Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):ekk.worldtravelink.com

Transcription

1 Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Travolutionary ASV Company: Comodo CA Limited Scan expiration date: Part 2. Summary (IP Address, domain, etc.): Part 3a. Vulnerabilities Noted for each ASV may choose to omit vulnerabilities that do not impact compliance from this section, however, failing vulnerabilities that have been changed to "pass" via exceptions or after remediation / rescan must always be listed Vulnerabilities Noted per Strict Transport Security (STS) Detection 1221 / tcp / Nessus SYN scanner 4022 / tcp / Nessus SYN scanner 4020 / tcp / Nessus SYN scanner 4018 / tcp / Nessus SYN scanner 4016 / tcp / Nessus SYN scanner 1221 / tcp / Nessus SYN scanner 455 / tcp / Nessus SYN scanner 454 / tcp / Nessus SYN scanner 443 / tcp / Nessus SYN scanner 80 / tcp / HyperText Transfer Protocol (HTTP) Redirect Information 443 / tcp / HyperText Transfer Protocol (HTTP) Redirect Information 80 / tcp / Device Type 0 / tcp / SSL Root Certification Authority Certificate Information 455 / tcp / SSL Root Certification Authority Certificate Information 454 / tcp /

2 Vulnerabilities Noted per SSL Root Certification Authority Certificate Information 443 / tcp / CGI Generic Injectable Parameter 443 / tcp / SSL Cipher Suites Supported 455 / tcp / SSL Cipher Suites Supported 454 / tcp / SSL Cipher Suites Supported 443 / tcp / Web Server Directory Enumeration 443 / tcp / Common Platform Enumeration (CPE) 0 / tcp / HTTP Methods Allowed (per directory) 1221 / tcp / HTTP Methods Allowed (per directory) 80 / tcp / HTTP Methods Allowed (per directory) 443 / tcp / SSL Certificate Expiry - Future Expiry 443 / tcp / Web Application Sitemap 1221 / tcp / Web Application Sitemap 443 / tcp / Web Server Allows word Auto-Completion 443 / tcp / CGI Generic Tests Load Estimation (all tests) 443 / tcp / TLS ALPN Supported Protocol Enumeration 455 / tcp / TLS ALPN Supported Protocol Enumeration 454 / tcp / HSTS Missing From HTTPS Server 443 / tcp / HSTS Missing From HTTPS Server 454 / tcp / HSTS Missing From HTTPS Server 455 / tcp /

3 Vulnerabilities Noted per OpenSSL Detection 443 / tcp / Web Server No 404 Error Code Check 1221 / tcp / Web Application Potentially Sensitive CGI Parameter Detection 443 / tcp / TCP/IP Timestamps Supported 0 / tcp / SSL Certificate Chain Contains Certificates Expiring Soon 443 / tcp / Web Application Cookies Not Marked Secure 1221 / tcp / Web Application Cookies Not Marked Secure 80 / tcp / Web Application Cookies Not Marked Secure 443 / tcp / Web Application Cookies Not Marked Secure 454 / tcp / Web Application Cookies Not Marked Secure 455 / tcp / HTTP X-Content-Security-Policy Response Header Usage 443 / tcp / HyperText Transfer Protocol (HTTP) Information 1221 / tcp / HyperText Transfer Protocol (HTTP) Information 455 / tcp / HyperText Transfer Protocol (HTTP) Information 454 / tcp / HyperText Transfer Protocol (HTTP) Information 443 / tcp / HyperText Transfer Protocol (HTTP) Information 80 / tcp / SSL Certificate Information 455 / tcp / SSL Certificate Information 454 / tcp / SSL Certificate Information 443 / tcp / OS Identification 0 / tcp /

4 Vulnerabilities Noted per SSL / TLS Versions Supported 443 / tcp / SSL / TLS Versions Supported 455 / tcp / SSL / TLS Versions Supported 454 / tcp / Additional DNS Hostnames 0 / tcp / HTTP Server Type and Version 1221 / tcp / HTTP Server Type and Version 80 / tcp / HTTP Server Type and Version 443 / tcp / Web Server robots.txt Information Disclosure 443 / tcp / Non-compliant Strict Transport Security (STS) 1221 / tcp / Service Detection 1221 / tcp / Service Detection 80 / tcp / Service Detection 443 / tcp / Service Detection 454 / tcp / Service Detection 455 / tcp / Service Detection 454 / tcp / Service Detection 455 / tcp / Service Detection 443 / tcp / SSL Perfect Forward Secrecy Cipher Suites Supported 455 / tcp / SSL Perfect Forward Secrecy Cipher Suites Supported 454 / tcp / SSL Perfect Forward Secrecy Cipher Suites Supported 443 / tcp / SSL Cipher Block Chaining Cipher Suites Supported 443 / tcp / SSL Cipher Block Chaining Cipher Suites Supported 455 / tcp / SSL Cipher Block Chaining Cipher Suites Supported 454 / tcp /

5 Vulnerabilities Noted per HTTP X-Frame-Options Response Header Usage 443 / tcp / Consolidated Solution/Correction Plan for above IP address: Protect your target with an IP filter. Analyze the redirect(s) to verify that this is valid operation for your web server and/or application. Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies. Purchase or generate a new SSL certificate in the near future to replace the existing one. Add the attribute 'autocomplete=off' to these fields to prevent browsers from caching credentials. Configure the remote web server to use HSTS. Ensure sensitive data is not disclosed by CGI parameters. In addition, do not use CGI parameters to control access to resources or privileges. Renew any soon to expire SSL certificates. Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision. If possible, ensure all communication occurs over an encrypted channel and add the 'secure' attribute to all session cookies or any cookies containing sensitive data. Set a non-permissive Content-Security-Policy frame-ancestors header for all requested resources. If you want to test them, re-scan using the special vhost syntax, such as :.example.com[ ] Review the contents of the site's robots.txt file, use Robots META tags instead of entries in the robots.txt file, and/or adjust the web server's access controls to limit access to sensitive material. Set a properly configured X-Frame-Options header for all requested resources. Part 3b. Special Notes by Special Note Item Noted Scan customer`s description of action taken and declaration that software is either implemented securely or removed Part 3c. Special notes -- Full Text Note Part 4a. Scope Submitted by Scan Customer for Discovery IP Addresses/ranges/subnets, domains, URLs, etc. DOMAIN:

6 Part 4b. Scan Customer Designated In-Scope s (Scanned) IP Addresses/ranges/subnets, domains, URLs, etc. Part 4c. Scan Customer Designated Out-of-Scope s (Not Scanned) Requires description for each IP Address/range/subnet, domain, URL ekkworldtravelink.azurewebsites.net: waws-prod-am2-013.cloudapp.net: waws-prod-am2-013.vip.azurewebsites.windows.net: worldtravelink.com: