www.tacti

Scan Summary 

Customer company name 

ASV company name 

Scan expiration date 

Non-Compliant 

Tacticom 

Comodo CA Limited 

10-10-2016 09:30 

Start Time: 07-12-2016 07:30 

Finish Time: 07-12-2016 09:30 

Total Scan Duration Time: 

Plugins Used: 81330 of 81330 available 

02:00:29 

List of IP Addresses/ 

Security Holes Security Warnings Security Notes 

Domains scanned: 

www.takti.co.il 2 18 90 

Open Port: Protocol: Common Service: 

25 tcp smtp 

80 tcp www 

110 tcp pop3 



Vulnerabilities 

found 

Legend 

Security Holes 

Security Warnings 

Note: Security Holes and Warnings will cause you to fail a vulnerability scan. They 

must be remediated and re-tested in order to pass. 

Security Notes 

www.takti.co.il

Security Hole found on port/service "80 / tcp / www" 

Status 

Plugin 

Automatic Failure as listed by the PCI SSC (This must be resolved for your device to be compliant) 

"CGI Generic SQL Injection (blind)" 

Category 

"CGI abuses " 

Priority "Urgent 

Synopsis A CGI application hosted on the remote web server is potentially prone to SQL injection attack. 

Description By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, Nessus was 

able to get a very different response, which suggests that it may have been able to modify the behavior of the 

application and directly access the underlying database. 

An attacker may be able to exploit this issue to bypass authentication, read confidential data, modify the remote 

database, or even take control of the remote operating system. 

Note that this script is experimental and may be prone to false positives. 

See also: 

http://www.securiteam.com/securityreviews/5DP0N1P76E.html 

http://www.securitydocs.com/library/2651 

http://projects.webappsec.org/SQL-Injection 

Risk factor HIGH / CVSS BASE SCORE :7.5 CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P 

Plugin 

output Using the GET HTTP method, Nessus found that : 

+ The following resources may be vulnerable to blind SQL injection : 

+ The 'NewNameMade' parameter of the /BuildaGate5/general2/company_search_tree.php CGI : 

/BuildaGate5/general2/company_search_tree.php?cstFlag=1&z=&framesource=& 

framemode=&ItemID=&FromRec=&FF=&DataCardTemplate=&Daf=&BANNER=&BuyerID=3

1 

0291408&CNumber=&CardPrice=&Clubtmp1=&Referral=tree&SearchType=All&Site 

Nam 

e=takti&ValuePage=&comefrom=&NewNameMade=0zz1&z=&framesource=&framemo 

de=&I 

temID=&FromRec=&FF=&DataCardTemplate=&Daf=&BANNER=&BuyerID=31029140 

8&CNumb 

er=&CardPrice=&Clubtmp1=&Referral=tree&SearchType=All&SiteName=ta 

kti&Value 

Page=&comefrom=&NewNameMade=0yy 

-------- output -------- 

 

Security Hole found on port/service "443 / tcp / www" 

Status 

Plugin 


"CGI Generic SQL Injection (blind)" 

Category 

"CGI abuses " 

Priority "Urgent 

Synopsis A CGI application hosted on the remote web server is potentially prone to SQL injection attack. 

Description By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, Nessus was 

able to get a very different response, which suggests that it may have been able to modify the behavior of the 

application and directly access the underlying database. 

An attacker may be able to exploit this issue to bypass authentication, read confidential data, modify the remote 

database, or even take control of the remote operating system. 

Note that this script is experimental and may be prone to false positives. 

See also: 

http://www.securiteam.com/securityreviews/5DP0N1P76E.html 

http://www.securitydocs.com/library/2651 

http://projects.webappsec.org/SQL-Injection 

Risk factor HIGH / CVSS BASE SCORE :7.5 CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P 

Plugin 


+ The following resources may be vulnerable to blind SQL injection : 

+ The 'NewNameMade' parameter of the /BuildaGate5/general2/company_search_tree.php CGI : 

/BuildaGate5/general2/company_search_tree.php?cstFlag=1&z=&framesource=&

framemode=&ItemID=&FromRec=&FF=&DataCardTemplate=&Daf=&BANNER=&BuyerID=3 

1 

0291408&CNumber=&CardPrice=&Clubtmp1=&Referral=tree&SearchType=All&Site 

Nam 

e=takti&ValuePage=&comefrom=&NewNameMade=0zz1&z=&framesource=&framemo 

de=&I 

temID=&FromRec=&FF=&DataCardTemplate=&Daf=&BANNER=&BuyerID=31029140 

8&CNumb 

er=&CardPrice=&Clubtmp1=&Referral=tree&SearchType=All&SiteName=ta 

kti&Value 

Page=&comefrom=&NewNameMade=0yy 

-------- output -------- 

 

Security Warning found on port/service "443 / tcp / www" 

Status 

Plugin 


"SSL Version 2 (v2) Protocol Detection" 

Category 

"Service detection " 

Priority "Medium Priority 

Synopsis The remote service encrypts traffic using a protocol with known weaknesses. 

Description The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected 

by several cryptographic flaws. An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt 

communications between the affected service and clients. 

NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement 

found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'. 

See also: 

http://www.schneier.com/paper-ssl.pdf 

http://support.microsoft.com/kb/187498 

http://www.nessus.org/u?247c4540 

https://www.openssl.org/~bodo/ssl-poodle.pdf 

http://www.nessus.org/u?5d15ba70 

https://www.imperialviolet.org/2014/10/14/poodle.html 

https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 

Risk factor MEDIUM / CVSS BASE SCORE :5.0 CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N 

Plugin 

output 

- SSLv3 is enabled and the server supports at least one cipher.

Solution Consult the application's documentation to disable SSL 2.0 and 3.0. 

Use TLS 1.1 (with approved cipher suites) or higher instead.

Security Warning found on port/service "25 / tcp / smtp" 

Status 

Plugin 


"SSL Version 2 (v2) Protocol Detection" 

Category 



Synopsis The remote service encrypts traffic using a protocol with known weaknesses. 

Description The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected 

by several cryptographic flaws. An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt 

communications between the affected service and clients. 

NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement 

found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'. 

See also: 

http://www.schneier.com/paper-ssl.pdf 

http://support.microsoft.com/kb/187498 

http://www.nessus.org/u?247c4540 

https://www.openssl.org/~bodo/ssl-poodle.pdf 

http://www.nessus.org/u?5d15ba70 

https://www.imperialviolet.org/2014/10/14/poodle.html 

https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 

Risk factor MEDIUM / CVSS BASE SCORE :5.0 CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N 

Plugin 

output 

- SSLv2 is enabled and the server supports at least one cipher. 

- SSLv3 is enabled and the server supports at least one cipher.

Solution Consult the application's documentation to disable SSL 2.0 and 3.0. 

Use TLS 1.1 (with approved cipher suites) or higher instead.


Status 

Plugin 


"CGI Generic Cross-Site Scripting (comprehensive test)" 

Category 

"CGI abuses : XSS " 


Synopsis The remote web server is prone to cross-site scripting attacks. 

Description The remote web server hosts CGI scripts that fail to adequately sanitize request strings of malicious JavaScript. By 

leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's 

browser within the security context of the affected site. These XSS are likely to be 'non-persistent' or 'reflected'. 

See also: 

http://en.wikipedia.org/wiki/Cross_site_scripting#Non-persistent 

http://www.nessus.org/u?9717ad85 

http://projects.webappsec.org/Cross-Site+Scripting 

Risk factor MEDIUM / CVSS BASE SCORE :4.3 CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N 

Plugin 


+ The following resources may be vulnerable to cross-site scripting (comprehensive test) : 

+ The 'FromRec' parameter of the /BuildaGate5/general2/company_search_tree.php CGI : 

/BuildaGate5/general2/company_search_tree.php?FromRec=>>>>>>>>>>foo"bar' 

207


Status 

Plugin 


"CGI Generic Cross-Site Scripting (comprehensive test)" 

Category 

"CGI abuses : XSS " 


Synopsis The remote web server is prone to cross-site scripting attacks. 

Description The remote web server hosts CGI scripts that fail to adequately sanitize request strings of malicious JavaScript. By 

leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's 

browser within the security context of the affected site. These XSS are likely to be 'non-persistent' or 'reflected'. 

See also: 

http://en.wikipedia.org/wiki/Cross_site_scripting#Non-persistent 

http://www.nessus.org/u?9717ad85 

http://projects.webappsec.org/Cross-Site+Scripting 

Risk factor MEDIUM / CVSS BASE SCORE :4.3 CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N 

Plugin 


+ The following resources may be vulnerable to cross-site scripting (comprehensive test) : 


/BuildaGate5/general2/company_search_tree.php?FromRec=>>>>>>>>>>foo"bar' 

207


Status 

Plugin 

Fail (This must be resolved for your device to be compliant). 

"SSL/TLS EXPORT_RSA

Kx={key exchange} 

Au={authentication} 

Enc={symmetric encryption method} 

Mac={message authentication code} 

{export flag} 

Addition 

Information 

CVE: 

http://cgi.nessus.org/cve.php3?cve=CVE-2015-0204 

BID : 71936 Other references { cert : 243585osvdb : 116794 } 

Solution Reconfigure the service to remove support for EXPORT_RSA cipher suites.

Security Warning found on port/service "110 / tcp / pop3" 

Status 

Plugin 


"SSL Certificate Expiry" 

Category 

"General " 


Synopsis The remote server's SSL certificate has already expired. 

Description This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and reports 

whether any have already expired. 

Risk factor MEDIUM / CVSS BASE SCORE :5.0 CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N 

Plugin 

output The SSL certificate has already expired : 

Subject : C=US, ST=Virginia, L=Herndon, O=Parallels, OU=Parallels Panel, CN=Parallels Panel, 

emailAddress=info@parallels.com 

Issuer : C=US, ST=Virginia, L=Herndon, O=Parallels, OU=Parallels Panel, CN=Parallels Panel, 


Not valid before : Apr 13 06:20:36 2015 GMT 

Not valid after : Apr 12 06:20:36 2016 GMT 

Solution Purchase or generate a new SSL certificate to replace the existing one.


Status 

Plugin 


"SSL Certificate Expiry" 

Category 

"General " 


Synopsis The remote server's SSL certificate has already expired. 

Description This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and reports 

whether any have already expired. 


Plugin 

output The SSL certificate has already expired : 

Subject : C=US, ST=Virginia, L=Herndon, O=Parallels, OU=Parallels Panel, CN=Parallels Panel, 


Issuer : C=US, ST=Virginia, L=Herndon, O=Parallels, OU=Parallels Panel, CN=Parallels Panel, 


Not valid before : Apr 13 06:20:36 2015 GMT 

Not valid after : Apr 12 06:20:36 2016 GMT 

Solution Purchase or generate a new SSL certificate to replace the existing one.


Status 

Plugin 


"SSL DROWN Attack Vulnerability (Decrypting RSA with Obsolete and Weakened eNcryption)" 

Category 

"Misc. " 


Synopsis The remote host may be affected by a vulnerability that allows a remote attacker to potentially decrypt captured 

Description TLS traffic. 

