Scan Report

September 7, 2022

Summary
This document reports on the results of an automatic security scan. All dates are dis-
played using the timezone Coordinated Universal Time, which is abbreviated UTC. The
task was 63183e5e9156e4d26a7871f4-63183e5e9156e4d26a787238. The scan started at Wed
Sep 7 06:47:37 2022 UTC and ended at Wed Sep 7 07:15:07 2022 UTC. The report rst sum-
marises the results found. Then, for each host, the report describes every issue found. Please
consider the advice given in each description, in order to rectify the issue.

Contents

1 Result Overview 2

2 Results per Host 2

2.1 169.62.185.109 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1.1 Log 80/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1.2 Log general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.3 Log 443/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

1
2 RESULTS PER HOST 2

1 Result Overview

Host High Medium Low Log False Positive

169.62.185.109 0 0 0 23 0
Total: 1 0 0 0 23 0

Vendor security updates are not trusted.

Overrides are o. Even when a result has an override, this report uses the actual threat of the
result.
Information on overrides is included in the report.
Notes are included in the report.
This report might not show details of all issues that were found.
Only results with a minimum QoD of 70 are shown.

This report contains all 23 results selected by the ltering described above. Before ltering
there were 25 results.

2 Results per Host

2.1 169.62.185.109

Host scan start Wed Sep 7 06:48:30 2022 UTC

Host scan end Wed Sep 7 07:14:59 2022 UTC

Service (Port) Threat Level

80/tcp Log
general/tcp Log
443/tcp Log

2.1.1 Log 80/tcp

Log (CVSS: 0.0)

NVT: CGI Scanning Consolidation

Summary
The script consolidates various information for CGI scanning.
This information is based on the following scripts / settings:
- HTTP-Version Detection (OID: 1.3.6.1.4.1.25623.1.0.100034)
- No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)
- Web mirroring / webmirror.nasl (OID: 1.3.6.1.4.1.25623.1.0.10662)
- Directory Scanner / DDI_Directory_Scanner.nasl (OID: 1.3.6.1.4.1.25623.1.0.11032)
- The congured 'cgi_path' within the 'Scanner Preferences' of the scan cong in use
. . . continues on next page . . .
2 RESULTS PER HOST 3

. . . continued from previous page . . .

- The congured 'Enable CGI scanning', 'Enable generic web application scanning' and 'Add
historic /scripts and /cgi-bin to directories for CGI scanning' within the 'Global variable settings'
of the scan cong in use
If you think any of this information is wrong please report it to the referenced community portal.

Vulnerability Detection Result

The Hostname/IP "169.62.185.109" was used to access the remote host.
Generic web application scanning is disabled for this host via the "Enable gener
,→ic web application scanning" option within the "Global variable settings" of t
,→he scan config in use.
Requests to this service are done via HTTP/1.1.
This service seems to be able to host PHP scripts.
This service seems to be able to host ASP scripts.
The User-Agent "Mozilla/5.0 [en] (X11, U; OpenVAS-VT 21.4.3)" was used to access
,→ the remote host.
Historic /scripts and /cgi-bin are not added to the directories used for CGI sca
,→nning. You can enable this again with the "Add historic /scripts and /cgi-bin
,→to directories for CGI scanning" option within the "Global variable settings"
,→of the scan config in use.
The following directories were used for CGI scanning:
http://169.62.185.109/
While this is not, in and of itself, a bug, you should manually inspect these di
,→rectories to ensure that they are in compliance with company security standard
,→s

Solution:

Log Method
Details: CGI Scanning Consolidation
OID:1.3.6.1.4.1.25623.1.0.111038
Version used: 2022-08-26T10:12:16Z

References
url: https://community.greenbone.net/c/vulnerability-tests

Log (CVSS: 0.0)

NVT: HTTP Security Headers Detection

Summary
All known security headers are being checked on the remote web server.
On completion a report will hand back whether a specic security header has been implemented
(including its value and if it is deprecated) or is missing on the target.

Vulnerability Detection Result

Missing Headers | More Information
--------------------------------------------------------------------------------
. . . continues on next page . . .
2 RESULTS PER HOST 4

. . . continued from previous page . . .

