Sunucu Açıklarıma Bakar mısınız?

KafamHeryerde

KafamHeryerde

Üye
13 May 2019
184
2
Kod: 
+ Target Port:        80
+ Start Time:         2020-09-17 16:50:48 (GMT3)
---------------------------------------------------------------------------
+ Server: Apache-Coyote/1.1
+ Cookie JSESSIONID created without the httponly flag
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS 
+ OSVDB-397: HTTP method ('Allow' Header): 'PUT' method could allow clients to save files on the web server.
+ OSVDB-5646: HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server.
+ Web Server returns a valid response with junk HTTP methods, this may cause false positives.
+ /servlet/com.unify.servletexec.UploadServlet: This servlet allows attackers to upload files to the server.
+ /servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
+ OSVDB-6196: /servlet/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See [url]http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999[/url]
+ /servlet/sunexamples.BBoardServlet: This default servlet lets attackers execute arbitrary commands.
+ /servlet/SessionManager: IBM WebSphere reconfigure servlet (user=servlet, password=manager). All default code should be removed from servers.
+ /servlet/allaire.jrun.ssi.SSIFilter: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call, see MPSB01-12 [url]http://www.macromedia.com/devnet/security/security_zone/mpsb01-12.html[/url].
+ OSVDB-3092: /backup/: This might be interesting...
+ OSVDB-3092: /misc/: This might be interesting...
+ OSVDB-3092: /setup/: This might be interesting...
+ OSVDB-3092: /status/: This might be interesting...
+ OSVDB-3092: /users/: This might be interesting...
+ OSVDB-3092: /users/scripts/submit.cgi: This might be interesting...
+ OSVDB-3233: /servlet/Counter: JRun default servlet found. All default code should be removed from servers.
+ OSVDB-3233: /servlet/DateServlet: JRun default servlet found. All default code should be removed from servers.
+ OSVDB-3233: /servlet/FingerServlet: JRun default servlet found. All default code should be removed from servers.
+ OSVDB-3233: /servlet/HelloWorldServlet: JRun default servlet found. All default code should be removed from servers.
+ OSVDB-3233: /servlet/SessionServlet: JRun or Netware WebSphere default servlet found. All default code should be removed from servers.
+ OSVDB-3233: /servlet/SimpleServlet: JRun default servlet found (possibly Websphere). All default code should be removed from servers.
+ OSVDB-3233: /servlet/SnoopServlet: JRun, Netware Java Servlet Gateway, or WebSphere default servlet found. All default code should be removed from servers.
+ OSVDB-3233: /servlet/AdminServlet: Netware Web Search Server (adminservlet) found. All default code should be removed from web servers.
+ OSVDB-3233: /servlet/gwmonitor: Netware Gateway monitor found. All default code should be removed from web servers.
+ OSVDB-3233: /servlet/PrintServlet: Novell Netware default servlet found. All default code should be removed from the system.
+ OSVDB-3233: /servlet/SearchServlet: Novell Netware default servlet found. All default code should be removed from the system.
+ OSVDB-3233: /servlet/ServletManager: Netware Java Servlet Gateway found. Default user ID is servlet, default password is manager. All default code should be removed from Internet servers.
+ OSVDB-3233: /servlet/sq1cdsn: Novell Netware default servlet found. All default code should be removed from the system.
+ OSVDB-3233: /servlet/sqlcdsn: Netware SQL connector found. All default code should be removed from web servers.
+ OSVDB-3233: /servlet/webacc: Netware Enterprise and/or GroupWise web access found. All default code should be removed from Internet servers.
+ OSVDB-3233: /servlet/webpub: Netware Web Publisher found. All default code should be removed from web servers.
+ /configuration/: Admin login page/section found.
+ /maintenance/: Admin login page/section found.
+ 7915 requests: 0 error(s) and 38 item(s) reported on remote host
+ End Time:           2020-09-17 16:55:21 (GMT3) (273 seconds)


Sunucumda bu kadar güvenlik zaafiyeti çıktı bunlar önemli midir yoksa yamalamazsak sorun olur mu?
 
Moderatör tarafında düzenlendi:
Tarihe göre sırala Oylara göre sırala
S

SiyahYunus

Katılımcı Üye
4 Ocak 2020
560
2
Şimdi yapacakların şunlar. Başında bulunan (örn: OSVDB-3233) zaafiyet kodunu google ye soruyorsun. O sana bunun ne için olduğunu açıklar veya. https://vulners.com/ buraya girip arıyorsun. bu kadar basit. zaten yanında açıklamış. Google çeviriyle bile bu iş bitebilirdi ancak yapacaklarını yazdım. İyi forumlar
 
Oyla 0 Downvote
Üst

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.