The remote host supports SSLv2 and therefore may be affected by a vulnerability that allows a cross-protocol 

Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). 

This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows 

captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by 

utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an 

SSLv2 server that uses the same private key. 

See also: 

https://drownattack.com/ 

https://drownattack.com/drown-attack-paper.pdf 

Risk factor MEDIUM / CVSS BASE SCORE :4.0 CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N 

Plugin 

output 

Addition 

Information 

The remote host supports SSLv2 and may be affected by SSL DROWN. 

CVE: 


Other references { cert : 583776osvdb : 135149 } 

Solution Disable SSLv2 and export grade cryptography cipher suites. Ensure that private keys are not used anywhere with 

server software that supports SSLv2 connections.


Status 

Plugin 


"SSL DROWN Attack Vulnerability (Decrypting RSA with Obsolete and Weakened eNcryption)" 

Category 

"Misc. " 


Synopsis The remote host may be affected by a vulnerability that allows a remote attacker to potentially decrypt captured 

Description TLS traffic. 

The remote host supports SSLv2 and therefore may be affected by a vulnerability that allows a cross-protocol 

Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). 

This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows 

captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by 

utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an 

SSLv2 server that uses the same private key. 

See also: 

https://drownattack.com/ 

https://drownattack.com/drown-attack-paper.pdf 

Risk factor MEDIUM / CVSS BASE SCORE :4.0 CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N 

Plugin 

output 

The remote host is affected by SSL DROWN and supports the following 

vulnerable cipher suites : 

Low Strength Ciphers (= 112-bit key) 

SSLv2

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 

The fields above are : 

{OpenSSL ciphername} 





{export flag} 

Addition 

Information 

CVE: 


Other references { cert : 583776osvdb : 135149 } 

Solution Disable SSLv2 and export grade cryptography cipher suites. Ensure that private keys are not used anywhere with 

server software that supports SSLv2 connections.


Status 

Plugin 

Pass (This does not affect your device compliance). 

"Postfix < 2.0 Multiple Vulnerabilities" 

Category 

"SMTP problems " 


Synopsis The remote server is vulnerable to a denial of service. 

Description The remote host is running a version of Postfix that is as old as or older than 1.1.12. 

There are two vulnerabilities in this version that could allow an attacker to remotely disable it, or to be used as a DDoS 

agent against arbitrary hosts. 

Risk factor CVE-2003-0468 - Medium / CVSS BASE SCORE :5.0 CVSS2#(AV:N/AC:L/Au:N/C:N/I:N/A:P), CVE-2003-0540 - Medium / 

CVSS BASE SCORE :5.0 CVSS2#(AV:N/AC:L/Au:N/C:N/I:N/A:P) 

Addition 

Information 

CVE: 



BID : 8362, 8361 Other references { rhsa : 2003:251-01osvdb : 10545, 10544, 6551suse : SUSE-SA:2003:033 } 

Solution Upgrade to Postfix 2.0. 

This vulnerability has been classified as a denial of service vulnerability. This does not cause the scan to be non-compliant and is not 

required to be patched. We still recommend resolving this issue.


Status 

Plugin 


"SSL Certificate with Wrong Hostname" 

Category 

Priority 

"General " 

"Medium Priority 

Synopsis The SSL certificate for this service is for a different host. 

Description The commonName (CN) of the SSL certificate presented on this service is for a different machine. 


Plugin 

output The identities known by Nessus are : 

mail.takti.co.il 

takti.co.il 

webmail.takti.co.il 

www.takti.co.il 

The Common Name in the certificate is : 

Parallels Panel 

Solution Purchase or generate a proper certificate for this service.


Status 

Plugin 


"SSL Certificate with Wrong Hostname" 

Category 

Priority 

"General " 

"Medium Priority 

Synopsis The SSL certificate for this service is for a different host. 

Description The commonName (CN) of the SSL certificate presented on this service is for a different machine. 


Plugin 

output The identities known by Nessus are : 

mail.takti.co.il 

takti.co.il 

webmail.takti.co.il 



Parallels Panel 



Status 

Plugin 


"SSL Self-Signed Certificate" 

Category 

"General " 


Synopsis The SSL certificate chain for this service ends in an unrecognized self-signed certificate. 

Description The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a 

public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the 

remote host. 

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed 

by an unrecognized certificate authority. 

Risk factor MEDIUM / CVSS BASE SCORE :6.4 CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N 

Plugin 

output 

The following certificate was found at the top of the certificate 

chain sent by the remote host, but is self-signed and was not 

found in the list of known certificate authorities : 

|-Subject : C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/E=info@parallels.com 



Status 

Plugin 


"SSL Self-Signed Certificate" 

Category 

"General " 


Synopsis The SSL certificate chain for this service ends in an unrecognized self-signed certificate. 

Description The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a 

public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the 

remote host. 

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed 

by an unrecognized certificate authority. 


Plugin 

output 

The following certificate was found at the top of the certificate 

chain sent by the remote host, but is self-signed and was not 

found in the list of known certificate authorities : 




Status 

Plugin 


"SSL Certificate Cannot Be Trusted" 

Category 

"General " 


Synopsis The SSL certificate for this service cannot be trusted. 

Description The server's X.509 certificate does not have a signature from a known public certificate authority. This situation 

can occur in three different ways, each of which results in a break in the chain below which certificates cannot be 

trusted. 

