| IP | Hostname | Port | Port Protocol | CVSS | Severity | Solution Type | NVT Name | Summary | Specific Result | NVT OID | CVEs | Task ID | Task Name | Timestamp | Result ID | Impact | Solution | Affected Software/OS | Vulnerability Insight | Vulnerability Detection Method | Product Detection Result | BIDs | CERTs | Other References |
| xxx.yyy.zzz.aa | 161 | udp | 7.5 | High | VendorFix | Report default community names of the SNMP Agent | Simple Network Management Protocol (SNMP) is a protocol
which can be used by administrators to remotely manage a computer or network device. There
are typically 2 modes of remote SNMP monitoring. These modes are roughly 'READ' and 'WRITE'
(or PUBLIC and PRIVATE). | SNMP Agent responded as expected when using the following community name:
public
| 1.3.6.1.4.1.25623.1.0.10264 | CVE-1999-0472,CVE-1999-0516,CVE-1999-0517,CVE-1999-0792,CVE-2000-0147,CVE-2001-0380,CVE-2001-0514,CVE-2001-1210,CVE-2002-0109,CVE-2002-0478,CVE-2002-1229,CVE-2004-1474,CVE-2004-1775,CVE-2004-1776,CVE-2011-0890,CVE-2012-4964,CVE-2014-4862,CVE-2014-4863,CVE-2016-1452,CVE-2016-5645,CVE-2017-7922 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T21:34:38Z | c08e30db-a509-4302-92b4-a4769cb8364a | If an attacker is able to guess a PUBLIC community string,
they would be able to read SNMP data (depending on which MIBs are installed) from the remote
device. This information might include system time, IP addresses, interfaces, processes
running, etc.
If an attacker is able to guess a PRIVATE community string (WRITE or 'writeall'
access), they will have the ability to change information on the remote machine.
This could be a huge security hole, enabling remote attackers to wreak complete
havoc such as routing network traffic, initiating processes, etc. In essence,
'writeall' access will give the remote attacker full administrative rights over
the remote machine.
Note that this test only gathers information and does not attempt to write to
the remote device. Thus it is not possible to determine automatically whether
the reported community is public or private.
Also note that information made available through a guessable community string
might or might not contain sensitive data. Please review the information
available through the reported community string to determine the impact of this
disclosure. | Determine if the detected community string is a private
community string. Determine whether a public community string exposes sensitive information.
Disable the SNMP service if you don't use it or change the default community string. | |
Details:
Report default community names of the SNMP Agent
(OID: 1.3.6.1.4.1.25623.1.0.10264) | 177,973,986,2112,2896,3758,3795,3797,4330,5030,5965,7081,7212,7317,9681,11237,20125,41436,46981,91756,92428,99083 | DFN-CERT-2016-1130,CB-K18/1132,CB-K16/1061 | | | | |
| xxx.yyy.zzz.aa | | | 2.6 | Low | Mitigation | TCP timestamps | The remote host implements TCP timestamps and therefore allows to compute
the uptime. | It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 1262565174
Packet 2: 1262565292 | 1.3.6.1.4.1.25623.1.0.80091 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T21:34:38Z | 7f007f0d-eb57-4b5b-ba65-ff250fd8c177 | A side effect of this feature is that the uptime of the remote
host can sometimes be computed. | To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
/etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is to not use the
Timestamp options when initiating TCP connections, but use them if the TCP peer
that is initiating communication includes them in their synchronize (SYN) segment.
See the references for more information. | TCP/IPv4 implementations that implement RFC1323. | The remote host implements TCP timestamps, as defined by RFC1323. | Special IP packets are forged and sent with a little delay in between to the
target IP. The responses are searched for a timestamps. If found, the timestamps are reported.
Details:
TCP timestamps
(OID: 1.3.6.1.4.1.25623.1.0.80091) | | | | | | |
| xxx.yyy.zzz.aa | 22 | tcp | 2.6 | Low | Mitigation | SSH Weak MAC Algorithms Supported | The remote SSH server is configured to allow weak MD5 and/or 96-bit MAC algorithms. | The following weak client-to-server MAC algorithms are supported by the remote service:
hmac-md5
hmac-md5-96
hmac-md5-96-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-sha1-96
hmac-sha1-96-etm@openssh.com
The following weak server-to-client MAC algorithms are supported by the remote service:
hmac-md5
hmac-md5-96
hmac-md5-96-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-sha1-96
hmac-sha1-96-etm@openssh.com
| 1.3.6.1.4.1.25623.1.0.105610 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T21:34:38Z | 6233ac49-8cf9-41c7-afd1-fe58885dd397 | Disable the weak MAC algorithms. | | |
Details:
SSH Weak MAC Algorithms Supported
(OID: 1.3.6.1.4.1.25623.1.0.105610) | | | | | | | |
| xxx.yyy.zzz.aa | 443 | tcp | 5 | Medium | Mitigation | SSL/TLS: Certificate Expired | The remote server's SSL/TLS certificate has already expired. | The certificate of the remote service expired on 1971-01-01 00:02:54.
Certificate details:
subject ...: CN=192.168.1.2
subject alternative names (SAN):
None
issued by .: CN=192.168.1.2
serial ....: 00FE5B4AEF7A424B93
valid from : 1970-01-01 00:02:54 UTC
valid until: 1971-01-01 00:02:54 UTC
fingerprint (SHA-1): E86A2CE79E8BE24EF2DEBC9E494B61E11A1179F2
fingerprint (SHA-256): 07F9C202624A63505D33639D09E5C48952227269429E18BE3C0E03778A64AD09 | 1.3.6.1.4.1.25623.1.0.103955 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T21:34:38Z | 191a4cea-8d08-4484-aa1e-d0a122900ea5 | Replace the SSL/TLS certificate by a new one. | | This script checks expiry dates of certificates associated with
SSL/TLS-enabled services on the target and reports whether any have already expired. |
Details:
SSL/TLS: Certificate Expired
(OID: 1.3.6.1.4.1.25623.1.0.103955) | | | | | | | |
| xxx.yyy.zzz.aa | 161 | udp | 5 | Medium | Workaround | SNMP GETBULK Reflected DRDoS | The remote SNMP daemon allows distributed reflection and
amplification (DRDoS) attacks. | By sending an SNMP GetBulk request of 41 bytes, we received a response of 2027 bytes. | 1.3.6.1.4.1.25623.1.0.105062 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T21:34:38Z | f4fb2190-661b-4389-ba6e-d339a5c0544e | Successfully exploiting this vulnerability allows attackers to
cause denial-of-service conditions against remote hosts. | Disable the SNMP service on the remote host if you do not use it or
restrict access to this service. | | | Send an SNMP GetBulk request and check the response.
Details:
SNMP GETBULK Reflected DRDoS
(OID: 1.3.6.1.4.1.25623.1.0.105062) | | | | | | |
| xxx.yyy.zzz.aa | 443 | tcp | 5 | Medium | Mitigation | SSL/TLS: Report Vulnerable Cipher Suites for HTTPS | This routine reports all SSL/TLS cipher suites accepted by a service
where attack vectors exists only on HTTPS services. | 'Vulnerable' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
'Vulnerable' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
| 1.3.6.1.4.1.25623.1.0.108031 | CVE-2016-2183,CVE-2016-6329 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T21:34:38Z | 56a0b838-dac8-42f1-bb6b-939d7cf9de1e | The configuration of this services should be changed so
that it does not accept the listed cipher suites anymore.
Please see the references for more resources supporting you with this task. | Services accepting vulnerable SSL/TLS cipher suites via HTTPS. | These rules are applied for the evaluation of the vulnerable cipher suites:
- 64-bit block cipher 3DES vulnerable to the SWEET32 attack (CVE-2016-2183). |
Details:
SSL/TLS: Report Vulnerable Cipher Suites for HTTPS
(OID: 1.3.6.1.4.1.25623.1.0.108031) | DFN-CERT-2020-0368,DFN-CERT-2019-1455,DFN-CERT-2019-0068,DFN-CERT-2018-1296,DFN-CERT-2018-0323,DFN-CERT-2017-2070,DFN-CERT-2017-1954,DFN-CERT-2017-1885,DFN-CERT-2017-1831,DFN-CERT-2017-1821,DFN-CERT-2017-1785,DFN-CERT-2017-1626,DFN-CERT-2017-1326,DFN-CERT-2017-1239,DFN-CERT-2017-1238,DFN-CERT-2017-1090,DFN-CERT-2017-1060,DFN-CERT-2017-0968,DFN-CERT-2017-0947,DFN-CERT-2017-0946,DFN-CERT-2017-0904,DFN-CERT-2017-0816,DFN-CERT-2017-0746,DFN-CERT-2017-0677,DFN-CERT-2017-0675,DFN-CERT-2017-0611,DFN-CERT-2017-0609,DFN-CERT-2017-0522,DFN-CERT-2017-0519,DFN-CERT-2017-0482,DFN-CERT-2017-0351,DFN-CERT-2017-0090,DFN-CERT-2017-0089,DFN-CERT-2017-0088,DFN-CERT-2017-0086,DFN-CERT-2016-1943,DFN-CERT-2016-1937,DFN-CERT-2016-1732,DFN-CERT-2016-1726,DFN-CERT-2016-1715,DFN-CERT-2016-1714,DFN-CERT-2016-1588,DFN-CERT-2016-1555,DFN-CERT-2016-1391,DFN-CERT-2016-1378,CB-K20/0321,CB-K20/0314,CB-K20/0157,CB-K19/0618,CB-K19/0615,CB-K18/0296,CB-K17/1980,CB-K17/1871,CB-K17/1803,CB-K17/1753,CB-K17/1750,CB-K17/1709,CB-K17/1558,CB-K17/1273,CB-K17/1202,CB-K17/1196,CB-K17/1055,CB-K17/1026,CB-K17/0939,CB-K17/0917,CB-K17/0915,CB-K17/0877,CB-K17/0796,CB-K17/0724,CB-K17/0661,CB-K17/0657,CB-K17/0582,CB-K17/0581,CB-K17/0506,CB-K17/0504,CB-K17/0467,CB-K17/0345,CB-K17/0098,CB-K17/0089,CB-K17/0086,CB-K17/0082,CB-K16/1837,CB-K16/1830,CB-K16/1635,CB-K16/1630,CB-K16/1624,CB-K16/1622,CB-K16/1500,CB-K16/1465,CB-K16/1307,CB-K16/1296 | | | | | |
| xxx.yyy.zzz.aa | 22 | tcp | 4.3 | Medium | Mitigation | SSH Weak Encryption Algorithms Supported | The remote SSH server is configured to allow weak encryption algorithms. | The following weak client-to-server encryption algorithms are supported by the remote service:
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se
The following weak server-to-client encryption algorithms are supported by the remote service:
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se
| 1.3.6.1.4.1.25623.1.0.105611 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T21:34:38Z | 8d0f71d7-1e9c-472a-98ce-faedc500d4f0 | Disable the weak encryption algorithms. | | The `arcfour` cipher is the Arcfour stream cipher with 128-bit keys.
The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]. Arcfour (and RC4) has problems
with weak keys, and should not be used anymore.
The `none` algorithm specifies that no encryption is to be done.
Note that this method provides no confidentiality protection, and it
is NOT RECOMMENDED to use it.
A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext. | Check if remote ssh service supports Arcfour, none or CBC ciphers.
Details:
SSH Weak Encryption Algorithms Supported
(OID: 1.3.6.1.4.1.25623.1.0.105611) | | | | | | | |
| xxx.yyy.zzz.ab | | | 2.6 | Low | Mitigation | TCP timestamps | The remote host implements TCP timestamps and therefore allows to compute
the uptime. | It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 4248000010
Packet 2: 4248001162 | 1.3.6.1.4.1.25623.1.0.80091 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T21:34:38Z | bfee8286-518c-4b14-84b4-a5ee368b56e4 | A side effect of this feature is that the uptime of the remote
host can sometimes be computed. | To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
/etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is to not use the
Timestamp options when initiating TCP connections, but use them if the TCP peer
that is initiating communication includes them in their synchronize (SYN) segment.
See the references for more information. | TCP/IPv4 implementations that implement RFC1323. | The remote host implements TCP timestamps, as defined by RFC1323. | Special IP packets are forged and sent with a little delay in between to the
target IP. The responses are searched for a timestamps. If found, the timestamps are reported.
Details:
TCP timestamps
(OID: 1.3.6.1.4.1.25623.1.0.80091) | | | | | | |
| xxx.yyy.zzz.ac | 161 | udp | 7.5 | High | VendorFix | Report default community names of the SNMP Agent | Simple Network Management Protocol (SNMP) is a protocol
which can be used by administrators to remotely manage a computer or network device. There
are typically 2 modes of remote SNMP monitoring. These modes are roughly 'READ' and 'WRITE'
(or PUBLIC and PRIVATE). | SNMP Agent responded as expected when using the following community name:
public
| 1.3.6.1.4.1.25623.1.0.10264 | CVE-1999-0472,CVE-1999-0516,CVE-1999-0517,CVE-1999-0792,CVE-2000-0147,CVE-2001-0380,CVE-2001-0514,CVE-2001-1210,CVE-2002-0109,CVE-2002-0478,CVE-2002-1229,CVE-2004-1474,CVE-2004-1775,CVE-2004-1776,CVE-2011-0890,CVE-2012-4964,CVE-2014-4862,CVE-2014-4863,CVE-2016-1452,CVE-2016-5645,CVE-2017-7922 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T21:34:38Z | ab8b836e-6aa2-49d3-aa2b-81ccdad32f62 | If an attacker is able to guess a PUBLIC community string,
they would be able to read SNMP data (depending on which MIBs are installed) from the remote
device. This information might include system time, IP addresses, interfaces, processes
running, etc.
If an attacker is able to guess a PRIVATE community string (WRITE or 'writeall'
access), they will have the ability to change information on the remote machine.
This could be a huge security hole, enabling remote attackers to wreak complete
havoc such as routing network traffic, initiating processes, etc. In essence,
'writeall' access will give the remote attacker full administrative rights over
the remote machine.
Note that this test only gathers information and does not attempt to write to
the remote device. Thus it is not possible to determine automatically whether
the reported community is public or private.
Also note that information made available through a guessable community string
might or might not contain sensitive data. Please review the information
available through the reported community string to determine the impact of this
disclosure. | Determine if the detected community string is a private
community string. Determine whether a public community string exposes sensitive information.
Disable the SNMP service if you don't use it or change the default community string. | |
Details:
Report default community names of the SNMP Agent
(OID: 1.3.6.1.4.1.25623.1.0.10264) | 177,973,986,2112,2896,3758,3795,3797,4330,5030,5965,7081,7212,7317,9681,11237,20125,41436,46981,91756,92428,99083 | DFN-CERT-2016-1130,CB-K18/1132,CB-K16/1061 | | | | |
| xxx.yyy.zzz.ac | | | 2.6 | Low | Mitigation | TCP timestamps | The remote host implements TCP timestamps and therefore allows to compute
the uptime. | It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 3951388049
Packet 2: 3951389197 | 1.3.6.1.4.1.25623.1.0.80091 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T21:34:38Z | bdd6199e-9f23-4639-866a-695eeff3d06a | A side effect of this feature is that the uptime of the remote
host can sometimes be computed. | To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
/etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is to not use the
Timestamp options when initiating TCP connections, but use them if the TCP peer
that is initiating communication includes them in their synchronize (SYN) segment.
See the references for more information. | TCP/IPv4 implementations that implement RFC1323. | The remote host implements TCP timestamps, as defined by RFC1323. | Special IP packets are forged and sent with a little delay in between to the
target IP. The responses are searched for a timestamps. If found, the timestamps are reported.
Details:
TCP timestamps
(OID: 1.3.6.1.4.1.25623.1.0.80091) | | | | | | |
| xxx.yyy.zzz.ac | 161 | udp | 5 | Medium | Workaround | SNMP GETBULK Reflected DRDoS | The remote SNMP daemon allows distributed reflection and
amplification (DRDoS) attacks. | By sending an SNMP GetBulk request of 41 bytes, we received a response of 2594 bytes. | 1.3.6.1.4.1.25623.1.0.105062 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T21:34:38Z | 14205704-8c95-4633-b60f-1b4acbb60391 | Successfully exploiting this vulnerability allows attackers to
cause denial-of-service conditions against remote hosts. | Disable the SNMP service on the remote host if you do not use it or
restrict access to this service. | | | Send an SNMP GetBulk request and check the response.
Details:
SNMP GETBULK Reflected DRDoS
(OID: 1.3.6.1.4.1.25623.1.0.105062) | | | | | | |
| xxx.yyy.zzz.ac | 80 | tcp | 4.8 | Medium | Workaround | Cleartext Transmission of Sensitive Information via HTTP | The host / application transmits sensitive information (username, passwords) in
cleartext via HTTP. | The following URLs requires Basic Authentication (URL:realm name):
http://xxx.yyy.zzz.ac/console:"connect_console_ws"
http://xxx.yyy.zzz.ac/export:"get_export"
http://xxx.yyy.zzz.ac/services:"get_services" | 1.3.6.1.4.1.25623.1.0.108440 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T21:34:38Z | 62c5d92e-6f3c-4886-8508-e74e70183c1a | An attacker could use this situation to compromise or eavesdrop on the
HTTP communication between the client and the server using a man-in-the-middle attack to get access to
sensitive data like usernames or passwords. | Enforce the transmission of sensitive data via an encrypted SSL/TLS connection.
Additionally make sure the host / application is redirecting all users to the secured SSL/TLS connection before
allowing to input sensitive data into the mentioned functions. | Hosts / applications which doesn't enforce the transmission of sensitive data via an
encrypted SSL/TLS connection. | | Evaluate previous collected information and check if the host / application is not
enforcing the transmission of sensitive data via an encrypted SSL/TLS connection.
The script is currently checking the following:
- HTTP Basic Authentication (Basic Auth)
- HTTP Forms (e.g. Login) with input field of type 'password'
Details:
Cleartext Transmission of Sensitive Information via HTTP
(OID: 1.3.6.1.4.1.25623.1.0.108440) | | | | | | |
| xxx.yyy.zzz.ac | 22 | tcp | 4.3 | Medium | Mitigation | SSH Weak Encryption Algorithms Supported | The remote SSH server is configured to allow weak encryption algorithms. | The following weak client-to-server encryption algorithms are supported by the remote service:
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
The following weak server-to-client encryption algorithms are supported by the remote service:
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
| 1.3.6.1.4.1.25623.1.0.105611 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T21:34:38Z | 7f86d736-2851-465f-9966-44e02935013f | Disable the weak encryption algorithms. | | The `arcfour` cipher is the Arcfour stream cipher with 128-bit keys.
The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]. Arcfour (and RC4) has problems
with weak keys, and should not be used anymore.
The `none` algorithm specifies that no encryption is to be done.
Note that this method provides no confidentiality protection, and it
is NOT RECOMMENDED to use it.
A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext. | Check if remote ssh service supports Arcfour, none or CBC ciphers.
Details:
SSH Weak Encryption Algorithms Supported
(OID: 1.3.6.1.4.1.25623.1.0.105611) | | | | | | | |
| xxx.yyy.zzz.ad | | | 2.6 | Low | Mitigation | TCP timestamps | The remote host implements TCP timestamps and therefore allows to compute
the uptime. | It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 3214874085
Packet 2: 3214875233 | 1.3.6.1.4.1.25623.1.0.80091 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T21:34:38Z | eb3032bc-e1f0-41d6-990a-62c2dbe1a3c5 | A side effect of this feature is that the uptime of the remote
host can sometimes be computed. | To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
/etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is to not use the
Timestamp options when initiating TCP connections, but use them if the TCP peer
that is initiating communication includes them in their synchronize (SYN) segment.
See the references for more information. | TCP/IPv4 implementations that implement RFC1323. | The remote host implements TCP timestamps, as defined by RFC1323. | Special IP packets are forged and sent with a little delay in between to the
target IP. The responses are searched for a timestamps. If found, the timestamps are reported.
Details:
TCP timestamps
(OID: 1.3.6.1.4.1.25623.1.0.80091) | | | | | | |
| xxx.yyy.zzz.ad | 443 | tcp | 6.4 | Medium | Mitigation | SSL/TLS: Missing `secure` Cookie Attribute | The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability. | The cookies:
Set-Cookie: XSRF-TOKEN=eyJpdiI6ImRQUGR3RE13dGJhc1ppUHhQRjh1MEE9PSIsInZhbHVlIjoiRkZXQWllVUFBakFNZjVKNzZheUhDS3cxWHMrRGpNRDhPc2ExY3JiVWJYWVlxb2RnYUxoY2VxREdyZjdwY0QxaCIsIm1hYyI6IjgyNjhjMDgxODMzZDU2NWFkYWIxNzU4NWZjZmFiZjcyNDQ2NzUyNDZiNzM3YmE1YzQ2ZTBiZDcxMzdjZTkzZjUifQ%3D%3D; expires=Thu, 18-Jun-2020 01:13:43 GMT; Max-Age=***replaced***; path=/
Set-Cookie: laravel_session=eyJpdiI6InFPRFhGcDN2MVhoY2sxa0dUS2F4cHc9PSIsInZhbHVlIjoiRUpUWXRvaHc4YVwvbFVYYVd4eXcwbFFOWVIzY25WbnFLZTFSWWxJcFo1UHZZamRKNmN5MzhocFhjRUNPSjhDTFIiLCJtYWMiOiI4MjY1MjQ5NjljZGFlMDllNGIzYTUyMmFhNWI3OGU5YzZlNzU5OGIxZmM3Zjg5ZGE5NGM2MWVkNDFhZTg5Njc1In0%3D; expires=Thu, 18-Jun-2020 01:13:43 GMT; Max-Age=***replaced***; path=/; httponly
are missing the "secure" attribute. | 1.3.6.1.4.1.25623.1.0.902661 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T21:34:38Z | f8204ee4-4ebc-4262-811f-dc1d450c385e | Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. | Server with SSL/TLS. | The flaw is due to cookie is not using 'secure' attribute, which
allows cookie to be passed to the server by the client over non-secure channels (http) and allows attacker
to conduct session hijacking attacks. |
Details:
SSL/TLS: Missing `secure` Cookie Attribute
(OID: 1.3.6.1.4.1.25623.1.0.902661) | | | | | | | |
| xxx.yyy.zzz.ad | 443 | tcp | 5 | Medium | Mitigation | Missing `httpOnly` Cookie Attribute | The application is missing the 'httpOnly' cookie attribute | The cookies:
Set-Cookie: XSRF-TOKEN=eyJpdiI6ImRQUGR3RE13dGJhc1ppUHhQRjh1MEE9PSIsInZhbHVlIjoiRkZXQWllVUFBakFNZjVKNzZheUhDS3cxWHMrRGpNRDhPc2ExY3JiVWJYWVlxb2RnYUxoY2VxREdyZjdwY0QxaCIsIm1hYyI6IjgyNjhjMDgxODMzZDU2NWFkYWIxNzU4NWZjZmFiZjcyNDQ2NzUyNDZiNzM3YmE1YzQ2ZTBiZDcxMzdjZTkzZjUifQ%3D%3D; expires=Thu, 18-Jun-2020 01:13:43 GMT; Max-Age=***replaced***; path=/
are missing the "httpOnly" attribute. | 1.3.6.1.4.1.25623.1.0.105925 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T21:34:38Z | fc2e64ae-82dc-41c5-95d4-fd66aaeada2a | Set the 'httpOnly' attribute for any session cookie. | Application with session handling in cookies. | The flaw is due to a cookie is not using the 'httpOnly' attribute. This
allows a cookie to be accessed by JavaScript which could lead to session hijacking attacks. | Check all cookies sent by the application for a missing 'httpOnly' attribute
Details:
Missing `httpOnly` Cookie Attribute
(OID: 1.3.6.1.4.1.25623.1.0.105925) | | | | | | | |
| xxx.yyy.zzz.ad | | | 2.6 | Low | Mitigation | TCP timestamps | The remote host implements TCP timestamps and therefore allows to compute
the uptime. | It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 292205112
Packet 2: 292206260 | 1.3.6.1.4.1.25623.1.0.80091 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T21:34:38Z | 20f7e1bd-a6ea-431e-b373-b374902523b6 | A side effect of this feature is that the uptime of the remote
host can sometimes be computed. | To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
/etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is to not use the
Timestamp options when initiating TCP connections, but use them if the TCP peer
that is initiating communication includes them in their synchronize (SYN) segment.
See the references for more information. | TCP/IPv4 implementations that implement RFC1323. | The remote host implements TCP timestamps, as defined by RFC1323. | Special IP packets are forged and sent with a little delay in between to the
target IP. The responses are searched for a timestamps. If found, the timestamps are reported.
Details:
TCP timestamps
(OID: 1.3.6.1.4.1.25623.1.0.80091) | | | | | | |
| xxx.yyy.zzz.ae | 23 | tcp | 4.8 | Medium | Mitigation | Telnet Unencrypted Cleartext Login | The remote host is running a Telnet service that allows cleartext logins over
unencrypted connections. | Vulnerability was detected according to the Vulnerability Detection Method. | 1.3.6.1.4.1.25623.1.0.108522 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T21:34:41Z | a87f3bf3-4b57-49c9-b438-15999024b844 | An attacker can uncover login names and passwords by sniffing traffic to the
Telnet service. | Replace Telnet with a protocol like SSH which supports encrypted connections. | | |
Details:
Telnet Unencrypted Cleartext Login
(OID: 1.3.6.1.4.1.25623.1.0.108522) | | | | | | |
| xxx.yyy.zzz.af | | | 2.6 | Low | Mitigation | TCP timestamps | The remote host implements TCP timestamps and therefore allows to compute
the uptime. | It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 294184465
Packet 2: 294185608 | 1.3.6.1.4.1.25623.1.0.80091 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T22:07:11Z | 0f13bd7d-a3c7-42c4-acc1-ab1db6a8b865 | A side effect of this feature is that the uptime of the remote
host can sometimes be computed. | To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
/etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is to not use the
Timestamp options when initiating TCP connections, but use them if the TCP peer
that is initiating communication includes them in their synchronize (SYN) segment.
See the references for more information. | TCP/IPv4 implementations that implement RFC1323. | The remote host implements TCP timestamps, as defined by RFC1323. | Special IP packets are forged and sent with a little delay in between to the
target IP. The responses are searched for a timestamps. If found, the timestamps are reported.
Details:
TCP timestamps
(OID: 1.3.6.1.4.1.25623.1.0.80091) | | | | | | |
| xxx.yyy.zzz.af | 636 | tcp | 4.3 | Medium | Mitigation | SSL/TLS: Report Weak Cipher Suites | This routine reports all Weak SSL/TLS cipher suites accepted by a service.
NOTE: No severity for SMTP services with 'Opportunistic TLS' and weak cipher suites on port 25/tcp is reported.
If too strong cipher suites are configured for this service the alternative would be to fall back to an even more insecure
cleartext communication. | 'Weak' cipher suites accepted by this service via the SSLv3 protocol:
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA
'Weak' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA
'Weak' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA
'Weak' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA
| 1.3.6.1.4.1.25623.1.0.103440 | CVE-2013-2566,CVE-2015-2808,CVE-2015-4000 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T22:07:11Z | adf65c2d-7298-4e92-afd0-97b4739b55ae | The configuration of this services should be changed so
that it does not accept the listed weak cipher suites anymore.
