Website Vulnerability Scanner Report (Light)

See what the FULL scanner can do

Perform in-depth website scanning and discover high risk vulnerabilities.

Testi n g areas Li gh t scan Fu l l scan

Website fingerprinting  
Version-based vulnerability detection  

Common configuration issues  

SQL injection  

Cross-Site Scripting  
Local/Remote File Inclusion  

Remote command execution  

Discovery of sensitive files  

Get a PR O Accou n t to u n l ock th e fu l l cap ab i l i ti es of th i s scan n er!

 http://213.55.83.154/

Summary

Ov erall risk lev el: Risk rat ings: Scan informat ion:
H igh High: 2 Start time: 2019-09-20 18:35:12 UTC+03
Medium: 2 Finish time: 2019-09-20 18:35:33 UTC+03

Low: 1 Scan duration: 21 sec

Info: 5 Tests performed: 10/10

Scan status: Finished

Findings

 Vulnerabilities found for server-side software

Ris k A ffe c te d
C VS S C VE S umma ry E xploit
Le ve l s oftwa re

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or
prefork, code executing in less-privileged child processes or threads (including
http_server
 7.2 CVE-2019-0211 scripts executed by an in-process scripting interpreter) could execute arbitrary N/A
2.4.29
code with the privileges of the parent process (usually root) by manipulating the
scoreboard. Non-Unix systems are not affected.

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication

challenge, the nonce sent to prevent reply attacks was not correctly generated
http_server
 6.8 CVE-2018-1312 using a pseudo-random seed. In a cluster of servers using a common Digest N/A
2.4.29
authentication configuration, HTTP requests could be replayed across servers by
an attacker without detection.

1/4
 In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a
newline character in a malicious filename, rather than matching only the end of
http_server
 6.8 CVE-2017-15715 the filename. This could be exploited in environments where uploads of some N/A
2.4.29
files are are externally blocked, but only by matching the trailing portion of the
filename.

HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with
"H2PushResource", could lead to an overwrite of memory in the pushing http_server
 5 CVE-2019-10081 N/A
request's pool, leading to crashes. The memory copied is that of the configured 2.4.29
push link header values, not data supplied by the client.

In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the
session expiry time before decoding the session. This causes session expiry time http_server
 5.0 CVE-2018-17199 N/A
to be ignored for mod_session_cookie sessions since the expiry time is loaded 2.4.29
when the session is decoded.

 Details

Ris k de s c ription:
These vulnerabilities expose the affected applications to the risk of unauthorized access to confidential data and possibly to denial of service
attacks. An attacker could search for an appropriate exploit (or create one himself) for any of these vulnerabilities and use it to attack the
system.

Re c omme nda tion:

We recommend you to upgrade the affected software to the latest version in order to eliminate the risk of these vulnerabilities.

 Passwords are submitted unencrypted over the network

Login form: http://213.55.83.154/auth/login

 Details

Ris k de s c ription:
An attacker could intercept the communication between the web browser and the server and he could retrieve the clear-text authentication
credentials.

Re c omme nda tion:

We recommend you to reconfigure the web server to use HTTPS - which encrypts the communication between the web browser and the server.
This way, the attacker will not be able to obtain the clear-text passwords, even though he manages to intercept the network communication.

 Insecure HTTP cookies

C ookie Na me Fla g s mis s ing

_ambo_erp_session Secure

 Details

Ris k de s c ription:
Since the Secure flag is not set on the cookie, the browser will send it over an unencrypted channel (plain HTTP) if such a request is made.
Thus, the risk exists that an attacker will intercept the clear-text communication between the browser and the server and he will steal the cookie
of the user. If this is a session cookie, the attacker could gain unauthorized access to the victim's web session.

Re c omme nda tion:

We recommend reconfiguring the web server in order to set the flag(s) Secure to all sensitive cookies.

More information about this issue:

https://blog.dareboost.com/en/2016/12/secure-cookies-secure-httponly-flags/.

 Communication is not secure

http://213.55.83.154/auth/login

 Details

Ris k de s c ription:
The communication between the web browser and the server is done using the HTTP protocol, which transmits data unencrypted over the
network. Thus, an attacker who manages to intercept the communication at the network level, is able to read and modify the data transmitted

2/4
 (including passwords, secret tokens, credit card information and other sensitive data).

Re c omme nda tion:

We recommend you to reconfigure the web server to use HTTPS - which encrypts the communication between the web browser and the server.

 Server software and technology found

S oftwa re / Ve rs ion C a te g ory

Ubuntu Operating Systems

Apache 2.4.29 Web Servers

Phusion Passenger Web Servers

Ruby on Rails 6.0.2 Web Frameworks

DataTables JavaScript Frameworks

Moment.js JavaScript Frameworks

Select2 JavaScript Frameworks

jQuery JavaScript Frameworks

jQuery UI JavaScript Frameworks

 Details

Ris k de s c ription:
An attacker could use this information to mount specific attacks against the identified software type and version.

Re c omme nda tion:

We recommend you to eliminate the information which permit the identification of software platform, technology, server and operating system:
HTTP server headers, HTML meta information, etc.

More information about this issue:

https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002).

 HTTP security headers are properly configured

 Robots.txt file not found

 No security issue found regarding client access policies

 Directory listing not found (quick scan)

 Password auto-complete is disabled

3/4
Scan coverage information

List of tests performed (10/ 10)

 Fingerprinting the server software and technology...
 Checking for vulnerabilities of server-side software...
 Analyzing the security of HTTP cookies...
 Analyzing HTTP security headers...
 Checking for secure communication...
 Checking robots.txt file...
 Checking client access policies...
 Checking for directory listing (quick scan)...
 Checking for password auto-complete (quick scan)...
 Checking for clear-text submission of passwords (quick scan)...

Scan parameters
Website URL: http://213.55.83.154/
Scan type: Light
Authentication: False

4/4