First, the top of the certificate chain sent by the server might not be descended from a known public certificate 

authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when 

intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate 

authority. 

Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either 

when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates. 

Third, the certificate chain may contain a signature that either didn't match the certificate's information, or could not 

be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. 

Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus 

either does not support or does not recognize. 

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the 

authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against 

the remote host. 


Plugin 

output 

The following certificate was at the top of the certificate 

chain sent by the remote host, but is signed by an unknown

certificate authority : 

|-Subject : CN=www.takti.co.il 

|-Issuer : C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA 



Status 

Plugin 



Category 

"General " 





trusted. 




authority. 











Plugin 

output 

The following certificate was part of the certificate chain 

sent by the remote host, but has expired :


|-Not After : Apr 12 06:20:36 2016 GMT 


chain sent by the remote host, but is signed by an unknown 



|-Issuer : C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/E=info@parallels.com 



Status 

Plugin 



Category 

"General " 





trusted. 




authority. 











Plugin 

output 

The following certificate was part of the certificate chain 

sent by the remote host, but has expired :


|-Not After : Apr 12 06:20:36 2016 GMT 


chain sent by the remote host, but is signed by an unknown 



|-Issuer : C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/E=info@parallels.com 



Status 

Plugin 


"SSL Weak Cipher Suites Supported" 

Category 

"General " 


Synopsis The remote service supports the use of weak SSL ciphers. 

Description The remote host supports the use of SSL ciphers that offer weak encryption. 

Note: This is considerably easier to exploit if the attacker is on the same physical network. 

See also: 

http://www.openssl.org/docs/apps/ciphers.html 

Risk factor MEDIUM / CVSS BASE SCORE :4.3 CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N 

Plugin 

output Here is the list of weak SSL ciphers supported by the remote server : 

Low Strength Ciphers (

DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1 







{export flag} 

Solution Reconfigure the affected application, if possible to avoid the use of weak ciphers.

Security Notes found on port/service "0 / tcp / " 

Status 

Plugin 


"Additional DNS Hostnames" 

Category 

"General " 

Priority "Low Priority 

Synopsis Potential virtual hosts have been detected. 

Description Hostnames different from the current hostname have been collected by miscellaneous plugins. Different web 

servers may be hosted on name- based virtual hosts. 

See also: 

Risk factor NONE / CVSS BASE SCORE :0.0 null 

Plugin 

output 

http://en.wikipedia.org/wiki/Virtual_hosting 

The following hostnames point to the remote host: 

- takti.co.il 

- mail.takti.co.il 

- webmail.takti.co.il 

Solution If you want to test them, re-scan using the special vhost syntax, such as : 

www.example.com[192.0.32.10]

Security Notes found on port/service "8880 / tcp / www" 

Status 

Plugin 


"HyperText Transfer Protocol (HTTP) Information" 

Category 

"Web Servers " 


Synopsis Some information about the remote HTTP configuration can be extracted. 

Description This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and 

HTTP pipelining are enabled, etc... 

This test is informational only and does not denote any security problem. 


Plugin 

output 

Protocol version : HTTP/1.1 

SSL : no 

Keep-Alive : no 

Options allowed : (Not implemented) 

Headers : 

Server: sw-cp-server 

Date: Tue, 12 Jul 2016 08:05:19 GMT 

Content-Type: text/html 

Transfer-Encoding: chunked 

Connection: keep-alive 

Expires: Fri, 28 May 1999 00:00:00 GMT 

Last-Modified: Tue, 12 Jul 2016 08:05:19 GMT 

Cache-Control: no-store, no-cache, must-revalidate 

Cache-Control: post-check=0, pre-check=0 

Pragma: no-cache 

P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"


Status 

Plugin 



Category 








Plugin 

output 


SSL : yes 



Headers : 

Server: nginx 

Date: Tue, 12 Jul 2016 08:05:18 GMT

Content-Type: text/html; charset=utf-8 



Expires: Thu, 19 Nov 1981 08:52:00 GMT 


Cache-Control: private, max-age=10800, pre-check=10800 

X-Frame-Options: SAMEORIGIN 

X-XSS-Protection: 1; mode=block 

X-Content-Type-Options: nosniff 

X-WebKit-CSP: default-src 'self' 

X-Permitted-Cross-Domain-Policies: master-only 

Strict-Transport-Security: max-age=15768000;includeSubDomains 

MS-Author-Via: DAV


Status 

Plugin 



Category 








Plugin 

output 


SSL : no 



Headers : 

Server: nginx 

Date: Tue, 12 Jul 2016 08:05:17 GMT 

Content-Type: text/html; charset=utf-8 



Expires: Thu, 19 Nov 1981 08:52:00 GMT 


Cache-Control: private, max-age=10800, pre-check=10800 

X-Frame-Options: SAMEORIGIN 

X-XSS-Protection: 1; mode=block 

X-Content-Type-Options: nosniff 

X-WebKit-CSP: default-src 'self'

X-Permitted-Cross-Domain-Policies: master-only 

Strict-Transport-Security: max-age=15768000;includeSubDomains 

MS-Author-Via: DAV


Status 

Plugin 


"SSL Certificate Information" 

Category 

Priority 

"General " 

"Low Priority 

Synopsis This plugin displays the SSL certificate. 

Description This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate. 


Plugin 

output 

Subject Name: 

Common Name: www.takti.co.il 

Issuer Name: 

Country: US 

Organization: GeoTrust Inc. 