Please see the references for more resources supporting you with this task. | These rules are applied for the evaluation of the cryptographic strength:
- RC4 is considered to be weak (CVE-2013-2566, CVE-2015-2808).
- Ciphers using 64 bit or less are considered to be vulnerable to brute force methods
and therefore considered as weak (CVE-2015-4000).
- 1024 bit RSA authentication is considered to be insecure and therefore as weak.
- Any cipher considered to be secure for only the next 10 years is considered as medium
- Any other cipher is considered as strong |
Details:
SSL/TLS: Report Weak Cipher Suites
(OID: 1.3.6.1.4.1.25623.1.0.103440) | | DFN-CERT-2020-1276,DFN-CERT-2017-1821,DFN-CERT-2016-1692,DFN-CERT-2016-1648,DFN-CERT-2016-1168,DFN-CERT-2016-0665,DFN-CERT-2016-0642,DFN-CERT-2016-0184,DFN-CERT-2016-0135,DFN-CERT-2016-0101,DFN-CERT-2016-0035,DFN-CERT-2015-1853,DFN-CERT-2015-1679,DFN-CERT-2015-1632,DFN-CERT-2015-1608,DFN-CERT-2015-1542,DFN-CERT-2015-1518,DFN-CERT-2015-1406,DFN-CERT-2015-1341,DFN-CERT-2015-1194,DFN-CERT-2015-1144,DFN-CERT-2015-1113,DFN-CERT-2015-1078,DFN-CERT-2015-1067,DFN-CERT-2015-1038,DFN-CERT-2015-1016,DFN-CERT-2015-1012,DFN-CERT-2015-0980,DFN-CERT-2015-0977,DFN-CERT-2015-0976,DFN-CERT-2015-0960,DFN-CERT-2015-0956,DFN-CERT-2015-0944,DFN-CERT-2015-0937,DFN-CERT-2015-0925,DFN-CERT-2015-0884,DFN-CERT-2015-0881,DFN-CERT-2015-0879,DFN-CERT-2015-0866,DFN-CERT-2015-0844,DFN-CERT-2015-0800,DFN-CERT-2015-0737,DFN-CERT-2015-0696,DFN-CERT-2014-0977,CB-K19/0812,CB-K17/1750,CB-K16/1593,CB-K16/1552,CB-K16/1102,CB-K16/0617,CB-K16/0599,CB-K16/0168,CB-K16/0121,CB-K16/0090,CB-K16/0030,CB-K15/1751,CB-K15/1591,CB-K15/1550,CB-K15/1517,CB-K15/1514,CB-K15/1464,CB-K15/1442,CB-K15/1334,CB-K15/1269,CB-K15/1136,CB-K15/1090,CB-K15/1059,CB-K15/1022,CB-K15/1015,CB-K15/0986,CB-K15/0964,CB-K15/0962,CB-K15/0932,CB-K15/0927,CB-K15/0926,CB-K15/0907,CB-K15/0901,CB-K15/0896,CB-K15/0889,CB-K15/0877,CB-K15/0850,CB-K15/0849,CB-K15/0834,CB-K15/0827,CB-K15/0802,CB-K15/0764,CB-K15/0733,CB-K15/0667,CB-K14/0935,CB-K13/0942 | | | | | |
| xxx.yyy.zzz.af | 389 | tcp | 4.3 | Medium | Mitigation | SSL/TLS: Report Weak Cipher Suites | This routine reports all Weak SSL/TLS cipher suites accepted by a service.
NOTE: No severity for SMTP services with 'Opportunistic TLS' and weak cipher suites on port 25/tcp is reported.
If too strong cipher suites are configured for this service the alternative would be to fall back to an even more insecure
cleartext communication. | 'Weak' cipher suites accepted by this service via the SSLv3 protocol:
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA
'Weak' cipher suites accepted by this service via the TLSv1.0 protocol:
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA
'Weak' cipher suites accepted by this service via the TLSv1.1 protocol:
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA
'Weak' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA
| 1.3.6.1.4.1.25623.1.0.103440 | CVE-2013-2566,CVE-2015-2808,CVE-2015-4000 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T22:07:11Z | 7fe61bd4-51a3-4cf8-b191-b26ad871d026 | The configuration of this services should be changed so
that it does not accept the listed weak cipher suites anymore.
Please see the references for more resources supporting you with this task. | These rules are applied for the evaluation of the cryptographic strength:
- RC4 is considered to be weak (CVE-2013-2566, CVE-2015-2808).
- Ciphers using 64 bit or less are considered to be vulnerable to brute force methods
and therefore considered as weak (CVE-2015-4000).
- 1024 bit RSA authentication is considered to be insecure and therefore as weak.
