this�external�scan�is�my�responsibility,�and�2)�this�scan�resultonly indicated whether or not my scanned systems are compliant with the external vulnerability scan requirement of PCI DSS; this scan result does notrepresent my overall compliance status with PCI DSS or provide any indication of compliance with other PCI DSS requirements.

ASV Attestation

This scan and report was prepared and conducted by atsec information security under certificate number 4266-01-03, according to internal processes thatmeet PCI DSS requirement 11.2 and the PCI DSS ASV Program Guide.

atsec information security attests that the PCI DSS scan process was followed, including a manual or automated Quality Assurance process with customerboarding and scoping practices, review of results for anomalies, and review and correction of 1) disputed or incomplete results, 2) false positives, and 3) active

Company:

Contact: Title:

Telephone: Email:

BusinessAddress:

City: State/Province:

ZIP: URL:

Company: atsec information security

Contact: Jinyun Chen Title: Senior Consultant

Telephone: +86�10�82893001 Email: [email protected]

BusinessAddress:

City: State/Province:

ZIP: URL: http://atsec.com

Room119 - 121, Building2, No.1, Street7, Shangdi,Haidian, District, Beijing, P.R.China

Beijing

100085

None

�This�report�and�any�exceptions�were�reviewed�by�atsec�ASV�tester(s).scan�interference.


ASV Scan Report Executive Summary

Part 1. Scan InformationScan Customer Company: ASV Company: atsec information security

Date scan was completed: 02/17/2012 Scan expiration date: 05/17/2012

Part 2. Component Compliance SummaryIP�Address:�1

IP�Address:�2

IP�Address:�3

IP�Address:�4

IP�Address:�5

IP�Address:�6

IP�Address:�7

IP�Address:�8

IP�Address:�9

IP�Address:�10

IP�Address:�11

IP�Address:�12

IP�Address:�13

IP�Address:�14

IP�Address:�15

IP�Address:�16

Part 2. Component Compliance Summary - (Hosts Not Current)

Part 3a. Vulnerabilities Noted for each IP Address

IP Address Vulnerabilities Noted per IP address SeverityLevel

CVSSScore

ComplianceStatus

Exceptions, FalsePositives, or CompensatingControls

port 80/tcp 150081 - Possible Clickjacking vulnerability 10

port 80/tcp 150003 - SQL Injection 10

port 80/tcp

12318 - PHP Versions Prior to 5.2.12 Multiple VulnerabilitiesCVE-2009-3557,CVE-2009-3558,CVE-2009-4017,CVE-2009-4142,CVE-2009-4143

10

port 80/tcp12250 - Web Site Vulnerable to Persistent Cross-Site ScriptingVulnerabilities 9.7

port 80/tcp 10788 - Web Server Vulnerable to Cross Site Scripting 9.4

port 80/tcp 150012 - Blind SQL Injection 9.3

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16


IP�Address:�16port 80/tcp

12281 - PHP cURL "safe_mode" and "open_basedir" RestrictionBypass Vulnerability 8.5

86847 - Apache Partial HTTP Request Denial of Service Vulnerability- Zero Day 7.8

port 80/tcp 150022 - Syntax error occurred 7.5

12378 - PHP "spl_object_storage_attach" Use-After-FreeVulnerability CVE-2010-2225 7.5

port 80/tcp12334 - PHP Versions Prior to 5.2.13 Multiple VulnerabilitiesCVE-2010-1129 7.5

port 80/tcp12314 - PHP Versions Prior to 5.3.1 Multiple VulnerabilitiesCVE-2009-3292,CVE-2009-3557,CVE-2009-3558 7.5

port 80/tcp12299 - PHP 5.2.10 and Prior Versions Multiple VulnerabilitiesCVE-2009-3291,CVE-2009-3292,CVE-2009-3293 7.5

port 80/tcp 12241 - Web Server Vulnerable to SQL Injection 7.5

port 80/tcp 150085 - Slow HTTP POST vulnerability 6.8

port 3306/tcp19560 - MySQL Multiple Vulnerabilities CVE-2010-1848,CVE-2010-1849,CVE-2010-1850 6.5

port 3306/tcp19531 - MySQL "sql/sql_table.cc" CREATE TABLE Security BypassVulnerability CVE-2008-7247 6

port 3306/tcp19657 - MySQL Multiple Vulnerabilities CVE-2011-2262,CVE-2012-0075 5.5

port 80/tcp 150023 - Directory Listing 5

port 80/tcp 86445 - Web Directories Listable Vulnerability 5

port 3306/tcp19588 - MySQL Prior to Version 5.1.51 Multiple Denial Of ServiceVulnerabilities CVE-2010-3833,CVE-2010-3834,CVE-2010-3835 5

port 3306/tcp 19568 - Database instance detected. 5

port 3306/tcp19551 - MySQL "UNINSTALL PLUGIN" Security Bypass VulnerabilityCVE-2010-1621 5

19505 - MySQL OpenSSL Server Certificate yaSSL Security BypassVulnerability 5

port 80/tcp 12539 - PHP Hashtables Denial of Service CVE-2011-4885 5

port 80/tcp12390 - PHP Versions Prior to 5.3.3/5.2.14 Multiple VulnerabilitiesCVE-2010-2484,CVE-2010-2531 5

port 80/tcp12384 - PHP "strrchr()" Function Information Disclosure VulnerabilityCVE-2010-2484 5

port 80/tcp12271 - PHP 'popen()' Function Buffer Overflow VulnerabilityCVE-2009-3294 5

port 80/tcp 12181 - Specific CGI Cross-Site Scripting Vulnerability 5

port 80/tcp 12087 - Expose_php Set to On in php.ini 5

port 80/tcp86477 - Apache Web Server ETag Header Information DisclosureWeakness CVE-2003-1418 4.3

port 3306/tcp19600 - MySQL Prepared-Statement Mode "EXPLAIN" Denial ofService Vulnerability 4.3

port 80/tcp12290 - PHP "exif_read_data()" Denial of Service VulnerabilityCVE-2009-2687 4.3

port 3306/tcp19508 - MySQL Multiple Remote Denial of Service VulnerabilitiesCVE-2009-4019 4

19564 - MySQL "ALTER DATABASE" Denial of Service VulnerabilityCVE-2010-2008 3.5

19264 - MySQL Command Line Client HTML Special CharactersHTML Injection Vulnerability CVE-2008-4456 2.6

port 80/tcp 150004 - Path-Based Vulnerability 2.1

port 3306/tcp 19585 - MySQL Prior to Version 5.1.49 Multiple Security Issues 2.1IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16

IP�Address:�16


Consolidated�Solution/Correction�Plan�for�IP�Address:�16

ASV Comment:Complete vendor solutions and configuration changes compliant with the PCI DSS are available to address these issues. No fix is available atthis time for some issues; please consider implementing mitigating controls (firewalls, traffic filtering, etc.) to address these. For specificinformation on how to remediate these issues please consult the technical report below.