Common Name: RapidSSL SHA256 CA 

Serial Number: 22 AB 2A 41 C6 A4 5B 71 35 92 69 0F 1B 14 C2 11 

Version: 3 

Signature Algorithm: SHA-256 With RSA Encryption 

Not Valid Before: Jul 04 00:00:00 2016 GMT 

Not Valid After: Sep 02 23:59:59 2019 GMT 

Public Key Info: 

Algorithm: RSA Encryption

Key Length: 2048 bits 

Public Key: 00 BC AE FF C7 18 D7 45 3A 66 2D 28 CC 72 CF D0 76 3E 17 DF 

E2 CC 69 3D 03 20 75 6E 69 52 7F 20 D7 22 3C 1C DF 41 CF 9D 

11 0B DF 0E 15 D4 49 BF 80 8D 52 0D 29 1D 6E 6E C8 70 B5 CC 

3B 28 08 DA 9E A2 4D 8E D6 98 02 79 0A 12 5F 45 EA 4F 12 3A 

82 8E 96 3A D2 62 C4 B2 E7 A5 E3 93 5F C4 CD E3 C3 82 1E 4C 

84 76 58 DC FB A1 28 60 6B 70 35 E7 5A F7 DC 75 EB 80 7C F4 

5D D5 B1 2A 17 37 DD 64 0A 07 90 20 84 A6 6F 4B 6E E1 5B 94 

8E 47 2E 48 46 79 52 6B 04 2F 54 7F 32 89 11 54 32 BC A5 78 

66 4F 0E 16 A0 69 92 7D F2 44 63 F3 26 2C 4B BD D5 2D C9 3D 

3C 8D 43 64 AC 30 AD 80 CA E1 74 8D A6 26 EE 2D 69 7E C1 15 

33 A1 13 FD EC EA 99 A8 3B 1F 3D B7 ED CA 07 B0 B2 7B E9 4A 

41 2B 14 6A 3C E5 39 76 36 13 25 76 7B 01 0E 80 91 15 84 32 

3D 14 A6 02 B8 F0 03 A5 60 B1 42 C1 A4 AB 56 14 7F 

Exponent: 01 00 01 

Signature Length: 256 bytes / 2048 bits 

Signature: 00 5B 3C C2 55 62 1E 6B 2E 5A 16 90 41 01 0A 94 D3 00 10 1E 

C2 A2 28 7E AF C8 94 AE A9 90 9E CE 18 65 09 08 FA 5A 9C C1 

0B 98 3B D6 EC EC 76 27 98 FA FD 0C 08 57 3F AA 41 DD 5B EA 

42 B2 70 38 AA 11 DB 6A 96 03 EE B4 C5 FF 00 2F D1 1B DE 53 

60 BA B7 6C C8 D2 B2 C6 EB 19 E7 65 31 CD 37 33 28 29 72 6B 

BC 17 D5 3E 8E 3E E4 A6 F1 9F 99 69 64 72 EC 3C 11 2B A5 7F 

07 75 29 61 69 6C 30 C4 C3 71 B0 59 64 4B 09 75 1A 10 F5 3F 

81 19 81 00 FC E4 60 96 44 DD 97 B2 F0 AD BD E9 4B F5 53 7F 

8D 59 B0 FA 68 68 09 F2 52 FC 0D 49 12 89 31 A2 33 00 1E EE 

39 1E 3E F6 9C 44 BF A5 49 4A B9 47 E1 38 E9 1E E3 09 D0 4B 

42 98 3C DA D1 5C 51 9D 5F 68 91 40 87 B2 72 46 AB D1 D1 37 

E2 5A 82 BF F0 21 15 D3 B0 44 29 BE C8 E1 C4 44 F3 54 68 7A 

48 FD 71 25 38 9A 31 4C E8 D3 73 C4 20 3C 8E 04 86 

Extension: Subject Alternative Name (2.5.29.17) 

Critical: 0 

DNS: www.takti.co.il

DNS: takti.co.il 

Extension: Basic Constraints (2.5.29.19) 

Critical: 0 

Extension: CRL Distribution Points (2.5.29.31) 

Critical: 0 

URI: http://gp.symcb.com/gp.crl 

Extension: Policies (2.5.29.32) 

Critical: 0 

Policy ID #1: 2.23.140.1.2.1 

Qualifier ID #1: Certification Practice Statement (1.3.6.1.5.5.7.2.1) 

CPS URI: https://www.rapidssl.com/legal 

Extension: Authority Key Identifier (2.5.29.35) 

Critical: 0 

Key Identifier: 97 C2 27 50 9E C2 C9 EC 0C 88 32 C8 7C AD E2 A6 01 4F DA 6F 

Extension: Key Usage (2.5.29.15) 

Critical: 1 

Key Usage: Digital Signature, Key Encipherment 

Extension: Extended Key Usage (2.5.29.37) 

Critical: 0 

Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1) 

Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)

Extension: Authority Information Access (1.3.6.1.5.5.7.1.1) 

