Go Directly to Page Content
Go Directly to Site Search
Go Directly to Site Navigation
ITS Safe Computing

Vulnerabilities

Open Recursive DNS Server

Synopsis:
The remote host provides recursive DNS service.
Description:
Typically, DNS servers only provide recursive DNS services to machines within a trusted domain. A server with this vulnerability is providing recursive DNS service to any host on the Internet. Restricting recursion and disabling the ability to send additional delegation information can help prevent DNS-based DoS attacks and cache poisoning. It can also improve performance on your network by reducing the vulnerability of your DNS servers to use as a reflector in such an attack.
Solution:
See The Continuing Denial of Service Threat Posed by DNS Recursion for more information.
Risk Factor:
Medium / CVSS Base Score: 4.0

 


Web Server Generic XSS

Synopsis:
The remote web server is susceptible to cross-site scripting attacks.
Description:
The remote host is running a web server that fails to adequately sanitize request strings containing malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site.
See also:
http://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
Solution:
For devices running embedded web servers (such as printers or network equipment), contact the vendor to determine if a patch is available. 
For web servers that host applications or web sites, ensure that patches are up-to-date, and modify the application's code as necessary to correct the vulnerability.  See the OWASP link above for guidance.
If the vulnerability cannot be corrected, place the host on a privately-addressed network or behind a firewall.
Risk Factor:
Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE ID:
CVE-2002-1060
CVE-2003-1543
CVE-2005-2453
CVE-2006-1681
Nessus Plugin Information:
http://www.nessus.org/plugins/index.php?view=single&id=10815

 


HTTP TRACE / TRACK Methods Allowed

Synopsis:
Debugging functions are enabled on the remote web server.

Description:
The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections.

See also:
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
http://www.apacheweek.com/issues/03-01-24
http://www.kb.cert.org/vuls/id/288308
http://www.kb.cert.org/vuls/id/867593
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1

Solution:
These methods should be disabled where possible. Instructions follow for several prevalent types of web servers.  Some devices, such as printers, cannot be configured to disable these methods. In those cases, the device should be placed on a privately-addressed network or behind a firewall.

For Apache web servers, add the following lines for each virtual host in your configuration file:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2 support disabling the TRACE method natively via the "TraceEnable" directive.

For Internet Information Services (IIS), use the URLScan tool to deny HTTP TRACE requests or to permit only the methods needed to meet site requirements and policy.

Risk Factor:
Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE ID:
CVE-2003-1567
CVE-2004-2320
CVE-2010-0386
Nessus Plugin Information:
http://www.nessus.org/plugins/index.php?view=single&id=11213

 


Printer Accessible to Public Internet

Synopsis:
The remote host is a printer that is accessible from the public Internet.

Description:
Modern-day printers often contain hard disks and run embedded operating systems with built-in TCP/IP networking stacks, utilities, and web servers for remote administration. Thus, in addition to document disclosure, a compromised printer may be used by attackers to gather intelligence about internal campus networks and can be used discreetly as a launching pad for further attacks.

Solution:
Place the printer on a privately-addressed network or behind a firewall.

Risk Factor:
Critical / CVSS Base Score: 10.0

 


Unsupported Operating System

Synopsis:
The remote host is running an unsupported operating system.

Description:
According to its version, the remote operating system is no longer supported by its vendor or provider. Lack of support implies that no new security patches will be released for it.  See below for guidance on what constitutes an unsupported system within each operating system family.

Mac OS X
Apple generally maintains support for the current and prior release of OS X only.  As of May 2012, the current release of OS X is 10.7 (Lion) and the prior release is 10.6 (Snow Leopard).

Linux
Support for Linux-based operating systems varies by distribution.  The following sites contain relevant end-of-life information for different Linux distributions:

Solution:
Upgrade to a version of the operating system that is supported by the vendor.

Risk factor:
Critical / CVSS Base Score: 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Nessus Plugin Information:
http://www.nessus.org/plugins/index.php?view=single&id=33850