Merchant Comment:

IP�Address:�15 86873 - Apache HTTP Server Prior to 2.2.15 Multiple VulnerabilitiesCVE-2010-0408,CVE-2010-0425,CVE-2010-0434 10

IP�Address:�15 86852 - APR-util Library Integer Overflow VulnerabilitiesCVE-2009-2412 10

IP�Address:�15 38217 - OpenSSH Multiple Memory Management VulnerabilitiesCVE-2003-0693,CVE-2003-0695,CVE-2003-0682 10

IP�Address:�15 38560 - OpenSSH Signal Handling Vulnerability CVE-2006-5051,CVE-2006-4924 9.3


86954 - Apache/IBM HTTP Server ByteRange Filter Denial of ServiceVulnerability CVE-2011-3192 7.8

IP�Address:�15 86847 - Apache Partial HTTP Request Denial of Service Vulnerability- Zero Day 7.8

IP�Address:�15 86746 - Apache Mod_Rewrite Off-By-One Buffer OverflowVulnerability CVE-2006-3747 7.6

IP�Address:�15 86855 - Apache mod_proxy_ftp FTP Command Injection VulnerabilityCVE-2009-3095 7.5

IP�Address:�15port 22/tcp 38304 - SSH Protocol Version 1 Supported CVE-2001-1473 7.5

IP�Address:�15 38198 - OpenSSH Reverse DNS Lookup Access Control BypassVulnerability CVE-2003-0386 7.5

IP�Address:�15 42340 - OpenSSH X11 Hijacking Attack Vulnerability CVE-2008-1483 6.9

IP�Address:�15port 80/tcp 150085 - Slow HTTP POST vulnerability 6.8

IP�Address:�15port 80/tcp 150079 - Slow HTTP headers vulnerability 6.8


86473 - Web Server HTTP Trace/Track Method Support Cross-SiteTracing Vulnerability CVE-2004-2320,CVE-2007-3008 5.8

IP�Address:�15 86920 - Apache HTTP Server APR-util Multiple Denial of ServiceVulnerabilities CVE-2009-3720,CVE-2010-1623 5

IP�Address:�15 86840 - Apache HTTP Server AllowOverride Options Security BypassCVE-2009-1195,CVE-2008-1678 5

IP�Address:�15 86809 - Apache 1.3, 2.0 and 2.2 HTTP Server Multiple VulnerabilitiesCVE-2006-5752,CVE-2007-1863,CVE-2007-3304 5


86788 - Apache 2.2 Multiple Vulnerabilities CVE-2007-6420,CVE-2008-2364 5

IP�Address:�15 82054 - TCP Sequence Number Approximation Based Denial ofService CVE-2004-0230 5

IP�Address:�15 82024 - UDP Constant IP Identification Field FingerprintingVulnerability CVE-2002-0510 5

IP�Address:�15 62057 - Apache HTTP Server Mod_Proxy Denial of ServiceVulnerability CVE-2007-3847 5

IP�Address:�15 45002 - Global User List 5

IP�Address:�15 38469 - OpenSSH GSSAPI Credential Disclosure VulnerabilityCVE-2005-2798 5

IP�Address:�15 11 - Hidden RPC Services 5

IP�Address:�15 115731 - Apache 1.3 and 2.0 Web Server Multiple VulnerabilitiesCVE-2006-5752,CVE-2007-3304 4.7

IP�Address:�15115317 - OpenSSH Local SCP Shell Command ExecutionVulnerability (FEDORA-2006-056, Vmware-3069097-Patch,Vmware-9986131-Patch) CVE-2006-0225

4.6

IP�Address:�15 86975 - Apache HTTP Server multiple vulnerabilitiesCVE-2011-3607,CVE-2012-0021,CVE-2012-0031,CVE-2012-0053 4.6

IP�Address:�15port 22/tcp 38259 - SSH User Login Bruteforced CVE-1999-0508 4.6


86821 - Apache 1.3 HTTP Server Expect Header Cross-Site ScriptingCVE-2006-3918 4.3


IP�Address:�15 12500 - Apache HTTP Server APR "apr_fnmatch()" Denial of ServiceVulnerability CVE-2011-0419 4.3


12260 - Apache HTTP Server Multiple Cross-Site ScriptingVulnerabilities CVE-2008-0005 4.3

IP�Address:�15 86854 - Apache mod_proxy_ftp 2.0.x/2.2.x Denial of ServiceVulnerability CVE-2009-3094 2.6

IP�Address:�15 42339 - OpenSSH Plaintext Recovery Attack Against SSHVulnerability CVE-2008-5161 2.6

IP�Address:�15 86824 - Apache HTTP Server OS Fingerprinting Unspecified SecurityVulnerability 0

IP�Address:�15 82003 - ICMP Timestamp Request CVE-1999-0524 0


ASV Comment:Complete vendor solutions and non-vendor workarounds are available to address these issues. No fix is available at this time for some issues;please consider implementing mitigating controls (firewalls, traffic filtering, etc.) to address these. For specific information on how to remediatethese issues please consult the technical report below.

Merchant Comment:

IP�Address:�14port 6789/tcp 150081 - Possible Clickjacking vulnerability 10

IP�Address:�14 119834 - FreeBSD Telnetd Code Execution Vulnerability (FreeBSD-SA-11:08) CVE-2011-4862 10

IP�Address:�14port 6000/tcp 95001 - X-Window Sniffing CVE-1999-0526 10

IP�Address:�14port 161/udp

78030 - Readable SNMP Information CVE-1999-0517,CVE-1999-0186,CVE-1999-0254,CVE-1999-0516,CVE-1999-0472,CVE-2001-0514,CVE-2002-0109

10

IP�Address:�14 66037 - cmsd RPC Daemon Over TCP Might Indicate a Break-inCVE-1999-0696,CVE-1999-0320 10

IP�Address:�14 38574 - Solaris 10 and Solaris 11 (SolarisExpress) Remote AccessTelnet Daemon Flaw CVE-2007-0882 10


31000 - "Finger 0@" Information about Logged Users DisclosureVulnerability CVE-1999-0197 10

IP�Address:�14port 6789/tcp-SSL 38173 - SSL Certificate - Signature Verification Failed Vulnerability 9.4

IP�Address:�14port 6789/tcp-SSL 38169 - SSL Certificate - Self-Signed Certificate 9.4

IP�Address:�14port 6788/tcp 86848 - Sun Java Web Console masthead.jsp Cross-Site Scripting 7.8

IP�Address:�14port 6789/tcp 86848 - Sun Java Web Console masthead.jsp Cross-Site Scripting 7.8

IP�Address:�14port 6788/tcp 86845 - Sun Java Web Console Navigator Cross-Site Scripting 7.8

IP�Address:�14port 6789/tcp 86845 - Sun Java Web Console Navigator Cross-Site Scripting 7.8

IP�Address:�14port 6789/tcp 86844 - Sun Java Web Console helpwindow.jsp Cross-Site Scripting 7.8

IP�Address:�14port 6788/tcp 86844 - Sun Java Web Console helpwindow.jsp Cross-Site Scripting 7.8


86830 - Sun Java Web Console Remote Information DisclosureVulnerability (231526) CVE-2008-1286 7.8


86830 - Sun Java Web Console Remote Information DisclosureVulnerability (231526) CVE-2008-1286 7.8

IP�Address:�14port 6789/tcp 150013 - Browser-Specific Cross-Site Scripting (XSS) 7.5

IP�Address:�14port 6789/tcp 150001 - Reflected Cross-Site Scripting (XSS) Vulnerabilities 7.5


74240 - Sendmail SSL Certificate NULL Character SpoofingVulnerability CVE-2009-4565 7.5


74240 - Sendmail SSL Certificate NULL Character SpoofingVulnerability CVE-2009-4565 7.5

IP�Address:�14 68507 - Multiple Vendor CDE ToolTalk Database Server Null WriteVulnerability CVE-2002-0677 7.5

IP�Address:�14port 6789/tcp-SSL

38596 - TLS Protocol Session Renegotiation Security VulnerabilityCVE-2009-3555 5.8

