- 13 May 2019
- 184
- 2
Kod:
+ Target Port: 80
+ Start Time: 2020-09-17 16:50:48 (GMT3)
---------------------------------------------------------------------------
+ Server: Apache-Coyote/1.1
+ Cookie JSESSIONID created without the httponly flag
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
+ OSVDB-397: HTTP method ('Allow' Header): 'PUT' method could allow clients to save files on the web server.
+ OSVDB-5646: HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server.
+ Web Server returns a valid response with junk HTTP methods, this may cause false positives.
+ /servlet/com.unify.servletexec.UploadServlet: This servlet allows attackers to upload files to the server.
+ /servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
+ OSVDB-6196: /servlet/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See [url]http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999[/url]
+ /servlet/sunexamples.BBoardServlet: This default servlet lets attackers execute arbitrary commands.
+ /servlet/SessionManager: IBM WebSphere reconfigure servlet (user=servlet, password=manager). All default code should be removed from servers.
+ /servlet/allaire.jrun.ssi.SSIFilter: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call, see MPSB01-12 [url]http://www.macromedia.com/devnet/security/security_zone/mpsb01-12.html[/url].
+ OSVDB-3092: /backup/: This might be interesting...
+ OSVDB-3092: /misc/: This might be interesting...
+ OSVDB-3092: /setup/: This might be interesting...
+ OSVDB-3092: /status/: This might be interesting...
+ OSVDB-3092: /users/: This might be interesting...
+ OSVDB-3092: /users/scripts/submit.cgi: This might be interesting...
+ OSVDB-3233: /servlet/Counter: JRun default servlet found. All default code should be removed from servers.
+ OSVDB-3233: /servlet/DateServlet: JRun default servlet found. All default code should be removed from servers.
+ OSVDB-3233: /servlet/FingerServlet: JRun default servlet found. All default code should be removed from servers.
+ OSVDB-3233: /servlet/HelloWorldServlet: JRun default servlet found. All default code should be removed from servers.
+ OSVDB-3233: /servlet/SessionServlet: JRun or Netware WebSphere default servlet found. All default code should be removed from servers.
+ OSVDB-3233: /servlet/SimpleServlet: JRun default servlet found (possibly Websphere). All default code should be removed from servers.
+ OSVDB-3233: /servlet/SnoopServlet: JRun, Netware Java Servlet Gateway, or WebSphere default servlet found. All default code should be removed from servers.
+ OSVDB-3233: /servlet/AdminServlet: Netware Web Search Server (adminservlet) found. All default code should be removed from web servers.
+ OSVDB-3233: /servlet/gwmonitor: Netware Gateway monitor found. All default code should be removed from web servers.
+ OSVDB-3233: /servlet/PrintServlet: Novell Netware default servlet found. All default code should be removed from the system.
+ OSVDB-3233: /servlet/SearchServlet: Novell Netware default servlet found. All default code should be removed from the system.
+ OSVDB-3233: /servlet/ServletManager: Netware Java Servlet Gateway found. Default user ID is servlet, default password is manager. All default code should be removed from Internet servers.
+ OSVDB-3233: /servlet/sq1cdsn: Novell Netware default servlet found. All default code should be removed from the system.
+ OSVDB-3233: /servlet/sqlcdsn: Netware SQL connector found. All default code should be removed from web servers.
+ OSVDB-3233: /servlet/webacc: Netware Enterprise and/or GroupWise web access found. All default code should be removed from Internet servers.
+ OSVDB-3233: /servlet/webpub: Netware Web Publisher found. All default code should be removed from web servers.
+ /configuration/: Admin login page/section found.
+ /maintenance/: Admin login page/section found.
+ 7915 requests: 0 error(s) and 38 item(s) reported on remote host
+ End Time: 2020-09-17 16:55:21 (GMT3) (273 seconds)
Sunucumda bu kadar güvenlik zaafiyeti çıktı bunlar önemli midir yoksa yamalamazsak sorun olur mu?
Moderatör tarafında düzenlendi: