Vulnerability Scan Result

Vulnerability description

We noticed known vulnerabilities in the target application based on the server responses. They are usually related to outdated systems and expose the affected applications to the risk of unauthorized access to confidential data and possibly denial of service attacks. Depending on the system distribution the affected software can be patched but displays the same version, requiring manual checking.

Recommendation

In order to eliminate the risk of these vulnerabilities, we recommend you check the installed software version and upgrade to the latest version.

Vulnerability description

We noticed that the target application's server responses lack the <code>X-Content-Type-Options</code> header. This header is particularly important for preventing Internet Explorer from reinterpreting the content of a web page (MIME-sniffing) and thus overriding the value of the Content-Type header.

Recommendation

We recommend setting the X-Content-Type-Options header such as `X-Content-Type-Options: nosniff`.

Vulnerability description

We noticed that the target application lacks the Content-Security-Policy (CSP) header in its HTTP responses. The CSP header is a security measure that instructs web browsers to enforce specific security rules, effectively preventing the exploitation of Cross-Site Scripting (XSS) vulnerabilities.

Recommendation

Configure the Content-Security-Header to be sent with each HTTP response in order to apply the specific policies needed by the application.

Vulnerability description

We noticed that the target application's server responses lack the <code>Referrer-Policy</code> HTTP header, which controls how much referrer information the browser will send with each request originated from the current web application.

Recommendation

The Referrer-Policy header should be configured on the server side to avoid user tracking and inadvertent information leakage. The value `no-referrer` of this header instructs the browser to omit the Referer header entirely.

Vulnerability description

We noticed that the target application lacks the HTTP Strict-Transport-Security header in its responses. This security header is crucial as it instructs browsers to only establish secure (HTTPS) connections with the web server and reject any HTTP connections.

Recommendation

The Strict-Transport-Security HTTP header should be sent with each HTTPS response. The syntax is as follows: `Strict-Transport-Security: max-age=&lt;seconds>[; includeSubDomains]` The parameter `max-age` gives the time frame for requirement of HTTPS in seconds and should be chosen quite high, e.g. several months. A value below 7776000 is considered as too low by this scanner check. The flag `includeSubDomains` defines that the policy applies also for sub domains of the sender of the response.

Vulnerability description

We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.

Recommendation

We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.

Vulnerability description

Website is accessible.

Vulnerability description

We have noticed that the server is missing the security.txt file, which is considered a good practice for web security. It provides a standardized way for security researchers and the public to report security vulnerabilities or concerns by outlining the preferred method of contact and reporting procedures.

Recommendation

We recommend you to implement the security.txt file according to the standard, in order to allow researchers or users report any security issues they find, improving the defensive mechanisms of your server.

Vulnerability description

We have noticed that the webserver responded with an Allow HTTP header when an OPTIONS HTTP request was sent. This method responds to requests by providing information about the methods available for the target resource.

Recommendation

We recommend that you check for unused HTTP methods or even better, disable the OPTIONS method. This can be done using your webserver configuration.

Vulnerability description

We found that the Windows Server Message Blocks (SMB) service is publicly accessible. The Server Message Block (SMB) protocol facilitates services like file and print sharing on systems. Older SMB protocol versions operate through NetBIOS to enable application-layer networking for devices within Windows operating systems, including communication with printers and serial ports.

Recommendation

We recommend turning off SMB access over the Internet and instead using a Virtual Private Network (VPN) that mandates two-factor authentication (2FA). Avoid permitting direct user authentication to Active Directory over the Internet to prevent attackers from engaging in password guessing or causing the lockout of legitimate domain user accounts. If the SMB service is essential for business purposes, we recommend limiting access only from designated IP addresses using a firewall.

Vulnerability description

We found that the Windows Server Message Blocks (SMB) service is publicly accessible. The Server Message Block (SMB) protocol facilitates services like file and print sharing on systems. Older SMB protocol versions operate through NetBIOS to enable application-layer networking for devices within Windows operating systems, including communication with printers and serial ports.

Recommendation

We recommend turning off SMB access over the Internet and instead using a Virtual Private Network (VPN) that mandates two-factor authentication (2FA). Avoid permitting direct user authentication to Active Directory over the Internet to prevent attackers from engaging in password guessing or causing the lockout of legitimate domain user accounts. If the SMB service is essential for business purposes, we recommend limiting access only from designated IP addresses using a firewall.

Vulnerability description

Vulnerabilities found for IIS 8.5

Recommendation

We recommend you to upgrade the affected software to the latest version in order to eliminate the risks imposed by these vulnerabilities.

Vulnerability description

Vulnerabilities found for jQuery 1.7.1

Recommendation

We recommend you to upgrade the affected software to the latest version in order to eliminate the risks imposed by these vulnerabilities.

Vulnerability description

We found that the Windows Remote Procedure Call (RPC) service is publicly accessible. RPC is a protocol that one program can use to request a service from a program located on another computer in a network.

Recommendation

We recommend turning off RPC access over the Internet and instead using a Virtual Private Network (VPN) that mandates two-factor authentication (2FA). If the RPC service is essential for business purposes, we recommend limiting access only from designated IP addresses using a firewall.

Vulnerability description

We found that the Windows Remote Procedure Call (RPC) service is publicly accessible. RPC is a protocol that one program can use to request a service from a program located on another computer in a network.

Recommendation

We recommend turning off RPC access over the Internet and instead using a Virtual Private Network (VPN) that mandates two-factor authentication (2FA). If the RPC service is essential for business purposes, we recommend limiting access only from designated IP addresses using a firewall.

Vulnerability description

We found that the Windows Remote Procedure Call (RPC) service is publicly accessible. RPC is a protocol that one program can use to request a service from a program located on another computer in a network.

Recommendation

We recommend turning off RPC access over the Internet and instead using a Virtual Private Network (VPN) that mandates two-factor authentication (2FA). If the RPC service is essential for business purposes, we recommend limiting access only from designated IP addresses using a firewall.

Vulnerability description

We found that the Windows Remote Procedure Call (RPC) service is publicly accessible. RPC is a protocol that one program can use to request a service from a program located on another computer in a network.

Recommendation

We recommend turning off RPC access over the Internet and instead using a Virtual Private Network (VPN) that mandates two-factor authentication (2FA). If the RPC service is essential for business purposes, we recommend limiting access only from designated IP addresses using a firewall.

Vulnerability description

We found that the Windows Remote Procedure Call (RPC) service is publicly accessible. RPC is a protocol that one program can use to request a service from a program located on another computer in a network.

Recommendation

We recommend turning off RPC access over the Internet and instead using a Virtual Private Network (VPN) that mandates two-factor authentication (2FA). If the RPC service is essential for business purposes, we recommend limiting access only from designated IP addresses using a firewall.

Vulnerability description

We found that the Windows Remote Procedure Call (RPC) service is publicly accessible. RPC is a protocol that one program can use to request a service from a program located on another computer in a network.

Recommendation

We recommend turning off RPC access over the Internet and instead using a Virtual Private Network (VPN) that mandates two-factor authentication (2FA). If the RPC service is essential for business purposes, we recommend limiting access only from designated IP addresses using a firewall.

Vulnerability description

We found that the Windows Remote Procedure Call (RPC) service is publicly accessible. RPC is a protocol that one program can use to request a service from a program located on another computer in a network.

Recommendation

We recommend turning off RPC access over the Internet and instead using a Virtual Private Network (VPN) that mandates two-factor authentication (2FA). If the RPC service is essential for business purposes, we recommend limiting access only from designated IP addresses using a firewall.

Recommendation

To mitigate the risks associated with end-of-life (EOL) software, it's crucial to take proactive steps. Start by identifying any EOL software currently in use within your organization. Once identified, prioritize upgrading or replacing these applications with supported versions that receive regular updates and security patches. This not only helps close security gaps but also ensures better compatibility with newer technologies, enhancing overall system efficiency and reliability.Additionally, develop a comprehensive software lifecycle management plan. This plan should include regular audits to identify upcoming EOL dates and a schedule for timely updates or replacements. Train your IT staff and users about the importance of keeping software up to date and the risks associated with using outdated versions. By maintaining a proactive approach to software management, you can significantly reduce security risks, ensure compliance with industry regulations, and protect your organization's reputation and customer trust.

Recommendation

We recommend reviewing all DNS records associated with the domain and identifying and removing unused or obsolete records.

Vulnerability description

OS Detection

Recommendation

Vulnerability checks are skipped for ports that redirect to another port. We recommend scanning the redirected port directly.

Vulnerability description

We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.

Recommendation

We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.