IP�Address:�14port 6789/tcp 150023 - Directory Listing 5



86800 - Apache Tomcat 4 and 5 Directory Listings InformationDisclosure Vulnerability CVE-2006-3835 5

IP�Address:�14port 6788/tcp 86445 - Web Directories Listable Vulnerability 5

IP�Address:�14port 6789/tcp 86445 - Web Directories Listable Vulnerability 5

IP�Address:�14 82054 - TCP Sequence Number Approximation Based Denial ofService CVE-2004-0230 5

IP�Address:�14 74220 - Sendmail Long Header Denial of Service VulnerabilityCVE-2006-4434 5

IP�Address:�14port 587/tcp 74046 - Valid Logins/Aliases Guessed with SMTP VRFY Command 5

IP�Address:�14port 25/tcp 74046 - Valid Logins/Aliases Guessed with SMTP VRFY Command 5

IP�Address:�14port 587/tcp 74045 - Valid Logins Guessed with SMTP EXPN Command 5

IP�Address:�14port 25/tcp 74045 - Valid Logins Guessed with SMTP EXPN Command 5

IP�Address:�14 45002 - Global User List 5


42012 - X.509 Certificate MD5 Signature Collision VulnerabilityCVE-2004-2761 5

IP�Address:�14port 177/udp 38147 - X Display Manager Control Protocol (XDMCP) Detected 5


31003 - Finger Service Discloses Logged Users CVE-1999-0259,CVE-1999-0612 5

IP�Address:�14 11 - Hidden RPC Services 5


86843 - Sun Java Web Console May Allow Unauthorized Redirection(243786) CVE-2008-5550 4.3


86843 - Sun Java Web Console May Allow Unauthorized Redirection(243786) CVE-2008-5550 4.3


86789 - Apache Tomcat Multiple Content Length Headers InformationDisclosure Vulnerability CVE-2005-2090 4.3

IP�Address:�14 86786 - Apache Tomcat Servlet Host Manager Servlet Cross-SiteScripting Vulnerability CVE-2007-3386 4.3


86775 - Apache Tomcat Information Disclosure VulnerabilityCVE-2007-3382,CVE-2007-3385 4.3


42366 - SSLv3.0/TLSv1.0 Protocol Weak CBC Mode VulnerabilityCVE-2011-3389 4.3


86782 - Apache Tomcat Multiple Cross-Site Scripting Vulnerabilitiesin Manager and Host Manager Web Applications CVE-2007-2450 3.5


86777 - Apache Tomcat Accept-Language Cross-Site ScriptingVulnerability CVE-2007-1358 2.6


38170 - SSL Certificate - Subject Common Name Does Not MatchServer FQDN 2.6

IP�Address:�14port 6789/tcp 150004 - Path-Based Vulnerability 2.1


31002 - Finger Daemon Accepts Forwarding of RequestsCVE-1999-0106 2.1

IP�Address:�14port 6789/tcp 150084 - Unencoded characters 0

IP�Address:�14 82001 - ICMP Mask Reply CVE-1999-0524 0

IP�Address:�14 66047 - "rquotad" RPC Service Present CVE-1999-0625 0

IP�Address:�14 66032 - "rstatd" RPC Service System Information DisclosureVulnerability CVE-1999-0624 0

IP�Address:�14 66016 - rusers RPC Service Information Disclosure VulnerabilityCVE-1999-0626 0

Consolidated�Solution/Correction�Plan�forIP�Address:�14


Merchant Comment:


IP�Address:�1390527 - Microsoft Server Message Block (SMBv2) Remote CodeExecution Vulnerability (MS09-050) CVE-2009-2526,CVE-2009-2532,CVE-2009-3103

10


74037 - Possible Mail Relay CVE-1999-0512,CVE-2002-1278,CVE-2003-0285 10




IP�Address:�13port 110/tcp 74224 - POP3 Server Allows Plain Text Authentication Vulnerability 6.4

IP�Address:�13port 25/tcp 74147 - Mail Server Accepts Plaintext Credentials 5


38477 - SSL Insecure Protocol Negotiation WeaknessCVE-2005-2969 5

IP�Address:�13port 443/tcp-SSL 38139 - SSL Server Has SSLv2 Enabled Vulnerability 4







IP�Address:�13 70000 - NetBIOS Name Accessible 0


ASV Comment:There are non-vendor provided solutions to address these issues. No fix is available at this time for some issues; please considerimplementing mitigating controls (firewalls, traffic filtering, etc.) to address these. For specific information on how to remediate these issuesplease consult the technical report below.

Merchant Comment:

IP�Address:�12 74167 - Microsoft Windows SMTP Component Remote CodeExecution (MS04-035) CVE-2004-0840 10


74037 - Possible Mail Relay CVE-1999-0512,CVE-2002-1278,CVE-2003-0285 10


IP�Address:�12 90500 - Microsoft Outlook Web Access Redirection WeaknessesCVE-2005-0420,CVE-2008-1547 7.5

IP�Address:�1290244 - Windows TCP/IP Remote Code Execution and Denial ofService Vulnerabilities (MS05-019) CVE-2005-0048,CVE-2004-0790,CVE-2004-1060,CVE-2004-0230,CVE-2005-0688,CVE-2004-0791

7.5

IP�Address:�1290598 - Microsoft Exchange and Windows SMTP Service Denial ofService and Information Disclosure Vulnerabilities (MS10-024)CVE-2010-0024,CVE-2010-0025,CVE-2010-1689,CVE-2010-1690

6.4


86729 - AutoComplete Attribute Not Disabled for Password in FormBased Authentication 6.4

port 80/tcp86729 - AutoComplete Attribute Not Disabled for Password in FormBased Authentication 6.4

port 443/tcp-SSL 38167 - SSL Certificate - Expired 6.4

port 80/tcp 86763 - Web Server Uses Plain Text Basic Authentication 5

82058 - ICMP Based TCP Reset Denial of Service VulnerabilityCVE-2004-0790,CAN-2004-0791,CAN-2004-1060 5

port 21/tcp 27356 - FTP Server Does Not Support AUTH Command 4.8

port 443/tcp-SSL38170 - SSL Certificate - Subject Common Name Does Not MatchServer FQDN 2.6

82003 - ICMP Timestamp Request CVE-1999-0524 0

IP�Address:�12

IP�Address:�12

IP�Address:�12

IP�Address:�12

IP�Address:�12

IP�Address:�12




Merchant Comment:


IP�Address:�11 1004 - Potential TCP Backdoor 10

IP�Address:�11 90475 - Microsoft SQL Server Remote Memory CorruptionVulnerability (MS09-004) CVE-2008-5416 9

IP�Address:�1186865 - Apache Tomcat Directory Traversal Weaknesses andSecurity Issue CVE-2009-2693,CVE-2009-2901,CVE-2009-2902,CVE-2009-3548

7.5


port 8080/tcp 150079 - Slow HTTP headers vulnerability 6.8

86905 - Apache Tomcat 5.5.29 Transfer-Encoding InformationDisclosure Vulnerability CVE-2010-2227 6.4


port 8080/tcp 86728 - Web Server Uses Plain-Text Form Based Authentication 5


port 1434/udp 19568 - Database instance detected. 5

12540 - Apache Tomcat Hash Collision Denial of ServiceVulnerability CVE-2011-4084,CVE-2012-0022 5

86950 - Apache Tomcat HTTP NIO / APR Connector sendfile InputValidation Error Information Disclosure Vulnerability CVE-2011-2526 4.4

86879 - Apache Tomcat Authentication Header InformationDisclosure Vulnerability CVE-2010-1157 2.6

86947 - Apache Tomcat MemoryUserDatabase Password DisclosureVulnerability CVE-2011-2204 1.9

86939 - Apache Tomcat SecurityManager Security BypassVulnerability CVE-2010-3718 1.2


ASV Comment:Complete vendor solutions and configuration changes compliant with the PCI DSS are available to address these issues. No fix is available atthis time for some issues; please consider implementing mitigating controls (firewalls, traffic filtering, etc.) to address these. For specificinformation on how to remediate these issues please consult the technical report below.

Merchant Comment:

IP�Address:�10 115555 - Samba Security Update (RHSA-2007-0354)CVE-2007-2446 10


27337 - ProFTPD Directory Traversal and Remote Buffer OverflowVulnerabilities CVE-2010-3867,CVE-2010-4221 10


27285 - ProFTPD SReplace Remote Buffer Overflow VulnerabilityCVE-2006-5815 10

IP�Address:�10 115822 - Samba "domain logons" remote code execution (SunSolaris 238251) (RHSA-2007:1114) CVE-2007-6015 9.3

IP�Address:�10 70046 - Samba NMBD Logon Request Remote Buffer OverflowVulnerability CVE-2007-4572 9.3

IP�Address:�10 38560 - OpenSSH Signal Handling Vulnerability CVE-2006-5051,CVE-2006-4924 9.3


27352 - ProFTPD Response Pool Use-After-Free VulnerabilityCVE-2011-4130 9

IP�Address:�10 70007 - WINS Domain Controller Spoofing VulnerabilityCVE-1999-1593 7.6

IP�Address:�10 115825 - Samba "receive_smb_raw()" Buffer Overflow and RemoteCode Execution CVE-2008-1105 7.5

IP�Address:�11

IP�Address:�11

IP�Address:�11

IP�Address:�11

IP�Address:�11

IP�Address:�11

IP�Address:�11

IP�Address:�11

IP�Address:�11

IP�Address:�11

IP�Address:�11

IP�Address:�11


port 587/tcp74240 - Sendmail SSL Certificate NULL Character SpoofingVulnerability CVE-2009-4565 7.5


70058 - Samba chain_reply() Memory Corruption VulnerabilityCVE-2010-2063 7.5

70003 - Null Session/Password NetBIOS Access CVE-1999-0519 7.5

port 22/tcp 38304 - SSH Protocol Version 1 Supported CVE-2001-1473 7.5

port 21/tcp27287 - ProFTPD Controls Module Local Buffer OverflowVulnerability CVE-2006-6563,CVE-2006-6171 7.5

port 21/tcp27284 - ProFTPD MOD_TLS Remote Buffer Overflow VulnerabilityCVE-2006-6170 7.5

42340 - OpenSSH X11 Hijacking Attack Vulnerability CVE-2008-1483 6.9

70063 - Samba SWAT Cross-Site Scripting and Request ForgeryVulnerabilities CVE-2011-2522,CVE-2011-2694 6.8

port 21/tcp27343 - ProFTPD mod_sql Buffer Overflow VulnerabilityCVE-2010-4652 6.8

port 21/tcp27291 - ProFTPD Long Command Handling Security VulnerabilityCVE-2008-4242 6.8

port 53/udp15034 - DNS Server Processes Unauthoritative Recursive QueriesCVE-1999-0024,CVE-2007-2925,CVE-2007-2926,CVE-2007-2930 5.8

82054 - TCP Sequence Number Approximation Based Denial ofService CVE-2004-0230 5

82024 - UDP Constant IP Identification Field FingerprintingVulnerability CVE-2002-0510 5

74220 - Sendmail Long Header Denial of Service VulnerabilityCVE-2006-4434 5

70061 - Samba FD_SET Memory Corruption VulnerabilityCVE-2011-0719 5

70057 - Samba Multiple Remote Denial of Service VulnerabilitiesCVE-2010-1635,CVE-2010-1642 5

70009 - NetBIOS Release Vulnerability CVE-2000-0673 5

70008 - NetBIOS Name Conflict Vulnerability CVE-2000-0673 5

45003 - Remote User List Disclosure Using NetBIOS CVE-2000-1200 5

port 21/tcp27255 - ProFTPD Authentication Delay Username EnumerationVulnerability CVE-2004-1602 5

15052 - ISC BIND Multiple Remote Denial of Service VulnerabilitiesCVE-2006-4095,CVE-2006-4096 5

port 53/udp15035 - DNS Server Allows Remote Clients to Snoop the DNS Cache 5

70054 - Samba "mount.cifs" Race Condition Security IssueCVE-2010-0787 4.4

70001 - NetBIOS Shared Folder List Available 4.3

port 53/tcp15057 - ISC BIND 9 DNSSEC Bogus NXDOMAIN Response RemoteCache Poisoning Vulnerability CVE-2010-0097,CVE-2009-4022 4.3

port 53/tcp15055 - ISC BIND Dynamic Update Denial of Service VulnerabilityCVE-2009-0696 4.3

15053 - ISC BIND Remote Cache Poisoning VulnerabilityCVE-2007-2926,CVE-2007-2930 4.3

70055 - Samba Symlink Directory Traversal Vulnerability - Zero DayCVE-2010-0926 3.5

42339 - OpenSSH Plaintext Recovery Attack Against SSHVulnerability CVE-2008-5161 2.6


15056 - ISC BIND DNSSEC Additional Section Cache PoisoningVulnerability CVE-2009-4022 2.6

IP�Address:�10 90043 - SMB Signing Disabled or SMB Signing Not Required 2.1

IP�Address:�10 70052 - Samba setuid "mount.cifs" Verbose Option InformationDisclosure Vulnerability CVE-2009-2948 1.9

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10

IP�Address:�10






Merchant Comment:

IP�Address:�9 90477 - Microsoft SMB Remote Code Execution Vulnerability(MS09-001) CVE-2008-4834,CVE-2008-4835,CVE-2008-4114 10

IP�Address:�9 90464 - Microsoft Windows Server Service Could Allow RemoteCode Execution (MS08-067) CVE-2008-4250 10

IP�Address:�9 38252 - Microsoft Windows Telnet Server Does Not Enforce NTLMAuthentication 5

IP�Address:�9 70001 - NetBIOS Shared Folder List Available 4.3





ASV Comment:Complete vendor solutions are available to address some issues. No fix is available at this time for some issues; please considerimplementing mitigating controls (firewalls, traffic filtering, etc.) to address these. For specific information on how to remediate these issuesplease consult the technical report below.

Merchant Comment:




IP�Address:�8 1004 - Potential TCP Backdoor 10


19137 - Oracle Server Accounts That Do Not Lockout With FailedLogon Attempts 9

port 1521/tcp19136 - Oracle Server Accounts Without Password-ComplexityValidation Setup 9

port 1521/tcp 19605 - Obsolete Software: Oracle Database 10.2.0.1 Detected 8.3


port 1521/tcp19538 - Oracle Multiple Remote Privilege Escalation Vulnerabilities -Zero Day 7.5





port 1521/tcp19135 - Oracle Server Accounts That Allow Unrestricted PasswordReuse 6.8

port 1521/tcp 19134 - Oracle Server Accounts With Passwords That Do Not Expire 6.8


19457 - Oracle 10.2.0.1.0 on Microsoft Windows - Security UpdateMultiple Vulnerabilities (Patch #2) 6.5



IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�8








port 1521/tcp19452 - Oracle 10.2.0.1.0 on Microsoft Windows - Security UpdateMultiple Vulnerabilities (Patch #7) 6.5



port 1521/tcp 19003 - Default Oracle Login(s) Found 6.5

port 1521/tcp

19302 - XDB_PITRIG_PKG.PITRIG_DROPMETADATA PackageBuffer Overflow Vulnerability on Oracle 10g Release 2CVE-2007-4517

6


port 1521/tcp19199 - Oracle default_tablespace Set To SYSTEM for UserAccounts 5

port 1521/tcp 19085 - Oracle Database User List 5

port 1521/tcp 19200 - Oracle Users have Granted Quotas on Tablespaces 4.6


port 1521/tcp 19131 - Oracle log_archive_dest_n Parameter is Not Set 4.1

90043 - SMB Signing Disabled or SMB Signing Not Required 2.1


70000 - NetBIOS Name Accessible 0

IP�Address:�8port 1521/tcp 19132 - Oracle sql92_security Parameter is Disabled 0


ASV Comment:Complete vendor solutions, non-vendor workarounds, upgrades to supported versions of the software, and configuration changes compliantwith the PCI DSS are available to address these issues. No fix is available at this time for some issues; please consider implementingmitigating controls (firewalls, traffic filtering, etc.) to address these. For specific information on how to remediate these issues please consultthe technical report below.

Merchant Comment:


IP�Address:�7 86873 - Apache HTTP Server Prior to 2.2.15 Multiple VulnerabilitiesCVE-2010-0408,CVE-2010-0425,CVE-2010-0434 10

IP�Address:�7 86852 - APR-util Library Integer Overflow VulnerabilitiesCVE-2009-2412 10

IP�Address:�7 68521 - NFS-Utils Xlog Remote Buffer Overrun VulnerabilityCVE-2003-0252 10

66041 - nlockmgr RPC Service Multiple VulnerabilitiesCVE-2000-0666 10

66040 - Statd Format Bug Vulnerability CVE-2000-0666,CVE-2000-0800 10

port 80/tcp86954 - Apache/IBM HTTP Server ByteRange Filter Denial of ServiceVulnerability CVE-2011-3192 7.8


86855 - Apache mod_proxy_ftp FTP Command Injection VulnerabilityCVE-2009-3095 7.5

port 10000/tcp10659 - Webmin / Usermin Login Cross Site Scripting VulnerabilityCVE-2002-0756 7.5

port 10000/tcp10658 - Webmin / Usermin Authentication Bypass VulnerabilityCVE-2002-0757 7.5

IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�8

IP�Address:�7

IP�Address:�7

IP�Address:�7

IP�Address:�7

IP�Address:�7

IP�Address:�7

IP�Address:�7


port 10000/tcp86156 - Webmin Environment Variable Information DisclosureVulnerability CVE-2001-1074 7.2





86920 - Apache HTTP Server APR-util Multiple Denial of ServiceVulnerabilities CVE-2009-3720,CVE-2010-1623 5

86840 - Apache HTTP Server AllowOverride Options Security BypassCVE-2009-1195,CVE-2008-1678 5


82024 - UDP Constant IP Identification Field FingerprintingVulnerability CVE-2002-0510 5

66044 - NFS RPC Services Listening on Non-Privileged Ports 5

66036 - mountd RPC Daemon Discloses Exported DirectoriesAccessed by Remote Hosts 5

66002 - NFS Exported Filesystems List Vulnerability 5

11 - Hidden RPC Services 5

86975 - Apache HTTP Server multiple vulnerabilitiesCVE-2011-3607,CVE-2012-0021,CVE-2012-0031,CVE-2012-0053 4.6

port 80/tcp86477 - Apache Web Server ETag Header Information DisclosureWeakness CVE-2003-1418 4.3

12500 - Apache HTTP Server APR "apr_fnmatch()" Denial of ServiceVulnerability CVE-2011-0419 4.3

IP�Address:�7 86854 - Apache mod_proxy_ftp 2.0.x/2.2.x Denial of ServiceVulnerability CVE-2009-3094 2.6


IP�Address:�7 66047 - "rquotad" RPC Service Present CVE-1999-0625 0

IP�Address:�7 66043 - YP/NIS RPC Services Listening on Non-Privileged Ports 0

Consolidated�Solution/Correction�Plan�forIP�Address:�7


Merchant Comment:



90464 - Microsoft Windows Server Service Could Allow RemoteCode Execution (MS08-067) CVE-2008-4250 10

port 1158/tcp-SSL 38173 - SSL Certificate - Signature Verification Failed Vulnerability 9.4

port 1158/tcp-SSL 38169 - SSL Certificate - Self-Signed Certificate 9.4

port 1158/tcp-SSL 38140 - SSL Server Supports Weak Encryption Vulnerability 9

port 1043/tcp19137 - Oracle Server Accounts That Do Not Lockout With FailedLogon Attempts 9

port 1521/tcp19137 - Oracle Server Accounts That Do Not Lockout With FailedLogon Attempts 9


19136 - Oracle Server Accounts Without Password-ComplexityValidation Setup 9


19136 - Oracle Server Accounts Without Password-ComplexityValidation Setup 9

IP�Address:�7

IP�Address:�7

IP�Address:�7

IP�Address:�7

IP�Address:�7

IP�Address:�7

IP�Address:�7

IP�Address:�7

IP�Address:�7

IP�Address:�7

IP�Address:�7

IP�Address:�7

IP�Address:�7

IP�Address:�7

IP�Address:�7

IP�Address:�7

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6


IP�Address:�6port 1158/tcp 150022 - Syntax error occurred 7.5


19538 - Oracle Multiple Remote Privilege Escalation Vulnerabilities -Zero Day 7.5


19538 - Oracle Multiple Remote Privilege Escalation Vulnerabilities -Zero Day 7.5


19631 - Oracle 11.2.0.1 on Microsoft Windows - General UpdateMultiple Issues (Patch #11) 6.8

port 1521/tcp19631 - Oracle 11.2.0.1 on Microsoft Windows - General UpdateMultiple Issues (Patch #11) 6.8











90250 - Microsoft Windows Remote Desktop Protocol Server PrivateKey Disclosure CVE-2005-1794 6.4

port 1158/tcp-SSL38596 - TLS Protocol Session Renegotiation Security VulnerabilityCVE-2009-3555 5.8



port 1158/tcp-SSL42012 - X.509 Certificate MD5 Signature Collision VulnerabilityCVE-2004-2761 5

port 1158/tcp-SSL 38171 - SSL Certificate - Server Public Key Too Small 5








port 1158/tcp-SSL42366 - SSLv3.0/TLSv1.0 Protocol Weak CBC Mode VulnerabilityCVE-2011-3389 4.3




IP�Address:�6port 1158/tcp 150004 - Path-Based Vulnerability 2.1

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6








70000 - NetBIOS Name Accessible 0

port 1521/tcp19181 - Oracle Password Settings Do Not Conform toRecommendations 0

port 1043/tcp19181 - Oracle Password Settings Do Not Conform toRecommendations 0

port 1043/tcp 19132 - Oracle sql92_security Parameter is Disabled 0

IP�Address:�6port 1521/tcp 19132 - Oracle sql92_security Parameter is Disabled 0


ASV Comment:Complete vendor solutions, non-vendor workarounds and configuration changes compliant with the PCI DSS are available to address theseissues. No fix is available at this time for some issues; please consider implementing mitigating controls (firewalls, traffic filtering, etc.) toaddress these. For specific information on how to remediate these issues please consult the technical report below.