Critical: 0 

Method#1: Online Certificate Status Protocol 

URI: http://gp.symcd.com 

Method#2: Certificate Authority Issuers 

URI: http://gp.symcb.com/gp.crt 

Extension: 1.3.6.1.4.1.11129.2.4.2 

Critical: 0 

Data: 04 82 01 E2 01 E0 00 77 00 DD EB 1D 2B 7A 0D 4F A6 20 8B 81 

AD 81 68 70 7E 2E 8E 9D 01 D5 5C 88 8D 3D 11 C4 CD B6 EC BE 

CC 00 00 01 55 B4 DA 4D 3A 00 00 04 03 00 48 30 46 02 21 00 

C5 24 07 C3 61 83 31 12 B6 34 6F 53 40 CB A0 4E F4 99 D9 96 

09 79 5F B7 32 E0 17 91 88 3F 9B EC 02 21 00 F4 58 87 EC B9 

70 81 24 06 28 66 21 05 44 C9 6C 8F C6 48 2A E6 E6 4A 75 EC 

15 89 11 58 F9 ED D9 00 75 00 A4 B9 09 90 B4 18 58 14 87 BB 

13 A2 CC 67 70 0A 3C 35 98 04 F9 1B DF B8 E3 77 CD 0E C8 0D 

DC 10 00 00 01 55 B4 DA 4D 6E 00 00 04 03 00 46 30 44 02 20 

51 A7 4A BC F4 96 66 1C EF A5 69 50 15 EF 39 62 5B D8 D9 47 

36 1D 6A 5B C5 62 B2 3A 15 A0 92 B4 02 20 7F AA 15 0A BC 1D 

F0 09 B4 E9 1C AC 05 66 E7 B8 94 66 1A 91 89 97 94 12 D1 B3 

84 2B F3 9D 2E 19 00 76 00 68 F6 98 F8 1F 64 82 BE 3A 8C EE 

B9 28 1D 4C FC 71 51 5D 67 93 D4 44 D1 0A 67 AC BB 4F 4F FB 

C4 00 00 01 55 B4 DA 4D 6A 00 00 04 03 00 47 30 45 02 21 00 

9F F4 24 E9 6A 38 85 EF 8A D6 65 FB 87 54 30 AF F0 01 05 40 

89 9E E6 C9 BC 50 9B 77 D0 30 99 EC 02 20 2D C1 4B 73 01 E0 

49 32 B1 F0 47 12 3C AD 29 42 43 4B 1F 76 66 AF F7 26 38 77 

A7 8F 89 B0 40 71 00 76 00 EE 4B BD B7 75 CE 60 BA E1 42 69 

1F AB E1 9E 66 A3 0F 7E 5F B0 72 D8 83 00 C4 7B 89 7A A8 FD 

CB 00 00 01 55 B4 DA 4F 35 00 00 04 03 00 47 30 45 02 21 00 

E1 31 92 AF C0 43 8A 52 00 6D AA 08 F0 34 7D 39 36 8F 89 07 

84 7C 48 EE F5 92 1D AE 74 26 F8 49 02 20 45 EE 43 19 1F 7F

2B 1C 97 13 1F CF 9F 50 BE 71 F3 BA 68 1A 3A 7A F1 7A 1A E5 

AE 9F 5E 0F F5 AA 

Fingerprints : 

SHA-256 Fingerprint: E4 24 F0 B2 D0 73 A5 D1 CC 86 C7 97 86 E2 94 57 69 C4 B4 68 

DA 3E D0 06 6A 9A 3C 93 91 83 DC A1 

SHA-1 Fingerprint: 86 5C 6B E8 4D 80 B2 91 11 50 61 9C 09 30 EF 84 A7 A2 1A 9C 

MD5 Fingerprint: 47 AB AE 17 9E 2D BD 33 7E 2C A3 88 E8 5D 01 95

Security Notes found on port/service "110 / tcp / pop3" 

Status 

Plugin 



Category 

Priority 

"General " 

"Low Priority 




Plugin 

output 

Subject Name: 

Country: US 

State/Province: Virginia 

Locality: Herndon 

Organization: Parallels 

Organization Unit: Parallels Panel 

Common Name: Parallels Panel 

Email Address: info@parallels.com 

Issuer Name: 