- Any cipher considered to be secure for only the next 10 years is considered as medium
- Any other cipher is considered as strong |
Details:
SSL/TLS: Report Weak Cipher Suites
(OID: 1.3.6.1.4.1.25623.1.0.103440) | | DFN-CERT-2020-1276,DFN-CERT-2017-1821,DFN-CERT-2016-1692,DFN-CERT-2016-1648,DFN-CERT-2016-1168,DFN-CERT-2016-0665,DFN-CERT-2016-0642,DFN-CERT-2016-0184,DFN-CERT-2016-0135,DFN-CERT-2016-0101,DFN-CERT-2016-0035,DFN-CERT-2015-1853,DFN-CERT-2015-1679,DFN-CERT-2015-1632,DFN-CERT-2015-1608,DFN-CERT-2015-1542,DFN-CERT-2015-1518,DFN-CERT-2015-1406,DFN-CERT-2015-1341,DFN-CERT-2015-1194,DFN-CERT-2015-1144,DFN-CERT-2015-1113,DFN-CERT-2015-1078,DFN-CERT-2015-1067,DFN-CERT-2015-1038,DFN-CERT-2015-1016,DFN-CERT-2015-1012,DFN-CERT-2015-0980,DFN-CERT-2015-0977,DFN-CERT-2015-0976,DFN-CERT-2015-0960,DFN-CERT-2015-0956,DFN-CERT-2015-0944,DFN-CERT-2015-0937,DFN-CERT-2015-0925,DFN-CERT-2015-0884,DFN-CERT-2015-0881,DFN-CERT-2015-0879,DFN-CERT-2015-0866,DFN-CERT-2015-0844,DFN-CERT-2015-0800,DFN-CERT-2015-0737,DFN-CERT-2015-0696,DFN-CERT-2014-0977,CB-K19/0812,CB-K17/1750,CB-K16/1593,CB-K16/1552,CB-K16/1102,CB-K16/0617,CB-K16/0599,CB-K16/0168,CB-K16/0121,CB-K16/0090,CB-K16/0030,CB-K15/1751,CB-K15/1591,CB-K15/1550,CB-K15/1517,CB-K15/1514,CB-K15/1464,CB-K15/1442,CB-K15/1334,CB-K15/1269,CB-K15/1136,CB-K15/1090,CB-K15/1059,CB-K15/1022,CB-K15/1015,CB-K15/0986,CB-K15/0964,CB-K15/0962,CB-K15/0932,CB-K15/0927,CB-K15/0926,CB-K15/0907,CB-K15/0901,CB-K15/0896,CB-K15/0889,CB-K15/0877,CB-K15/0850,CB-K15/0849,CB-K15/0834,CB-K15/0827,CB-K15/0802,CB-K15/0764,CB-K15/0733,CB-K15/0667,CB-K14/0935,CB-K13/0942 | | | | | |
| xxx.yyy.zzz.af | 389 | tcp | 4.3 | Medium | Mitigation | SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection | It was possible to detect the usage of the
deprecated SSLv2 and/or SSLv3 protocol on this system. | In addition to TLSv1.0+ the service is also providing the deprecated SSLv3 protocol and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Weak and Supported Ciphers' (OID: 1.3.6.1.4.1.25623.1.0.802067) NVT. | 1.3.6.1.4.1.25623.1.0.111012 | CVE-2016-0800,CVE-2014-3566 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T22:07:11Z | 39e6b5e2-a30a-46b1-84a7-d73c7da83486 | An attacker might be able to use the known
cryptographic flaws to eavesdrop the connection between clients and the service
to get access to sensitive data transferred within the secured connection. | It is recommended to disable the deprecated
SSLv2 and/or SSLv3 protocols in favor of the TLSv1+ protocols. Please see the
references for more information. | All services providing an encrypted communication
using the SSLv2 and/or SSLv3 protocols. | The SSLv2 and SSLv3 protocols containing
known cryptographic flaws like:
- Padding Oracle On Downgraded Legacy Encryption (POODLE, CVE-2014-3566)
- Decrypting RSA with Obsolete and Weakened eNcryption (DROWN, CVE-2016-0800) | Check the used protocols of the services
provided by this system.
Details:
SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection
(OID: 1.3.6.1.4.1.25623.1.0.111012) | DFN-CERT-2018-0096,DFN-CERT-2017-1238,DFN-CERT-2017-1236,DFN-CERT-2016-1929,DFN-CERT-2016-1527,DFN-CERT-2016-1468,DFN-CERT-2016-1216,DFN-CERT-2016-1174,DFN-CERT-2016-1168,DFN-CERT-2016-0884,DFN-CERT-2016-0841,DFN-CERT-2016-0644,DFN-CERT-2016-0642,DFN-CERT-2016-0496,DFN-CERT-2016-0495,DFN-CERT-2016-0465,DFN-CERT-2016-0459,DFN-CERT-2016-0453,DFN-CERT-2016-0451,DFN-CERT-2016-0415,DFN-CERT-2016-0403,DFN-CERT-2016-0388,DFN-CERT-2016-0360,DFN-CERT-2016-0359,DFN-CERT-2016-0357,DFN-CERT-2016-0171,DFN-CERT-2015-1431,DFN-CERT-2015-1075,DFN-CERT-2015-1026,DFN-CERT-2015-0664,DFN-CERT-2015-0548,DFN-CERT-2015-0404,DFN-CERT-2015-0396,DFN-CERT-2015-0259,DFN-CERT-2015-0254,DFN-CERT-2015-0245,DFN-CERT-2015-0118,DFN-CERT-2015-0114,DFN-CERT-2015-0083,DFN-CERT-2015-0082,DFN-CERT-2015-0081,DFN-CERT-2015-0076,DFN-CERT-2014-1717,DFN-CERT-2014-1680,DFN-CERT-2014-1632,DFN-CERT-2014-1564,DFN-CERT-2014-1542,DFN-CERT-2014-1414,DFN-CERT-2014-1366,DFN-CERT-2014-1354,CB-K18/0094,CB-K17/1198,CB-K17/1196,CB-K16/1828,CB-K16/1438,CB-K16/1384,CB-K16/1141,CB-K16/1107,CB-K16/1102,CB-K16/0792,CB-K16/0599,CB-K16/0597,CB-K16/0459,CB-K16/0456,CB-K16/0433,CB-K16/0424,CB-K16/0415,CB-K16/0413,CB-K16/0374,CB-K16/0367,CB-K16/0331,CB-K16/0329,CB-K16/0328,CB-K16/0156,CB-K15/1514,CB-K15/1358,CB-K15/1021,CB-K15/0972,CB-K15/0637,CB-K15/0590,CB-K15/0525,CB-K15/0393,CB-K15/0384,CB-K15/0287,CB-K15/0252,CB-K15/0246,CB-K15/0237,CB-K15/0118,CB-K15/0110,CB-K15/0108,CB-K15/0080,CB-K15/0078,CB-K15/0077,CB-K15/0075,CB-K14/1617,CB-K14/1581,CB-K14/1537,CB-K14/1479,CB-K14/1458,CB-K14/1342,CB-K14/1314,CB-K14/1313,CB-K14/1311,CB-K14/1304,CB-K14/1296 | | | | |
| xxx.yyy.zzz.af | 636 | tcp | 4.3 | Medium | Mitigation | SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection | It was possible to detect the usage of the
deprecated SSLv2 and/or SSLv3 protocol on this system. | In addition to TLSv1.0+ the service is also providing the deprecated SSLv3 protocol and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Weak and Supported Ciphers' (OID: 1.3.6.1.4.1.25623.1.0.802067) NVT. | 1.3.6.1.4.1.25623.1.0.111012 | CVE-2016-0800,CVE-2014-3566 | 31b63aaa-edb7-4a89-89bd-be48cf3c4e05 | Internal_scans | 2020-06-17T22:07:11Z | e9640d60-673b-42dd-80b7-bc93f3cccb04 | An attacker might be able to use the known
cryptographic flaws to eavesdrop the connection between clients and the service
to get access to sensitive data transferred within the secured connection. | It is recommended to disable the deprecated
SSLv2 and/or SSLv3 protocols in favor of the TLSv1+ protocols. Please see the
references for more information. | All services providing an encrypted communication
using the SSLv2 and/or SSLv3 protocols. | The SSLv2 and SSLv3 protocols containing
known cryptographic flaws like:
- Padding Oracle On Downgraded Legacy Encryption (POODLE, CVE-2014-3566)
- Decrypting RSA with Obsolete and Weakened eNcryption (DROWN, CVE-2016-0800) | Check the used protocols of the services
provided by this system.
Details:
SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection
(OID: 1.3.6.1.4.1.25623.1.0.111012) | DFN-CERT-2018-0096,DFN-CERT-2017-1238,DFN-CERT-2017-1236,DFN-CERT-2016-1929,DFN-CERT-2016-1527,DFN-CERT-2016-1468,DFN-CERT-2016-1216,DFN-CERT-2016-1174,DFN-CERT-2016-1168,DFN-CERT-2016-0884,DFN-CERT-2016-0841,DFN-CERT-2016-0644,DFN-CERT-2016-0642,DFN-CERT-2016-0496,DFN-CERT-2016-0495,DFN-CERT-2016-0465,DFN-CERT-2016-0459,DFN-CERT-2016-0453,DFN-CERT-2016-0451,DFN-CERT-2016-0415,DFN-CERT-2016-0403,DFN-CERT-2016-0388,DFN-CERT-2016-0360,DFN-CERT-2016-0359,DFN-CERT-2016-0357,DFN-CERT-2016-0171,DFN-CERT-2015-1431,DFN-CERT-2015-1075,DFN-CERT-2015-1026,DFN-CERT-2015-0664,DFN-CERT-2015-0548,DFN-CERT-2015-0404,DFN-CERT-2015-0396,DFN-CERT-2015-0259,DFN-CERT-2015-0254,DFN-CERT-2015-0245,DFN-CERT-2015-0118,DFN-CERT-2015-0114,DFN-CERT-2015-0083,DFN-CERT-2015-0082,DFN-CERT-2015-0081,DFN-CERT-2015-0076,DFN-CERT-2014-1717,DFN-CERT-2014-1680,DFN-CERT-2014-1632,DFN-CERT-2014-1564,DFN-CERT-2014-1542,DFN-CERT-2014-1414,DFN-CERT-2014-1366,DFN-CERT-2014-1354,CB-K18/0094,CB-K17/1198,CB-K17/1196,CB-K16/1828,CB-K16/1438,CB-K16/1384,CB-K16/1141,CB-K16/1107,CB-K16/1102,CB-K16/0792,CB-K16/0599,CB-K16/0597,CB-K16/0459,CB-K16/0456,CB-K16/0433,CB-K16/0424,CB-K16/0415,CB-K16/0413,CB-K16/0374,CB-K16/0367,CB-K16/0331,CB-K16/0329,CB-K16/0328,CB-K16/0156,CB-K15/1514,CB-K15/1358,CB-K15/1021,CB-K15/0972,CB-K15/0637,CB-K15/0590,CB-K15/0525,CB-K15/0393,CB-K15/0384,CB-K15/0287,CB-K15/0252,CB-K15/0246,CB-K15/0237,CB-K15/0118,CB-K15/0110,CB-K15/0108,CB-K15/0080,CB-K15/0078,CB-K15/0077,CB-K15/0075,CB-K14/1617,CB-K14/1581,CB-K14/1537,CB-K14/1479,CB-K14/1458,CB-K14/1342,CB-K14/1314,CB-K14/1313,CB-K14/1311,CB-K14/1304,CB-K14/1296 | | | | |