Merchant Comment:




10

IP�Address:�5 38217 - OpenSSH Multiple Memory Management VulnerabilitiesCVE-2003-0693,CVE-2003-0695,CVE-2003-0682 10

IP�Address:�5 38202 - OpenSSH PAMAuthenticationViaKbdInt Buffer OverflowVulnerability CVE-2002-0640 10


38113 - OpenSSH Challenge-Response Authentication IntegerOverflow Vulnerability CVE-2002-0639 10



38560 - OpenSSH Signal Handling Vulnerability CVE-2006-5051,CVE-2006-4924 9.3

port 443/tcp-SSL 38140 - SSL Server Supports Weak Encryption Vulnerability 9

115284 - IP Forwarding Enabled CVE-1999-0511 7.5


38198 - OpenSSH Reverse DNS Lookup Access Control BypassVulnerability CVE-2003-0386 7.5

42340 - OpenSSH X11 Hijacking Attack Vulnerability CVE-2008-1483 6.9


port 443/tcp-SSL 38167 - SSL Certificate - Expired 6.4


port 443/tcp-SSL38141 - SSL Server May Be Forced to Use Weak EncryptionVulnerability 5.4



port 443/tcp-SSL38477 - SSL Insecure Protocol Negotiation WeaknessCVE-2005-2969 5

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�6

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�5


38469 - OpenSSH GSSAPI Credential Disclosure VulnerabilityCVE-2005-2798 5

115317 - OpenSSH Local SCP Shell Command ExecutionVulnerability (FEDORA-2006-056, Vmware-3069097-Patch,Vmware-9986131-Patch) CVE-2006-0225

4.6

port 443/tcp86821 - Apache 1.3 HTTP Server Expect Header Cross-Site ScriptingCVE-2006-3918 4.3


port 443/tcp-SSL 38284 - Netscape/OpenSSL Cipher Forcing Bug CVE-2008-7270 4.3

port 443/tcp-SSL 38139 - SSL Server Has SSLv2 Enabled Vulnerability 4

42339 - OpenSSH Plaintext Recovery Attack Against SSHVulnerability CVE-2008-5161 2.6





Merchant Comment:


IP�Address:�3port 6000/tcp 95001 - X-Window Sniffing CVE-1999-0526 10



10


31000 - "Finger 0@" Information about Logged Users DisclosureVulnerability CVE-1999-0197 10



port 6789/tcp 86848 - Sun Java Web Console masthead.jsp Cross-Site Scripting 7.8

port 6789/tcp 86845 - Sun Java Web Console Navigator Cross-Site Scripting 7.8

port 6789/tcp 86844 - Sun Java Web Console helpwindow.jsp Cross-Site Scripting 7.8

port 6789/tcp86830 - Sun Java Web Console Remote Information DisclosureVulnerability (231526) CVE-2008-1286 7.8

port 6789/tcp 150013 - Browser-Specific Cross-Site Scripting (XSS) 7.5

port 6789/tcp 150001 - Reflected Cross-Site Scripting (XSS) Vulnerabilities 7.5




port 6789/tcp 150023 - Directory Listing 5

port 6789/tcp 86445 - Web Directories Listable Vulnerability 5


74220 - Sendmail Long Header Denial of Service VulnerabilityCVE-2006-4434 5

port 25/tcp 74046 - Valid Logins/Aliases Guessed with SMTP VRFY Command 5

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�5

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3


port 587/tcp 74046 - Valid Logins/Aliases Guessed with SMTP VRFY Command 5

port 587/tcp 74045 - Valid Logins Guessed with SMTP EXPN Command 5

port 25/tcp 74045 - Valid Logins Guessed with SMTP EXPN Command 5

45002 - Global User List 5


port 79/tcp31003 - Finger Service Discloses Logged Users CVE-1999-0259,CVE-1999-0612 5

port 6789/tcp86843 - Sun Java Web Console May Allow Unauthorized Redirection(243786) CVE-2008-5550 4.3



port 6789/tcp 150004 - Path-Based Vulnerability 2.1

31002 - Finger Daemon Accepts Forwarding of RequestsCVE-1999-0106 2.1

port 6789/tcp 150084 - Unencoded characters 0

IP�Address:�3 82001 - ICMP Mask Reply CVE-1999-0524 0



Merchant Comment:


IP�Address:�2port 443/tcp-SSL 38169 - SSL Certificate - Self-Signed Certificate 9.4

IP�Address:�2 43054 - Cisco IOS 2GB HTTP GET Buffer Overflow VulnerabilityCVE-2003-0647 7.5

IP�Address:�2port 22/tcp 38304 - SSH Protocol Version 1 Supported CVE-2001-1473 7.5

IP�Address:�2 43098 - Cisco IOS Secure Shell Server Memory Leak Denial ofService Vulnerability CVE-2005-1021 7.1

port 80/tcp 43003 - Cisco IOS HTTP %% Vulnerability CVE-2000-0380 7.1


43151 - Cisco IOS Multiple Cross-Site Scripting VulnerabilitiesCVE-2008-3821,CVE-2009-0470,CVE-2009-0471 6.8



port 22/tcp 38523 - SSH Weak Cipher Used 5

port 443/tcp-SSL 38172 - SSL Certificate - Improper Usage Vulnerability 5

port 443/tcp43021 - Cisco Router/Switch Default Password VulnerabilityCVE-1999-0508 4.6

port 80/tcp43021 - Cisco Router/Switch Default Password VulnerabilityCVE-1999-0508 4.6

port 22/tcp 38259 - SSH User Login Bruteforced CVE-1999-0508 4.6


port 80/tcp38250 - Management Interfaces Accessible On Cisco DeviceVulnerability 4

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�3

IP�Address:�2

IP�Address:�2

IP�Address:�2

IP�Address:�2

IP�Address:�2

IP�Address:�2

IP�Address:�2

IP�Address:�2

IP�Address:�2

IP�Address:�2

IP�Address:�2

IP�Address:�2



port 80/tcp12220 - Cisco IOS HTTP Service HTML Injection VulnerabilityCVE-2005-3921 2.6

port 443/tcp-SSL12220 - Cisco IOS HTTP Service HTML Injection VulnerabilityCVE-2005-3921 2.6

port 443/tcp 43004 - Cisco Router Online Help Vulnerability CVE-2000-0345 2.1




Merchant Comment:

IP�Address:�1 78035 - Multiple Vendor SNMP Request and Trap HandlingVulnerabilities CVE-2002-0012,CVE-2002-0013 10


78031 - Writeable SNMP Information CVE-1999-0792,CVE-2000-0147,CVE-2001-0380,CVE-2001-1210,CVE-2002-0478,CVE-2000-0515

10

IP�Address:�143176 - Cisco IOS Software Session Initiation Protocol Denial ofService Vulnerabilities (cisco-sa-20100324-sip) CVE-2010-0580,CVE-2010-0581,CVE-2010-0579

10


38254 - Cisco IOS Malformed SNMP Message-Handling VulnerabilityCVE-2002-0012,CVE-2002-0013 10

IP�Address:�143218 - Cisco IOS Software Network Address TranslationVulnerabilities (cisco-sa-20110928-nat) CVE-2011-3276,CVE-2011-3277,CVE-2011-3278,CVE-2011-3279,CVE-2011-3280,CVE-2011-0946

7.8

43214 - Cisco IOS Software Data-Link Switching Vulnerability (cisco-sa-20110928-dlsw) CVE-2011-0945 7.8

43207 - Cisco IOS Multiple Vulnerabilities CVE-2010-4686 7.8

43197 - Cisco IOS TCP State Manipulation Denial of ServiceVulnerabilities (cisco-sa-20090908-tcp24) CVE-2009-0627,CVE-2008-4609

