主机分析: 6 6*********
主机地址 端口/服务 服务漏洞
v unknown (3306/tcp) 发现安全提示
6********* ssh (22/tcp) 发现安全提示
6********* www (80/tcp) 发现安全漏洞
6********* chargen (19/tcp) 发现安全提示
6********* daytime (13/tcp) 发现安全提示
6********* cmd (514/tcp) 发现安全提示
6********* echo (7/tcp) 发现安全提示
6********* discard (9/tcp) 发现安全提示
6********* snmp (161/udp) 发现安全漏洞
安全漏洞及解决方案: 6*********
类型 端口/服务 安全漏洞及解决方案
提示 unknown (3306/tcp) Maybe the "MySql" service running on this port.
NESSUS_ID : 10330
提示 ssh (22/tcp) A ssh server is running on this port
NESSUS_ID : 10330
提示 ssh (22/tcp) Remote SSH version : SSH-2.0-Sun_SSH_1.0
NESSUS_ID : 10267
漏洞 www (80/tcp)
The remote host is running PHP 4.3.0
There is a flaw in this version which may allow
an attacker to execute arbitrary PHP code on this
host.
Solution : Upgrade to PHP 4.3.1
Risk factor : High
CVE_ID : CAN-2003-0097
NESSUS_ID : 11237
提示 www (80/tcp) A web server is running on this port
NESSUS_ID : 10330
提示 www (80/tcp) The following directories were discovered:
/cgi-bin, /help, /icons, /img, /manual, /stat, /temp, /usage
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
NESSUS_ID : 11032
提示 www (80/tcp) The following CGI have been discovered :
Syntax : cginame (arguments [default value])
/cai/searnch.php (submit [提交查询] key [] )
/shige/searnch.php (submit [提交查询] key [] )
NESSUS_ID : 10662
提示 www (80/tcp) This web server was fingerprinted as Apache/2.0.4x with DAV/2 on Linux
which is consistent with the displayed banner: Apache/2.0.46 (Unix) DAV/2 PHP/4.3.0
NESSUS_ID : 11919
提示 www (80/tcp) The remote web server type is :
Apache/2.0.46 (Unix) DAV/2 PHP/4.3.0
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
NESSUS_ID : 10107
提示 chargen (19/tcp) Chargen is running on this port
NESSUS_ID : 10330
提示 daytime (13/tcp) Maybe the "daytime" service running on this port.
Here is its banner:
46 72 69 20 4e 6f 76 20 32 36 20 32 33 3a 32 30 Fri Nov 26 23:20
3a 34 36 20 32 30 30 34 0a 0d :46 2004
NESSUS_ID : 10330
提示 cmd (514/tcp) Maybe the "cmd" service running on this port.
NESSUS_ID : 10330
提示 echo (7/tcp) An echo server is running on this port
NESSUS_ID : 10330
提示 discard (9/tcp) Maybe the "discard" service running on this port.
NESSUS_ID : 10330
漏洞 snmp (161/udp)
SNMP Agent responded as expected with community name: public
CVE_ID : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254, CAN-1999-0516
BUGTRAQ_ID : 177, 7081, 7212, 7317, 9681
NESSUS_ID : 10264
Other references : IAVA:2001-B-0001
提示 snmp (161/udp) Using SNMP, we could determine that the remote operating system is :
Sun SNMP Agent, Sun-Fire-880
NESSUS_ID : 10800
高手解答一下谢拉 |