,→------------------------------------------------------------------------------
,→------------------------------------------------
Content-Security-Policy | https://owasp.org/www-project-secure-headers
,→/#content-security-policy
Cross-Origin-Embedder-Policy | https://scotthelme.co.uk/coop-and-coep/, Not
,→e: This is an upcoming header
Cross-Origin-Opener-Policy | https://scotthelme.co.uk/coop-and-coep/, Not
,→e: This is an upcoming header
Cross-Origin-Resource-Policy | https://scotthelme.co.uk/coop-and-coep/, Not
,→e: This is an upcoming header
Document-Policy | https://w3c.github.io/webappsec-feature-poli
,→cy/document-policy#document-policy-http-header
Feature-Policy | https://owasp.org/www-project-secure-headers
,→/#feature-policy, Note: The Feature Policy header has been renamed to Permissi
,→ons Policy
Permissions-Policy | https://w3c.github.io/webappsec-feature-poli
,→cy/#permissions-policy-http-header-field
Referrer-Policy | https://owasp.org/www-project-secure-headers
,→/#referrer-policy
Sec-Fetch-Dest | https://developer.mozilla.org/en-US/docs/Web
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-Mode | https://developer.mozilla.org/en-US/docs/Web
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-Site | https://developer.mozilla.org/en-US/docs/Web
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-User | https://developer.mozilla.org/en-US/docs/Web
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
X-Content-Type-Options | https://owasp.org/www-project-secure-headers
,→/#x-content-type-options
X-Frame-Options | https://owasp.org/www-project-secure-headers
,→/#x-frame-options
X-Permitted-Cross-Domain-Policies | https://owasp.org/www-project-secure-headers
,→/#x-permitted-cross-domain-policies
X-XSS-Protection | https://owasp.org/www-project-secure-headers
,→/#x-xss-protection, Note: Most major browsers have dropped / deprecated suppor
,→t for this header in 2020.

Solution:

Log Method
Details: HTTP Security Headers Detection
OID:1.3.6.1.4.1.25623.1.0.112081
. . . continues on next page . . .
2 RESULTS PER HOST 5

. . . continued from previous page . . .

Version used: 2021-07-14T06:19:43Z

References
url: https://owasp.org/www-project-secure-headers/
url: https://owasp.org/www-project-secure-headers/#div-headers
url: https://securityheaders.com/

Log (CVSS: 0.0)

NVT: Response Time / No 404 Error Code Check

Summary
This VT tests if the remote web server does not reply with a 404 error code and checks if it is
replying to the scanners requests in a reasonable amount of time.

Vulnerability Detection Result

The host returns a 30x (e.g. 301) error code when a non-existent file is request
,→ed. Some HTTP-related checks have been disabled.

Solution:

Vulnerability Insight
This web server might show the following issues:
- it is [mis]congured in that it does not return '404 Not Found' error codes when a non-existent
le is requested, perhaps returning a site map, search page, authentication page or redirect
instead.
The Scanner might enabled some counter measures for that, however they might be insucient.
If a great number of security issues are reported for this port, they might not all be accurate.
- it doesn't response in a reasonable amount of time to various HTTP requests sent by this VT.
In order to keep the scan total time to a reasonable amount, the remote web server might not be
tested. If the remote server should be tested it has to be xed to have it reply to the scanners
requests in a reasonable amount of time.
Alternatively the 'Maximum response time (in seconds)' preference could be raised to a higher
value if longer scan times are accepted.

Log Method
Details: Response Time / No 404 Error Code Check
OID:1.3.6.1.4.1.25623.1.0.10386
Version used: 2020-11-27T13:32:50Z

Log (CVSS: 0.0)

NVT: Services

Summary
. . . continues on next page . . .
2 RESULTS PER HOST 6

. . . continued from previous page . . .

This routine attempts to guess which service is running on the remote ports. For instance, it
searches for a web server which could listen on another port than 80 or 443 and makes this
information available for other check routines.

Vulnerability Detection Result

A web server is running on this port

Solution:

Log Method
Details: Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: 2021-03-15T10:42:03Z

[ return to 169.62.185.109 ]

2.1.2 Log general/tcp

Log (CVSS: 0.0)

NVT: Hostname Determination Reporting

Summary
The script reports information on how the hostname of the target was determined.

Vulnerability Detection Result

Hostname determination for IP 169.62.185.109:
Hostname|Source
169.62.185.109|IP-address

Solution:

Log Method
Details: Hostname Determination Reporting
OID:1.3.6.1.4.1.25623.1.0.108449
Version used: 2022-07-27T10:11:28Z

Log (CVSS: 0.0)

NVT: Hostname Determination Reporting

Summary
The script reports information on how the hostname of the target was determined.

