[Linux-cluster] Trace & Track and Weak SSL ciphers vulnerabilities

Mon, 09 Feb 2009 07:50:26 -0800 

Hi,

Sorry that this is off-topic but the Nessus scan gave 2 Nessus scan
results which have been bugging us a while.

It appeared on Wintel platforms too & when my Wintel colleague tried
to disable it, it disabled the webservice or a certain application.

Anyone has any idea on how to address them without affecting the service

================================================
Vulnerability # 1 :

interwise (7778/tcp)

Synopsis :

Debugging functions are enabled on the remote web server.


Description :

The remote webserver supports the TRACE and/or TRACK methods. TRACE
and TRACK are HTTP methods which are used to debug web server
connections.

In addition, it has been shown that servers supporting the TRACE
method are subject to cross-site scripting attacks, dubbed XST for
"Cross-Site Tracing", when used in conjunction with various weaknesses
in browsers. An attacker may use this flaw to trick your legitimate
web users to give him their credentials.


See Also :

http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
http://www.apacheweek.com/issues/03-01-24
http://www.kb.cert.org/vuls/id/867593


Solution:

Disable these methods.


Risk Factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

======================================================

 Vulnerability # 2 :

csd-mgmt-port (3071/tcp)

Synopsis :

The remote service supports the use of weak SSL ciphers.


Description :

The remote host supports the use of SSL ciphers that offer either weak
encryption or no encryption at all.


See Also :

http://www.openssl.org/docs/apps/ciphers.html


Solution:

Reconfigure the affected application if possible to avoid use of weak
ciphers.


Risk Factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)


Plugin output :

Here is the list of weak SSL ciphers supported by the remote server :

Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

--
Linux-cluster mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-cluster

Reply via email to