Country: US 







Serial Number: 55 2B 60 34

Version: 1 


Not Valid Before: Apr 13 06:20:36 2015 GMT 

Not Valid After: Apr 12 06:20:36 2016 GMT 


Algorithm: RSA Encryption 


Public Key: 00 A6 AD 66 0F 5D A6 09 2C 92 16 06 ED 1E D4 95 D2 10 34 BA 

FE 8C A9 25 25 66 15 01 CE 32 8B C2 CE BD 17 87 B1 DD AB 88 

61 EA 30 02 F5 5A EE 98 88 0C 52 C3 E0 A0 2A 9D FC 06 1F FD 

BE FD 46 20 C0 A9 48 BB 2A B3 FD B3 E6 90 48 44 45 F1 60 BC 

CE FA 8A CF E7 44 11 D0 71 20 53 28 28 E4 0C CF A1 57 41 E8 

AA 0F A2 55 6E DE B0 1D DC EB 9A 86 21 55 23 31 7D 11 4E 3A 

CC 7F 51 8E 68 8E B2 B7 F0 7A A5 7B C0 C9 CC 6F 9D 99 A0 DD 

EB 81 C1 20 93 1B 18 70 BE C9 C1 5E FE D3 38 60 07 81 67 F6 

A0 1D 9C 96 5F D3 8C 32 E7 5C 3A 2C FA 5E 92 B9 85 1D 84 F7 

49 20 9C D1 98 B8 8E BE E1 D6 72 45 E8 50 20 82 09 4E 8A 0B 

C7 2D F6 8D 10 FB 31 37 B7 D0 68 DB 02 37 0B 57 0F 62 1C 57 

C1 16 3F 24 6A 1F C0 55 10 92 6C 0B 21 0E 41 67 1A 86 EC 9E 

EE CF C8 BF 19 3D 68 89 06 D0 43 56 B6 B6 AF 3F E7 



Signature: 00 40 63 59 39 62 79 E0 E2 5A 04 8B EB CA 6D 60 A9 2E AB D5 

8F DB 56 8A C8 19 B1 62 8E 7A 88 85 F6 C1 E5 18 C1 6B C9 6A 

30 76 B1 DA 92 38 E8 CF D6 A3 94 D2 72 10 89 C8 89 60 C4 52 

D2 79 6E 99 BD CA 45 B1 00 56 8B F0 11 41 46 53 F3 D0 FA 42 

32 44 6D D2 46 E1 D0 06 DE 8D 2D 82 78 DF 89 32 D2 10 57 73 

4A B8 CB 69 1B 1B 4E FD F0 DD 15 3B F2 B5 E2 FE F4 75 2A FD 

6F CB A2 3D 6F DD EA 96 D2 CA 74 61 0D 41 35 1C 38 A2 C1 83

D0 91 64 EC E2 0B 0B 3D B6 90 98 2A 02 B7 AA EB 06 B8 3E 7B 

5D A7 F3 80 DC 39 84 39 34 1B 1D 66 FD 98 D6 DC 6D 33 EF 6C 

12 70 62 AF 74 17 7C 94 9D FB 9A 41 21 AC 5A 4B 9F 43 36 7C 

CE E6 73 4B BB 23 74 88 1D 96 9A 28 EA 1D B7 A5 F5 D3 FA 68 

BE 42 E6 4D 11 DF F9 DD D2 5D E7 DB CD 90 05 25 E0 17 14 6A 

21 67 C3 68 BF 8B D8 1F 49 D0 EF 1B 57 12 03 70 2A 


SHA-256 Fingerprint: C5 C8 36 35 9D C3 F8 73 AD 99 34 58 B7 11 3B 16 CF EC 94 70 

BB B2 F2 63 42 F2 3D CA D1 43 89 CB 

SHA-1 Fingerprint: 8B 46 C6 56 3E 40 0D 0E 59 07 1C BF 0E DF 78 17 74 64 08 E8 

MD5 Fingerprint: 18 7A 3A 34 56 8D BA 40 01 E6 CE 61 BA B4 5A A2

Security Notes found on port/service "25 / tcp / smtp" 

Status 

Plugin 



Category 

Priority 

"General " 

"Low Priority 




Plugin 

output 

Subject Name: 

Country: US 







Issuer Name: 

Country: US 







Serial Number: 55 2B 60 34

Version: 1 
















49 20 9C D1 98 B8 8E BE E1 D6 72 45 E8 50 20 82 09 4E 8A 0B 


C1 16 3F 24 6A 1F C0 55 10 92 6C 0B 21 0E 41 67 1A 86 EC 9E 






30 76 B1 DA 92 38 E8 CF D6 A3 94 D2 72 10 89 C8 89 60 C4 52 


32 44 6D D2 46 E1 D0 06 DE 8D 2D 82 78 DF 89 32 D2 10 57 73 


6F CB A2 3D 6F DD EA 96 D2 CA 74 61 0D 41 35 1C 38 A2 C1 83






21 67 C3 68 BF 8B D8 1F 49 D0 EF 1B 57 12 03 70 2A 


SHA-256 Fingerprint: C5 C8 36 35 9D C3 F8 73 AD 99 34 58 B7 11 3B 16 CF EC 94 70 

BB B2 F2 63 42 F2 3D CA D1 43 89 CB 

SHA-1 Fingerprint: 8B 46 C6 56 3E 40 0D 0E 59 07 1C BF 0E DF 78 17 74 64 08 E8 

MD5 Fingerprint: 18 7A 3A 34 56 8D BA 40 01 E6 CE 61 BA B4 5A A2


Status 

Plugin 


"POP Server Detection" 

Category 



Synopsis A POP server is listening on the remote port. 

Description The remote host is running a server that understands the Post Office Protocol (POP), used by email clients to 

retrieve messages from a server, possibly across a network link. 

See also: 


Plugin 

output Remote POP server banner : 

http://en.wikipedia.org/wiki/Post_Office_Protocol 

+OK Hello there. 

Solution Disable this service if you do not use it.


Status 

Plugin 


"OpenSSL AES-NI Padding Oracle MitM Information Disclosure" 

Category 

"General " 


Synopsis It was possible to obtain sensitive information from the remote host with TLS-enabled services. 

Description The remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability due to an error in the 

implementation of ciphersuites that use AES in CBC mode with HMAC-SHA1 or HMAC-SHA256. 

The implementation is specially written to use the AES acceleration available in x86/amd64 processors (AES-NI). The 

error messages returned by the server allow allow a man-in-the-middle attacker to conduct a padding oracle attack, 

resulting in the ability to decrypt network traffic. 

See also: 

https://blog.filippo.io/luckyminus20/ 

http://www.nessus.org/u?37b909b6 

https://www.openssl.org/news/secadv/20160503.txt 

Risk factor LOW / CVSS BASE SCORE :2.6 CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N 

Plugin 

output 

Addition 

Information 

Nessus was able to trigger a RECORD_OVERFLOW alert in the 

remote service by sending a crafted SSL "Finished" message. 

CVE: 


Other references { osvdb : 137896edb-id : 39768iava : 2016-A-0113 } 

Solution Upgrade to OpenSSL version 1.0.1t / 1.0.2h or later.


Status 

Plugin 



Category 

"General " 








See also: 





Plugin 

output 

Addition 

Information 



CVE: 





Status 

Plugin 



Category 

"General " 








See also: 





Plugin 

output 

Addition 

Information 



CVE: 





Status 

Plugin 


"SSL Certificate Signed Using SHA-1 Algorithm" 

Category 

"General " 


Synopsis An SSL certificate in the certificate chain has been signed using the SHA-1 hashing algorithm. 