Vulnerability Detection Result

. . . continues on next page . . .
2 RESULTS PER HOST 7

. . . continued from previous page . . .

Hostname determination for IP 169.62.185.109:
Hostname|Source
169.62.185.109|IP-address

Solution:

Log Method
Details: Hostname Determination Reporting
OID:1.3.6.1.4.1.25623.1.0.108449
Version used: 2022-07-27T10:11:28Z

Log (CVSS: 0.0)

NVT: OS Detection Consolidation and Reporting

Summary
This script consolidates the OS information detected by several VTs and tries to nd the best
matching OS.
Furthermore it reports all previously collected information leading to this best matching OS. It
also reports possible additional information which might help to improve the OS detection.
If any of this information is wrong or could be improved please consider to report these to the
referenced community portal.

Vulnerability Detection Result

No Best matching OS identified. Please see the VT 'Unknown OS and Service Banner
,→ Reporting' (OID: 1.3.6.1.4.1.25623.1.0.108441) for possible ways to identify
,→this OS.

Solution:

Log Method
Details: OS Detection Consolidation and Reporting
OID:1.3.6.1.4.1.25623.1.0.105937
Version used: 2022-08-29T10:21:34Z

References
url: https://community.greenbone.net/c/vulnerability-tests

Log (CVSS: 0.0)

NVT: SSL/TLS: Hostname discovery from server certicate

Summary
It was possible to discover an additional hostname of this server from its certicate Common or
Subject Alt Name.
. . . continues on next page . . .
2 RESULTS PER HOST 8

. . . continued from previous page . . .

Vulnerability Detection Result

The following additional and resolvable hostnames pointing to a different host i
,→p were detected:
assetmanagement.grupobancolombia.com
bancainversion.grupobancolombia.com
cayman.grupobancolombia.com
factoring.grupobancolombia.com
fiduciaria.grupobancolombia.com
grupobancolombia.com
leasing.grupobancolombia.com
panama.grupobancolombia.com
puertorico.grupobancolombia.com
sucursalpanama.grupobancolombia.com
sufi.grupobancolombia.com
valores.grupobancolombia.com
valoresbanistmo.grupobancolombia.com
www.grupobancolombia.com

Solution:

Log Method
Details: SSL/TLS: Hostname discovery from server certificate
OID:1.3.6.1.4.1.25623.1.0.111010
Version used: 2021-11-22T15:32:39Z

Log (CVSS: 0.0)

NVT: Traceroute

Summary
Collect information about the network route and network distance between the scanner host and
the target host.

Vulnerability Detection Result

Network route from scanner (10.88.0.4) to target (169.62.185.109):
10.88.0.4
10.206.6.215
10.206.35.36
10.206.32.1
173.255.239.101
206.82.104.149
50.97.17.44
169.45.18.41
169.48.118.137
169.48.118.207
169.62.197.18
. . . continues on next page . . .
2 RESULTS PER HOST 9

. . . continued from previous page . . .

169.62.185.109
Network distance between scanner and target: 12

Solution:

Vulnerability Insight
For internal networks, the distances are usually small, often less than 4 hosts between scanner
and target. For public targets the distance is greater and might be 10 hosts or more.

Log Method
A combination of the protocols ICMP and TCP is used to determine the route. This method is
applicable for IPv4 only and it is also known as 'traceroute'.
Details: Traceroute
OID:1.3.6.1.4.1.25623.1.0.51662
Version used: 2021-03-12T14:25:59Z

[ return to 169.62.185.109 ]

2.1.3 Log 443/tcp

Log (CVSS: 0.0)

NVT: CGI Scanning Consolidation

Summary
The script consolidates various information for CGI scanning.
This information is based on the following scripts / settings:
- HTTP-Version Detection (OID: 1.3.6.1.4.1.25623.1.0.100034)
- No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)
- Web mirroring / webmirror.nasl (OID: 1.3.6.1.4.1.25623.1.0.10662)
- Directory Scanner / DDI_Directory_Scanner.nasl (OID: 1.3.6.1.4.1.25623.1.0.11032)
- The congured 'cgi_path' within the 'Scanner Preferences' of the scan cong in use
- The congured 'Enable CGI scanning', 'Enable generic web application scanning' and 'Add
historic /scripts and /cgi-bin to directories for CGI scanning' within the 'Global variable settings'
of the scan cong in use
If you think any of this information is wrong please report it to the referenced community portal.

