| Security Issues and Fixes: 192.168.0.40 |
| Type |
Port |
Issue and Fix |
| Informational |
ftp (21/tcp) |
An FTP server is running on this port.
Here is its banner :
220 Microsoft FTP Service
Nessus ID : 10330 |
| Informational |
ftp (21/tcp) |
Synopsis :
A FTP server is listening on this port
Description :
It is possible to obtain the banner of the remote FTP server
by connecting to the remote port.
Risk factor :
None
Plugin output :
The remote FTP banner is :
220 Microsoft FTP Service
Nessus ID : 10092 |
| Informational |
http (80/tcp) |
A web server is running on this port
Nessus ID : 10330 |
| Informational |
http (80/tcp) |
The following directories were discovered:
/News, /include, /images
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
Other references : OWASP:OWASP-CM-006
Nessus ID : 11032 |
| Informational |
http (80/tcp) |
The following CGI have been discovered :
Syntax : cginame (arguments [default value])
/attivita/cartoline.asp (L [IT] )
/attivita/documentazione.asp (L [IT] )
/contatti.asp (L [IT] )
/notelegali.asp (L [IT] )
/mappa.asp (L [IT] )
/presentazione/qualita.asp (L [IT] )
/video.asp (L [IT] )
/attivita/incremento.asp (L [IT] )
/museo/allest_2/visita_doc.asp (L [IT] Pag [] )
/attivita/ricerca.asp (L [IT] )
/credits.asp (L [IT] )
Nessus ID : 10662 |
| Informational |
http (80/tcp) |
The remote web server type is :
Microsoft-IIS/6.0
Nessus ID : 10107 |
| Informational |
http (80/tcp) |
The remote IIS server *seems* to be Microsoft IIS 6.0 - w2k3 build 3790
Nessus ID : 11874 |
| Informational |
http (80/tcp) |
The remote host appears to be running a version of IIS which allows remote
users to determine which authentication schemes are required for confidential
webpages.
Specifically, the following methods are enabled on the remote webserver:
- IIS NTLM authentication is enabled
Solution : None at this time
Risk factor : Low
CVE : CVE-2002-0419
BID : 4235
Nessus ID : 11871 |
| Informational |
http (80/tcp) |
The remote web server leaks a private IP address through the WebDAV interface.
If this web server is behind a Network Address Translation (NAT) firewall or proxy
server, then the internal IP addressing scheme has been leaked.
That address is: 192.168.30.4
This is typical of IIS 5.0 installations that are not configured properly.
See also : http://www.nextgenss.com/papers/iisrconfig.pdf
Solution : http://support.microsoft.com/default.aspx?scid=KB%3BEN-US%3BQ218180&ID=KB%3BEN-US%3BQ218180
Risk factor : Low
CVE : CVE-2002-0422
Nessus ID : 12113 |
| Informational |
http (80/tcp) |
Synopsis :
The remote server is running with WebDAV enabled.
Description :
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.
If you do not use this extension, you should disable it.
Solution :
http://support.microsoft.com/default.aspx?kbid=241520
Risk factor :
None / CVSS Base Score : 0
(AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N)
Nessus ID : 11424 |
| Informational |
general/tcp |
Nessus was not able to reliably identify the remote operating system. It might be:
Microsoft Windows 2000 Server Service Pack 4
Nessus ID : 11936 |