7.8

43196 - Cisco IOS Software H.323 Denial of Service Vulnerabilities(cisco-sa-20100922-h323) CVE-2010-2828,CVE-2010-2829 7.8

43194 - Cisco IOS Software Network Address TranslationVulnerabilities (cisco-sa-20100922-nat) CVE-2010-2831 7.8

43192 - Cisco IOS Software Session Initiation Protocol Denial ofService Vulnerabilities (cisco-sa-20100922-sip) CVE-2010-2835,CVE-2009-2051,CVE-2010-2834

7.8

43182 - Cisco Unified Communications Manager Express Denial ofService Vulnerabilities (cisco-sa-20100324-cucme) CVE-2010-0585,CVE-2010-0586

7.8

43180 - Cisco IOS Software Multiprotocol Label Switching PacketVulnerability (cisco-sa-20100324-ldp) CVE-2010-0576 7.8

43178 - Cisco IOS Software H.323 Denial of Service Vulnerabilities(cisco-sa-20100324-h323) CVE-2010-0582 7.8

43173 - Cisco IOS IPv6 Routing Header Vulnerability (cisco-sa-20070124-IOS-IPv6) CVE-2007-0481 7.8

43170 - Cisco IOS Software H.323 Denial of Service Vulnerability(cisco-sa-20090923-h323) CVE-2009-2866 7.8

43162 - Cisco IOS Software TCP State Manipulation Denial ofService Vulnerabilities (cisco-sa-20090908-tcp24) CVE-2008-4609,CVE-2009-0627

7.8

43158 - Cisco IOS Software Session Initiation Protocol Denial ofService Vulnerability (cisco-sa-20090325-sip) CVE-2009-0636 7.8

43155 - Cisco IOS Software Multiple Features Crafted UDP PacketVulnerability (cisco-sa-20090325-ud) CVE-2009-0631 7.8

43149 - Cisco IOS IPS Denial of Service Vulnerability (cisco-sa-20080924-iosips) CVE-2008-2739 7.8

IP�Address:�1 43146 - Cisco IOS Software Multiple Multicast Vulnerabilities (cisco-sa-20080924-multicast) CVE-2008-3808,CVE-2008-3809 7.8

IP�Address:�2

IP�Address:�2

IP�Address:�2

IP�Address:�2

IP�Address:�2

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1


IP�Address:�1 43142 - Cisco IOS Multiple DLSw Denial of Service VulnerabilitiesCVE-2008-1152 7.8

IP�Address:�1 43139 - Cisco IOS SSL Packets Multiple VulnerabilitiesCVE-2007-2813 7.8

IP�Address:�1 43138 - Cisco IOS Multiple DLSw Denial of Service VulnerabilitiesCVE-2008-1152 7.8

IP�Address:�1 43100 - Cisco IOS EIGRP Announcement ARP Denial of ServiceVulnerability CVE-2002-2208 7.8

IP�Address:�1 115284 - IP Forwarding Enabled CVE-1999-0511 7.5

38471 - Cisco IOS Firewall Authentication Proxy for FTP and TelnetSessions Buffer Overflow CVE-2005-2841 7.5


43204 - Cisco IOS VLAN Trunking Protocol Vulnerability (cisco-sr-20081105-vtp) CVE-2008-4963 7.1

43174 - Cisco IOS Software Crafted TCP Packet Denial of ServiceVulnerability (cisco-sa-20100324-tcp) CVE-2010-0577 7.1

43172 - Cisco IOS Software Tunnels Vulnerability (cisco-sa-20090923-tunnels) CVE-2009-2873 7.1

43157 - Cisco IOS Software Secure Copy Privilege EscalationVulnerability (cisco-sa-20090325-scp) CVE-2009-0637 7.1

43153 - Cisco IOS Software Multiple Features IP SocketsVulnerability (cisco-sa-20090325-ip) CVE-2009-0630 7.1

43098 - Cisco IOS Secure Shell Server Memory Leak Denial ofService Vulnerability CVE-2005-1021 7.1


43151 - Cisco IOS Multiple Cross-Site Scripting VulnerabilitiesCVE-2008-3821,CVE-2009-0470,CVE-2009-0471 6.8


43179 - Cisco IOS DLSw Vulnerability (cisco-sa-20070110-dlsw)CVE-2007-0199 5

43116 - Cisco Internet Key Exchange Denial of Service VulnerabilityCVE-2006-3906 5

43056 - Cisco Internet Operating System SNMP Message ProcessingDenial of Service Vulnerability CVE-2004-0714 5

port 22/tcp 38523 - SSH Weak Cipher Used 5

38308 - Cisco IOS Telnet Service Remote Denial of ServiceVulnerability CVE-2004-1464 5

43021 - Cisco Router/Switch Default Password VulnerabilityCVE-1999-0508 4.6

port 22/tcp 38259 - SSH User Login Bruteforced CVE-1999-0508 4.6



port 161/udp38250 - Management Interfaces Accessible On Cisco DeviceVulnerability 4

port 500/udp38498 - Pre-shared Key Off-line Bruteforcing Using IKE AggressiveMode 2.6

port 80/tcp12220 - Cisco IOS HTTP Service HTML Injection VulnerabilityCVE-2005-3921 2.6




Merchant Comment:

Part 3b. Special Notes by IP Address

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1

IP�Address:�1


IP Address NoteItem Noted (remote accesssoftware, POS software,etc.)

Scan customer'sdeclaration that software isimplemented securely (seenext column if notimplemented securely)

Scan customer's description ofactions taken to either: 1) removethe software or 2) implementsecurity controls to secure thesoftware

IP�Address:�15

Due to increased risk to thecardholder data environment whenremote access software is present,please 1) justify the business need forthis software to the ASV and 2)confirm it is either implementedsecurely or disabled/removed.

42017 - Remote Access orManagement ServiceDetected

Yes SSH is secure remote accessmanagement protocol

IP�Address:�14


38019 - Remote LoginService Open No

disable the rlogin service only use asecure protocol such as SSH for theremote management

IP�Address:�14



No disable the telnet service only useSSH for the remote management

IP�Address:�11



Yes PCAnwhere is use for remote accessor management

IP�Address:�10




IP�Address:�9



Nouse a secure remote access ormanagement service or protocol(such as ssh) to replace telnet service

IP�Address:�7



Yes The VNC service is use for remoteaccess or management

IP�Address:�6



Yes The RDP service is use for windowsremote management

IP�Address:�5




IP�Address:�2





IP�Address:�1





Report SummaryCompany:Hosts in Account: 15Hosts Scanned: 16Hosts Active: 16Scan Date: 02/17/2012 at 17:15:06Report Date: 02/20/2012 at 06:01:38Report Title:Template Title: Payment Card Industry (PCI) Executive Report

Summary of Vulnerabilities

Vulnerabilities Total 672 Average Security Risk 4.5

by SeveritySeverity Confirmed Potential Information Gathered Total5 20 9 0 294 24 27 0 513 122 92 10 2242 104 45 22 1711 29 2 166 197Total 299 175 198 672

by PCI SeverityPCI Severity Confirmed Potential TotalHigh 105 76 181Medium 145 76 221Low 49 23 72Total 299 175 474


Vulnerabilities by PCI Severity

Potential Vulnerabilities by PCI Severity


Vulnerabilities by Severity

Potential Vulnerabilities by Severity


Appendices

Host Comments

IP�Address:�1Complete vendor solutions and non-vendor workarounds are available to address these issues. No fix is available at this time for some issues; pleaseconsider implementing mitigating controls (firewalls, traffic filtering, etc.) to address these. For specific information on how to remediate these issues pleaseconsult the technical report below.