Vulnerability Detection Result

The Hostname/IP "169.62.185.109" was used to access the remote host.
Generic web application scanning is disabled for this host via the "Enable gener
,→ic web application scanning" option within the "Global variable settings" of t
,→he scan config in use.
Requests to this service are done via HTTP/1.1.
This service seems to be able to host PHP scripts.
This service seems to be able to host ASP scripts.
The User-Agent "Mozilla/5.0 [en] (X11, U; OpenVAS-VT 21.4.3)" was used to access
. . . continues on next page . . .
2 RESULTS PER HOST 10

. . . continued from previous page . . .

,→ the remote host.
Historic /scripts and /cgi-bin are not added to the directories used for CGI sca
,→nning. You can enable this again with the "Add historic /scripts and /cgi-bin
,→to directories for CGI scanning" option within the "Global variable settings"
,→of the scan config in use.
The following directories were used for CGI scanning:
https://169.62.185.109/
While this is not, in and of itself, a bug, you should manually inspect these di
,→rectories to ensure that they are in compliance with company security standard
,→s

Solution:

Log Method
Details: CGI Scanning Consolidation
OID:1.3.6.1.4.1.25623.1.0.111038
Version used: 2022-08-26T10:12:16Z

References
url: https://community.greenbone.net/c/vulnerability-tests

Log (CVSS: 0.0)

NVT: HTTP Security Headers Detection

Summary
All known security headers are being checked on the remote web server.
On completion a report will hand back whether a specic security header has been implemented
(including its value and if it is deprecated) or is missing on the target.

Vulnerability Detection Result

Missing Headers | More Information
--------------------------------------------------------------------------------
,→------------------------------------------------------------------------------
,→------------------------------------------------------------------------------
,→----------
Content-Security-Policy | https://owasp.org/www-project-secure-headers
,→/#content-security-policy
Cross-Origin-Embedder-Policy | https://scotthelme.co.uk/coop-and-coep/, Not
,→e: This is an upcoming header
Cross-Origin-Opener-Policy | https://scotthelme.co.uk/coop-and-coep/, Not
,→e: This is an upcoming header
Cross-Origin-Resource-Policy | https://scotthelme.co.uk/coop-and-coep/, Not
,→e: This is an upcoming header
Document-Policy | https://w3c.github.io/webappsec-feature-poli
,→cy/document-policy#document-policy-http-header
Expect-CT | https://owasp.org/www-project-secure-headers
. . . continues on next page . . .
2 RESULTS PER HOST 11

. . . continued from previous page . . .

,→/#expect-ct, Note: This is an upcoming header
Feature-Policy | https://owasp.org/www-project-secure-headers
,→/#feature-policy, Note: The Feature Policy header has been renamed to Permissi
,→ons Policy
Permissions-Policy | https://w3c.github.io/webappsec-feature-poli
,→cy/#permissions-policy-http-header-field
Public-Key-Pins | Please check the output of the VTs including
,→ 'SSL/TLS:' and 'HPKP' in their name for more information and configuration he
,→lp. Note: Most major browsers have dropped / deprecated support for this heade
,→r in 2020.
Referrer-Policy | https://owasp.org/www-project-secure-headers
,→/#referrer-policy
Sec-Fetch-Dest | https://developer.mozilla.org/en-US/docs/Web
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-Mode | https://developer.mozilla.org/en-US/docs/Web
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-Site | https://developer.mozilla.org/en-US/docs/Web
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Sec-Fetch-User | https://developer.mozilla.org/en-US/docs/Web
,→/HTTP/Headers#fetch_metadata_request_headers, Note: This is a new header suppo
,→rted only in newer browsers like e.g. Firefox 90
Strict-Transport-Security | Please check the output of the VTs including
,→ 'SSL/TLS:' and 'HSTS' in their name for more information and configuration he
,→lp.
X-Content-Type-Options | https://owasp.org/www-project-secure-headers
,→/#x-content-type-options
X-Frame-Options | https://owasp.org/www-project-secure-headers
,→/#x-frame-options
X-Permitted-Cross-Domain-Policies | https://owasp.org/www-project-secure-headers
,→/#x-permitted-cross-domain-policies
X-XSS-Protection | https://owasp.org/www-project-secure-headers
,→/#x-xss-protection, Note: Most major browsers have dropped / deprecated suppor
,→t for this header in 2020.

