Report generated by Nessus™
Basic scan test
Fri, 15 Mar 2024 07:53:53 EDT
TABLE OF CONTENTS
Vulnerabilities by Host
192.168.20.128
9 |
14 |
20 |
6 |
75 |
Critical |
High |
Medium |
Low |
Info |
| Severity | CVSS v3.0 | VPR Score | Plugin | Name | ||||
| Critical | 9.8 | 9.8 | 81510 | PHP 5.4.x < 5.4.38 Multiple Vulnerabilities (GHOST) | ||||
| Critical | 9.8 | 8.8 | 82025 | PHP 5.4.x < 5.4.39 Multiple Vulnerabilities | ||||
| Critical | 9.8 | 6.7 | 83033 | PHP 5.4.x < 5.4.40 Multiple Vulnerabilities | ||||
| Critical | 9.8 | 6.7 | 83517 | PHP 5.4.x < 5.4.41 Multiple Vulnerabilities | ||||
| Critical | 9.8 | 6.7 | 84362 | PHP 5.4.x < 5.4.42 Multiple Vulnerabilities | ||||
| Critical | 9.8 | 5.9 | 84671 | PHP 5.4.x < 5.4.43 Multiple Vulnerabilities (BACKRONYM) | ||||
| Critical | 9.8 | 5.9 | 125855 | phpMyAdmin prior to 4.8.6 SQLi vulnerablity (PMASA-2019-3) | ||||
| Critical | 10.0 | - | 58987 | PHP Unsupported Version Detection | ||||
| Critical | 10.0* | - | 92626 | Drupal Coder Module Deserialization RCE | ||||
| High | 7.5 | - | 142591 | PHP < 7.3.24 Multiple Vulnerabilities | ||||
| High | 7.5 | 6.1 | 42873 | SSL Medium Strength Cipher Suites Supported (SWEET32) | ||||
| High | 7.3 | 5.9 | 66585 | PHP 5.4.x < 5.4.13 Information Disclosure | ||||
| High | 7.3 | 5.9 | 69401 | PHP 5.4.x < 5.4.19 Multiple Vulnerabilities | ||||
| High | 7.3 | 6.7 | 81080 | PHP 5.4.x < 5.4.37 Multiple Vulnerabilities | ||||
| High | 7.3 | 3.6 | 85298 | PHP 5.4.x < 5.4.44 Multiple Vulnerabilities | ||||
| High | 7.3 | 6.7 | 85885 | PHP 5.4.x < 5.4.45 Multiple Vulnerabilities | ||||
| High | 7.5* | 7.4 | 78515 | Drupal Database Abstraction API SQLi | ||||
| High | 9.3* | - | 67260 | PHP 5.4.x < 5.4.17 Buffer Overflow | ||||
| High | 7.5* | 6.7 | 71427 | PHP 5.4.x < 5.4.23 OpenSSL openssl_x509_parse() Memory Corruption | ||||
| High | 7.2* | 6.7 | 73862 | PHP 5.4.x < 5.4.28 FPM Unix Socket Insecure Permission Escalation | ||||
| High | 7.5* | 5.9 | 76281 | PHP 5.4.x < 5.4.30 Multiple Vulnerabilities | ||||
| High | 7.5* | 6.7 | 78545 | PHP 5.4.x < 5.4.34 Multiple Vulnerabilities | ||||
| High | 7.5* | 6.6 | 80330 | PHP 5.4.x < 5.4.36 'process_nested_data' RCE | ||||
| Medium | 6.5 | - | 51192 | SSL Certificate Cannot Be Trusted | ||||
| Medium | 6.5 | - | 57582 | SSL Self-Signed Certificate | ||||
| Medium | 6.5 | - | 104743 | TLS Version 1.0 Protocol Detection | ||||
| Medium | 6.5 | - | 157288 | TLS Version 1.1 Protocol Deprecated | ||||
| Medium | 5.9 | 6.7 | 187315 | SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) | ||||
| Medium | 5.3 | - | 40984 | Browsable Web Directories | ||||
| Medium | 5.3 | 2.2 | 64993 | PHP 5.4.x < 5.4.12 Information Disclosure | ||||
| Medium | 5.3 | - | 152853 | PHP < 7.3.28 Email Header Injection | ||||
| Medium | 5.3 | - | 57608 | SMB Signing not required | ||||
| Medium | 5.0* | 3.6 | 66843 | PHP 5.4.x < 5.4.16 Multiple Vulnerabilities | ||||
| Medium | 5.0* | 4.4 | 71927 | PHP 5.4.x < 5.4.24 Multiple Vulnerabilities | ||||
| Medium | 5.0* | 3.6 | 72881 | PHP 5.4.x < 5.4.26 Multiple Vulnerabilities | ||||
| Medium | 5.0* | 4.2 | 73338 | PHP 5.4.x < 5.4.27 awk Magic Parsing BEGIN DoS | ||||