IP�Address:�2There are non-vendor provided solutions to address these issues. No fix is available at this time for some issues; please consider implementing mitigatingcontrols (firewalls, traffic filtering, etc.) to address these. For specific information on how to remediate these issues please consult the technical reportbelow.



IP�Address:�6Complete vendor solutions, non-vendor workarounds and configuration changes compliant with the PCI DSS are available to address these issues. No fix isavailable at this time for some issues; please consider implementing mitigating controls (firewalls, traffic filtering, etc.) to address these. For specificinformation on how to remediate these issues please consult the technical report below.


IP�Address:�8Complete vendor solutions, non-vendor workarounds, upgrades to supported versions of the software, and configuration changes compliant with the PCIDSS are available to address these issues. No fix is available at this time for some issues; please consider implementing mitigating controls (firewalls, trafficfiltering, etc.) to address these. For specific information on how to remediate these issues please consult the technical report below.


IP�Address:�9Complete vendor solutions are available to address some issues. No fix is available at this time for some issues; please consider implementing mitigatingcontrols (firewalls, traffic filtering, etc.) to address these. For specific information on how to remediate these issues please consult the technical reportbelow.


IP�Address:�11Complete vendor solutions and configuration changes compliant with the PCI DSS are available to address these issues. No fix is available at this time forsome issues; please consider implementing mitigating controls (firewalls, traffic filtering, etc.) to address these. For specific information on how to remediatethese issues please consult the technical report below.






IP�Address:�16Complete vendor solutions and configuration changes compliant with the PCI DSS are available to address these issues. No fix is available at this time forsome issues; please consider implementing mitigating controls (firewalls, traffic filtering, etc.) to address these. For specific information on how to remediatethese issues please consult the technical report below.

Hosts ScannedIP�Address:�1-IP�Address:�16

Option Profile

ScanScanned TCP Ports: FullScanned UDP Ports: Standard ScanScan Dead Hosts: OffLoad Balancer Detection: OffPassword Brute Forcing: StandardVulnerability Detection: CompleteWindows Authentication: DisabledSSH Authentication: DisabledOracle Authentication: DisabledSNMP Authentication: DisabledPerform 3-way Handshake: Off

AdvancedHosts Discovery: TCP Standard Scan, UDP Standard Scan, ICMP OnIgnore RST packets: OffIgnore firewall-generated SYN-ACK packets: OffDo not send ACK or SYN-ACK packets during host discovery: Off


Report Legend

Payment Card Industry (PCI) StatusAn overall PCI compliance status of PASSED indicates that all hosts in the report passed the PCI compliance standards. A PCI compliance status ofPASSED for a single host/IP indicates that no vulnerabilities or potential vulnerabilities, as defined by the PCI DSS compliance standards set by the PCICouncil, were detected on the host.

An overall PCI compliance status of FAILED indicates that at least one host in the report failed to meet the PCI compliance standards. A PCI compliancestatus of FAILED for a single host/IP indicates that at least one vulnerability or potential vulnerability, as defined by the PCI DSS compliance standards setby the PCI Council, was detected on the host.

Vulnerability LevelsA Vulnerability is a design flaw or mis-configuration which makes your network (or a host on your network) susceptible to malicious attacks from local orremote users. Vulnerabilities can exist in several areas of your network, such as in your firewalls, FTP servers, Web servers, operating systems or CGI bins.Depending on the level of the security risk, the successful exploitation of a vulnerability can vary from the disclosure of information about the host to acomplete compromise of the host.

Severity Level Description

1 Minimal Intruders can collect information about the host (open ports, services, etc.) and may beable to use this information to find othervulnerabilities.

2 Medium Intruders may be able to collect sensitive information from the host, such as the preciseversion of software installed. With this information, intruders can easily exploit knownvulnerabilities specific to softwareversions.

3 Serious Intruders may be able to gain access to specific information stored on the host, includingsecurity settings. This could result in potential misuse of the host by intruders. Forexample, vulnerabilities at this level may include partial disclosure of file contents,access to certain files on the host, directory browsing, disclosure of filtering rules andsecurity mechanisms, denial of service attacks, and unauthorized use of services, such asmail-relaying.

4 Critical Intruders can possibly gain control of the host, or there may be potential leakage ofhighly sensitive information. For example, vulnerabilities at this level may include fullread access to files, potential backdoors, or a listing of all the users on the host.

5 Urgent Intruders can easily gain control of the host, which can lead to the compromise of yourentire network security. For example, vulnerabilities at this level may include full readand write access to files, remote execution of commands, and the presence of backdoors.


Low A vulnerability with a CVSS base score of 0.0 through 3.9. These vulnerabilities are not required to be fixed to pass PCI compliance.

Medium A vulnerability with a CVSS base score of 4.0 through 6.9. These vulnerabilities must be fixed to pass PCI compliance.

High A vulnerability with a CVSS base score of 7.0 through 10.0. These vulnerabilities must be fixed to pass PCI compliance.

Potential Vulnerability LevelsA potential vulnerability is one which we cannot confirm exists. The only way to verify the existence of such vulnerabilities on your network would be toperform an intrusive scan, which could result in a denial of service. This is strictly against our policy. Instead, we urge you to investigate these potentialvulnerabilities further.


1 Minimal If this vulnerability exists on your system, intruders can collect information about thehost (open ports, services, etc.) and may be able to use this information to find othervulnerabilities.

2 Medium If this vulnerability exists on your system, intruders may be able to collect sensitiveinformation from the host, such as the precise version of software installed. With thisinformation, intruders can easily exploit known vulnerabilities specific to softwareversions.

3 Serious If this vulnerability exists on your system, intruders may be able to gain access tospecific information stored on the host, including security settings. This could result inpotential misuse of the host by intruders. For example, vulnerabilities at this level mayinclude partial disclosure of file contents, access to certain files on the host,directory browsing, disclosure of filtering rules and security mechanisms, denial ofservice attacks, and unauthorized use of services, such asmail-relaying.


4 Critical If this vulnerability exists on your system, intruders can possibly gain control of thehost, or there may be potential leakage of highly sensitive information. For example,vulnerabilities at this level may include full read access to files, potential backdoors,or a listing of all the users on thehost.

5 Urgent If this vulnerability exists on your system, intruders can easily gain control of the host,which can lead to the compromise of your entire network security. For example, vulnerabilites at this level may include full read and write access to files, remote execution of commads, and the presence ofbackdoors.


Low A potential vulnerability with a CVSS base score of 0.0 through 3.9. These vulnerabilities arenot required to be fixed to pass PCI compliance.

Medium A potential vulnerability with a CVSS base score of 4.0 through 6.9. These vulnerabilities must be fixed to pass PCI compliance.

High A potential vulnerability with a CVSS base score of 7.0 through 10.0. These vulnerabilities must be fixed to pass PCI compliance.

Information GatheredInformation Gathered includes visible information about the network related to the host, such as traceroute information, Internet Service Provider (ISP), or alist of reachable hosts. Information Gathered severity levels also include Network Mapping data, such as detected firewalls, SMTP banners, or a list of openTCP services.


1 Minimal Intruders may be able to retrieve sensitive information related to the host, such as openUDP and TCP services lists, and detection of firewalls.

2 Medium Intruders may be able to determine the operating system running on the host, and view banner versions.

3 Serious Intruders may be able to detect highly sensitive data, such as global system user lists.

payment card industry (pci) executive report

Documents