Solution:

Log Method
Details: HTTP Security Headers Detection
OID:1.3.6.1.4.1.25623.1.0.112081
Version used: 2021-07-14T06:19:43Z

References
url: https://owasp.org/www-project-secure-headers/
. . . continues on next page . . .
2 RESULTS PER HOST 12

. . . continued from previous page . . .

url: https://owasp.org/www-project-secure-headers/#div-headers
url: https://securityheaders.com/

Log (CVSS: 0.0)

NVT: Response Time / No 404 Error Code Check

Summary
This VT tests if the remote web server does not reply with a 404 error code and checks if it is
replying to the scanners requests in a reasonable amount of time.

Vulnerability Detection Result

The host returns a 30x (e.g. 301) error code when a non-existent file is request
,→ed. Some HTTP-related checks have been disabled.

Solution:

Vulnerability Insight
This web server might show the following issues:
- it is [mis]congured in that it does not return '404 Not Found' error codes when a non-existent
le is requested, perhaps returning a site map, search page, authentication page or redirect
instead.
The Scanner might enabled some counter measures for that, however they might be insucient.
If a great number of security issues are reported for this port, they might not all be accurate.
- it doesn't response in a reasonable amount of time to various HTTP requests sent by this VT.
In order to keep the scan total time to a reasonable amount, the remote web server might not be
tested. If the remote server should be tested it has to be xed to have it reply to the scanners
requests in a reasonable amount of time.
Alternatively the 'Maximum response time (in seconds)' preference could be raised to a higher
value if longer scan times are accepted.

Log Method
Details: Response Time / No 404 Error Code Check
OID:1.3.6.1.4.1.25623.1.0.10386
Version used: 2020-11-27T13:32:50Z

Log (CVSS: 0.0)

NVT: Services

Summary
This routine attempts to guess which service is running on the remote ports. For instance, it
searches for a web server which could listen on another port than 80 or 443 and makes this
information available for other check routines.

Vulnerability Detection Result

. . . continues on next page . . .
2 RESULTS PER HOST 13

. . . continued from previous page . . .

A TLScustom server answered on this port

Solution:

Log Method
Details: Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: 2021-03-15T10:42:03Z

Log (CVSS: 0.0)

NVT: Services

Summary
This routine attempts to guess which service is running on the remote ports. For instance, it
searches for a web server which could listen on another port than 80 or 443 and makes this
information available for other check routines.

Vulnerability Detection Result

A web server is running on this port through SSL

Solution:

Log Method
Details: Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: 2021-03-15T10:42:03Z

Log (CVSS: 0.0)

NVT: SSL/TLS: Collect and Report Certicate Details

Summary
This script collects and reports the details of all SSL/TLS certicates.
This data will be used by other tests to verify server certicates.

Vulnerability Detection Result

The following certificate details of the remote service were collected.
Certificate details:
fingerprint (SHA-1) | 570E5AE2940945CF12174202E90160BC3D4A3F2E
fingerprint (SHA-256) | 11EB7543D434CB7E0B58BD268A09CDF402FFA541A7E885
,→75EC7FED4B13B204A6
issued by | CN=DigiCert EV RSA CA G2,O=DigiCert Inc,C=US
public key size (bits) | 2048
serial | 0B93FF72FAF265C20779252A53DA601B
. . . continues on next page . . .
2 RESULTS PER HOST 14

. . . continued from previous page . . .

signature algorithm | sha256WithRSAEncryption
subject | CN=www.grupobancolombia.com,O=BANCOLOMBIA S.A.
,→,L=Medellin,ST=Antioquia,C=CO,2.5.4.5=#38333936343034,2.5.4.15=#50726976617465
,→204F7267616E697A6174696F6E,1.3.6.1.4.1.311.60.2.1.1=#4D6564656C6CC3AD6E,1.3.6.
,→1.4.1.311.60.2.1.2=#416E74696F71756961,1.3.6.1.4.1.311.60.2.1.3=#434F
subject alternative names (SAN) | sufi.grupobancolombia.com, cayman.grupobancolo
,→mbia.com, panama.grupobancolombia.com, grupobancolombia.com, puertorico.grupob
,→ancolombia.com, factoring.grupobancolombia.com, fiduciaria.grupobancolombia.co
,→m, leasing.grupobancolombia.com, valores.grupobancolombia.com, valoresbanistmo
,→.grupobancolombia.com, www.grupobancolombia.com, sucursalpanama.grupobancolomb
,→ia.com, bancainversion.grupobancolombia.com, assetmanagement.grupobancolombia.
,→com
valid from | 2022-03-03 00:00:00 UTC
valid until | 2023-03-15 23:59:59 UTC

Solution:

Log Method
Details: SSL/TLS: Collect and Report Certificate Details
OID:1.3.6.1.4.1.25623.1.0.103692
Version used: 2021-12-10T12:48:00Z

Log (CVSS: 0.0)

NVT: SSL/TLS: HTTP Public Key Pinning (HPKP) Missing

Summary
The remote web server is not enforcing HPKP.
Note: Most major browsers have dropped / deprecated support for this header in 2020.

Vulnerability Detection Result

The remote web server is not enforcing HPKP.
HTTP-Banner:
HTTP/1.1 200 OK
Date: ***replaced***
Last-Modified: ***replaced***
Accept-Ranges: bytes
Content-Length: ***replaced***
Vary: Accept-Encoding
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html

Solution:
Solution type: Workaround
Enable HPKP or add / congure the required directives correctly following the guides linked in
the references.
. . . continues on next page . . .
2 RESULTS PER HOST 15

. . . continued from previous page . . .

Note: Some web servers are not sending headers on specic status codes by default. Please review
your web server or application conguration to always send these headers on every response
independently from the status code.
- Apache: Use 'Header always set' instead of 'Header set'.
- nginx: Append the 'always' keyword to each 'add_header' directive.
For dierent applications or web severs please refer to the related documentation for a similar
conguration possibility.

Log Method
Details: SSL/TLS: HTTP Public Key Pinning (HPKP) Missing
OID:1.3.6.1.4.1.25623.1.0.108247
Version used: 2021-01-26T13:20:44Z

References
url: https://owasp.org/www-project-secure-headers/
url: https://owasp.org/www-project-secure-headers/#public-key-pinning-extension-
,→for-http-hpkp
url: https://tools.ietf.org/html/rfc7469
url: https://securityheaders.io/
url: https://httpd.apache.org/docs/current/mod/mod_headers.html#header
url: https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header

Log (CVSS: 0.0)

NVT: SSL/TLS: HTTP Strict Transport Security (HSTS) Missing

Summary
The remote web server is not enforcing HSTS.

Vulnerability Detection Result

The remote web server is not enforcing HSTS.
HTTP-Banner:
HTTP/1.1 200 OK
Date: ***replaced***
Last-Modified: ***replaced***
Accept-Ranges: bytes
Content-Length: ***replaced***
Vary: Accept-Encoding
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html

Solution:
Solution type: Workaround
Enable HSTS or add / congure the required directives correctly following the guides linked in
the references.
. . . continues on next page . . .
2 RESULTS PER HOST 16

. . . continued from previous page . . .

Note: Some web servers are not sending headers on specic status codes by default. Please review
your web server or application conguration to always send these headers on every response
independently from the status code.
- Apache: Use 'Header always set' instead of 'Header set'.
- nginx: Append the 'always' keyword to each 'add_header' directive.
For dierent applications or web severs please refer to the related documentation for a similar
conguration possibility.

Log Method
Details: SSL/TLS: HTTP Strict Transport Security (HSTS) Missing
OID:1.3.6.1.4.1.25623.1.0.105879
Version used: 2021-01-26T13:20:44Z

References
url: https://owasp.org/www-project-secure-headers/
url: https://owasp.org/www-project-cheat-sheets/cheatsheets/HTTP_Strict_Transpor
,→t_Security_Cheat_Sheet.html
url: https://owasp.org/www-project-secure-headers/#http-strict-transport-securit
,→y-hsts
url: https://tools.ietf.org/html/rfc6797
url: https://securityheaders.io/
url: https://httpd.apache.org/docs/current/mod/mod_headers.html#header
url: https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header

Log (CVSS: 0.0)

NVT: SSL/TLS: NPN / ALPN Extension and Protocol Support Detection

Summary
This routine identies services supporting the following extensions to TLS:
- Application-Layer Protocol Negotiation (ALPN)
- Next Protocol Negotiation (NPN).
Based on the availability of this extensions the supported Network Protocols by this service are
gathered and reported.

Vulnerability Detection Result

The remote service advertises support for the following Network Protocol(s) via
,→the ALPN extension:
SSL/TLS Protocol:Network Protocol
TLSv1.2:HTTP/1.1

Solution:

Log Method
Details: SSL/TLS: NPN / ALPN Extension and Protocol Support Detection
OID:1.3.6.1.4.1.25623.1.0.108099
. . . continues on next page . . .
2 RESULTS PER HOST 17

. . . continued from previous page . . .

Version used: 2021-02-12T06:42:15Z

References
url: https://tools.ietf.org/html/rfc7301
url: https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04

Log (CVSS: 0.0)

NVT: SSL/TLS: Report Medium Cipher Suites

Summary
This routine reports all Medium SSL/TLS cipher suites accepted by a service.

Vulnerability Detection Result

'Medium' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Solution:

Vulnerability Insight
Any cipher suite considered to be secure for only the next 10 years is considered as medium.

Log Method
Details: SSL/TLS: Report Medium Cipher Suites
OID:1.3.6.1.4.1.25623.1.0.902816
Version used: 2021-12-01T13:10:37Z

Log (CVSS: 0.0)

NVT: SSL/TLS: Report Non Weak Cipher Suites

Summary
This routine reports all Non Weak SSL/TLS cipher suites accepted by a service.

Vulnerability Detection Result

'Non Weak' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Solution:

. . . continues on next page . . .

2 RESULTS PER HOST 18

. . . continued from previous page . . .

Log Method
Details: SSL/TLS: Report Non Weak Cipher Suites
OID:1.3.6.1.4.1.25623.1.0.103441
Version used: 2021-12-01T09:24:41Z

Log (CVSS: 0.0)

NVT: SSL/TLS: Report Perfect Forward Secrecy (PFS) Cipher Suites

Summary
This routine reports all SSL/TLS cipher suites accepted by a service which are supporting Perfect
Forward Secrecy (PFS).

Vulnerability Detection Result

Cipher suites supporting Perfect Forward Secrecy (PFS) are accepted by this serv
,→ice via the TLSv1.2 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Solution:

Log Method
Details: SSL/TLS: Report Perfect Forward Secrecy (PFS) Cipher Suites
OID:1.3.6.1.4.1.25623.1.0.105018
Version used: 2021-12-09T13:40:52Z

Log (CVSS: 0.0)

NVT: SSL/TLS: Report Supported Cipher Suites

Summary
This routine reports all SSL/TLS cipher suites accepted by a service.

Vulnerability Detection Result

No 'Strong' cipher suites accepted by this service via the TLSv1.2 protocol.
'Medium' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
No 'Weak' cipher suites accepted by this service via the TLSv1.2 protocol.
No 'Null' cipher suites accepted by this service via the TLSv1.2 protocol.
No 'Anonymous' cipher suites accepted by this service via the TLSv1.2 protocol.
. . . continues on next page . . .
2 RESULTS PER HOST 19

. . . continued from previous page . . .

Solution:

Vulnerability Insight
Notes:
- As the VT 'SSL/TLS: Check Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.900234)
might run into a timeout the actual reporting of all accepted cipher suites takes place in this VT
instead.
- SSLv2 ciphers are not getting reported as the protocol itself is deprecated, needs to be considered
as weak and is reported separately as deprecated.

Log Method
Details: SSL/TLS: Report Supported Cipher Suites
OID:1.3.6.1.4.1.25623.1.0.802067
Version used: 2022-08-25T10:12:37Z

Log (CVSS: 0.0)

NVT: SSL/TLS: Version Detection

Summary
Enumeration and reporting of SSL/TLS protocol versions supported by a remote service.

Vulnerability Detection Result

The remote SSL/TLS service supports the following SSL/TLS protocol version(s):
TLSv1.2

Solution:

Log Method
Sends multiple connection requests to the remote service and attempts to determine the SSL/TLS
protocol versions supported by the service from the replies.
Note: The supported SSL/TLS protocol versions included in the report of this VT are reported
independently from the allowed / supported SSL/TLS ciphers.
Details: SSL/TLS: Version Detection
OID:1.3.6.1.4.1.25623.1.0.105782
Version used: 2021-12-06T15:42:24Z

[ return to 169.62.185.109 ]

This le was automatically generated.