| Medium | 5.0* | 3.6 | 74291 | PHP 5.4.x < 5.4.29 'src/cdf.c' Multiple Vulnerabilities | ||||
| Medium | 6.8* | 5.9 | 77402 | PHP 5.4.x < 5.4.32 Multiple Vulnerabilities | ||||
| Medium | 5.0* | 3.6 | 79246 | PHP 5.4.x < 5.4.35 'donote' DoS | ||||
| Medium | 5.0* | - | 46803 | PHP expose_php Information Disclosure | ||||
| Medium | 4.3* | - | 90317 | SSH Weak Algorithms Supported | ||||
| Medium | 5.0* | - | 57640 | Web Application Information Disclosure | ||||
| Medium | 4.3* | - | 85582 | Web Application Potentially Vulnerable to Clickjacking | ||||
| Low | 3.7 | 3.6 | 70658 | SSH Server CBC Mode Ciphers Enabled | ||||
| Low | 3.7 | - | 153953 | SSH Weak Key Exchange Algorithms Enabled | ||||
| Low | 2.6* | - | 76791 | PHP 5.4.x < 5.4.31 CLI Server 'header' DoS | ||||
| Low | 2.6* | - | 71049 | SSH Weak MAC Algorithms Enabled | ||||
| Low | N/A | - | 42057 | Web Server Allows Password Auto-Completion | ||||
| Low | 2.6* | - | 26194 | Web Server Transmits Cleartext Credentials | ||||
| Info | N/A | - | 10114 | ICMP Timestamp Request Remote Date Disclosure | ||||
| Info | N/A | - | 10223 | RPC portmapper Service Detection | ||||
| Info | N/A | - | 18261 | Apache Banner Linux Distribution Disclosure | ||||
| Info | N/A | - | 48204 | Apache HTTP Server Version | ||||
| Info | N/A | - | 39520 | Backported Security Patch Detection (SSH) | ||||
| Info | N/A | - | 39521 | Backported Security Patch Detection (WWW) | ||||
| Info | N/A | - | 47830 | CGI Generic Injectable Parameter | ||||
| Info | N/A | - | 33817 | CGI Generic Tests Load Estimation (all tests) | ||||
| Info | N/A | - | 39470 | CGI Generic Tests Timeout | ||||
| Info | N/A | - | 45590 | Common Platform Enumeration (CPE) | ||||
| Info | N/A | - | 54615 | Device Type | ||||
| Info | N/A | - | 18638 | Drupal Software Detection | ||||
| Info | N/A | - | 19689 | Embedded Web Server Detection | ||||
| Info | N/A | - | 35716 | Ethernet Card Manufacturer Detection | ||||
| Info | N/A | - | 86420 | Ethernet MAC Addresses | ||||
| Info | N/A | - | 49704 | External URLs | ||||
| Info | N/A | - | 10092 | FTP Server Detection | ||||
| Info | N/A | - | 69826 | HTTP Cookie 'secure' Property Transport Mismatch | ||||
| Info | N/A | - | 43111 | HTTP Methods Allowed (per directory) | ||||
| Info | N/A | - | 10107 | HTTP Server Type and Version | ||||
| Info | N/A | - | 24260 | HyperText Transfer Protocol (HTTP) Information | ||||
| Info | N/A | - | 11156 | IRC Daemon Version Detection | ||||
| Info | N/A | - | 17651 | Microsoft Windows SMB : Obtains the Password Policy | ||||
| Info | N/A | - | 10859 | Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration | ||||
| Info | N/A | - | 10785 | Microsoft Windows SMB NativeLanManager Remote System Information Disclosure | ||||
| Info | N/A | - | 11011 | Microsoft Windows SMB Service Detection | ||||
| Info | N/A | - | 60119 | Microsoft Windows SMB Share Permissions Enumeration | ||||
| Info | N/A | - | 10395 | Microsoft Windows SMB Shares Enumeration | ||||
| Info | N/A | - | 100871 | Microsoft Windows SMB Versions Supported (remote check) | ||||
| Info | N/A | - | 106716 | Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check) | ||||
| Info | N/A | - | 50344 | Missing or Permissive Content-Security-Policy frame-ancestors HTTP Response Header | ||||
| Info | N/A | - | 50345 | Missing or Permissive X-Frame-Options HTTP Response Header | ||||
| Info | N/A | - | 11219 | Nessus SYN scanner | ||||
| Info | N/A | - | 19506 | Nessus Scan Information | ||||
| Info | N/A | - | 11936 | OS Identification | ||||
| Info | N/A | - | 117886 | OS Security Patch Assessment Not Available | ||||
| Info | N/A | - | 181418 | OpenSSH Detection | ||||
| Info | N/A | - | 48243 | PHP Version Detection | ||||
| Info | N/A | - | 66334 | Patch Report | ||||
| Info | N/A | - | 11111 | RPC Services Enumeration | ||||
| Info | N/A | - | 53335 | RPC portmapper (TCP) | ||||
| Info | N/A | - | 10860 | SMB Use Host SID to Enumerate Local Users | ||||
| Info | N/A | - | 70657 | SSH Algorithms and Languages Supported | ||||
| Info | N/A | - | 149334 | SSH Password Authentication Accepted | ||||
| Info | N/A | - | 10881 | SSH Protocol Versions Supported | ||||
| Info | N/A | - | 153588 | SSH SHA-1 HMAC Algorithms Enabled | ||||
| Info | N/A | - | 10267 | SSH Server Type and Version Information | ||||
| Info | N/A | - | 56984 | SSL / TLS Versions Supported | ||||
| Info | N/A | - | 10863 | SSL Certificate Information | ||||
| Info | N/A | - | 70544 | SSL Cipher Block Chaining Cipher Suites Supported | ||||
| Info | N/A | - | 21643 | SSL Cipher Suites Supported | ||||
| Info | N/A | - | 156899 | SSL/TLS Recommended Cipher Suites | ||||
| Info | N/A | - | 25240 | Samba Server Detection | ||||
| Info | N/A | - | 104887 | Samba Version | ||||
| Info | N/A | - | 96982 | Server Message Block (SMB) Protocol Version 1 Enabled (uncredentialed check) | ||||
| Info | N/A | - | 22964 | Service Detection | ||||
| Info | N/A | - | 17975 | Service Detection (GET request) | ||||
| Info | N/A | - | 25220 | TCP/IP Timestamps Supported | ||||
| Info | N/A | - | 121010 | TLS Version 1.1 Protocol Detection | ||||
| Info | N/A | - | 110723 | Target Credential Status by Authentication Protocol - No Credentials Provided | ||||
| Info | N/A | - | 10287 | Traceroute Information | ||||
| Info | N/A | - | 66293 | Unix Operating System on Extended Support | ||||
| Info | N/A | - | 20094 | VMware Virtual Machine Detection | ||||
| Info | N/A | - | 135860 | WMI Not Available | ||||
| Info | N/A | - | 85601 | Web Application Cookies Not Marked HttpOnly | ||||
| Info | N/A | - | 85602 | Web Application Cookies Not Marked Secure | ||||
| Info | N/A | - | 40773 | Web Application Potentially Sensitive CGI Parameter Detection | ||||
| Info | N/A | - | 91815 | Web Application Sitemap | ||||
| Info | N/A | - | 20108 | Web Server / Application favicon.ico Vendor Fingerprinting | ||||
| Info | N/A | - | 11032 | Web Server Directory Enumeration | ||||
| Info | N/A | - | 10662 | Web mirroring | ||||
| Info | N/A | - | 24004 | WebDAV Directory Enumeration | ||||
| Info | N/A | - | 10150 | Windows NetBIOS / SMB Remote Host Information Disclosure | ||||
| Info | N/A | - | 66717 | mDNS Detection (Local Network) | ||||
| Info | N/A | - | 17219 | phpMyAdmin Detection | ||||