Description The remote service uses an SSL certificate chain that has been signed with SHA-1, a cryptographically weak 

hashing algorithm. This signature algorithm is known to be vulnerable to collision attacks. An attacker can exploit this 

to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected 

service. 

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire on or between January 1, 2016 

and December 31, 2016 as informational. This is in accordance with Google's gradual sunsetting of the SHA-1 

cryptographic hash algorithm. 

Note that certificates in the chain that are contained in the Nessus CA database have been ignored. 

See also: 

http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html 

http://tools.ietf.org/html/rfc3279 


Plugin 

output 

The following certificates were part of the certificate chain sent by 

the remote host, but contain hashes that are considered to be weak. 

|-Subject : C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/E=info@parallels. 

com 

|-Signature Algorithm : SHA-1 With RSA Encryption 

|-Valid From : Apr 13 06:20:36 2015 GMT 

|-Valid To : Apr 12 06:20:36 2016 GMT


Status 

Plugin 


"SSL Certificate Signed Using SHA-1 Algorithm" 

Category 

"General " 


Synopsis An SSL certificate in the certificate chain has been signed using the SHA-1 hashing algorithm. 

Description The remote service uses an SSL certificate chain that has been signed with SHA-1, a cryptographically weak 

hashing algorithm. This signature algorithm is known to be vulnerable to collision attacks. An attacker can exploit this 

to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected 

service. 

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire on or between January 1, 2016 

and December 31, 2016 as informational. This is in accordance with Google's gradual sunsetting of the SHA-1 

cryptographic hash algorithm. 

Note that certificates in the chain that are contained in the Nessus CA database have been ignored. 

See also: 

http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html 



Plugin 

output 

The following certificates were part of the certificate chain sent by 

the remote host, but contain hashes that are considered to be weak. 

|-Subject : C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/E=info@parallels. 

com 

|-Signature Algorithm : SHA-1 With RSA Encryption 

|-Valid From : Apr 13 06:20:36 2015 GMT 

|-Valid To : Apr 12 06:20:36 2016 GMT


Status 

Plugin 


"OpenSSL Detection" 

Category 



Synopsis The remote service appears to use OpenSSL to encrypt traffic. 

Description Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote 

service is using the OpenSSL library to encrypt traffic. 

Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 

4366). 

See also: 

http://www.openssl.org 

Risk factor NONE / CVSS BASE SCORE :0.0 null


Status 

Plugin 



Category 







4366). 

See also: 




Status 

Plugin 



Category 







4366). 

See also: 




Status 

Plugin 


"Service Detection" 

Category 



Synopsis The remote service could be identified. 

Description Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it 

receives an HTTP request. 


Plugin 

output 

A web server is running on this port.


Status 

Plugin 



Category 







Plugin 

output 

A web server is running on this port.


Status 

Plugin 



Category 







Plugin 

output 

A web server is running on this port through TLSv1.


Status 

Plugin 



Category 







Plugin 

output 

A TLSv1 server answered on this port.


Status 

Plugin 



Category 







Plugin 

output 

A POP3 server is running on this port.


Status 

Plugin 



Category 







Plugin 

output 

An SMTP server is running on this port.


Status 

Plugin 


"TCP/IP Timestamps Supported" 

Category 

"General " 


Synopsis The remote service implements TCP timestamps. 

Description The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the 

uptime of the remote host can sometimes be computed. 

See also: 

http://www.ietf.org/rfc/rfc1323.txt 



Status 

Plugin 


"SSL Anonymous Cipher Suites Supported" 

Category 



Synopsis The remote service supports the use of anonymous SSL ciphers. 

Description The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a 

service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the 

remote host's identity and renders the service vulnerable to a man-in-the-middle attack. 

Note: This is considerably easier to exploit if the attacker is on the same physical network. 

See also: 


Risk factor CVE-2007-1858 - Low / CVSS BASE SCORE :2.6 CVSS2#(AV:N/AC:H/Au:N/C:P/I:N/A:N) 

Plugin 

output Here is the list of SSL anonymous ciphers supported by the remote server : 


TLSv1 

ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES-CBC(168) Mac=SHA1 

ADH-AES128-SHA Kx=DH Au=None Enc=AES-CBC(128) Mac=SHA1 


ADH-CAMELLIA128-SHA Kx=DH Au=None Enc=Camellia-CBC(128) Mac=SHA1

ADH-CAMELLIA256-SHA Kx=DH Au=None Enc=Camellia-CBC(256) Mac=SHA1 

ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5 

ADH-SEED-SHA Kx=DH Au=None Enc=SEED-CBC(128) Mac=SHA1 

AECDH-DES-CBC3-SHA Kx=ECDH Au=None Enc=3DES-CBC(168) Mac=SHA1 

AECDH-AES128-SHA Kx=ECDH Au=None Enc=AES-CBC(128) Mac=SHA1 


AECDH-RC4-SHA Kx=ECDH Au=None Enc=RC4(128) Mac=SHA1 

DH-AES128-SHA256 Kx=DH Au=None Enc=AES-CBC(128) Mac=SHA256 


TLSv12 

DH-AES128-SHA256 Kx=DH Au=None Enc=AES-GCM(128) Mac=SHA256 








{export flag} 

Addition 

Information 

CVE: 


BID : 28482 Other references { osvdb : 34882 } 

Solution Reconfigure the affected application if possible to avoid use of weak ciphers.


Status 

Plugin 


"SSL Certificate Chain Not Sorted" 

Category 

"General " 


Synopsis The X.509 certificate chain used by this service contains certificates that aren't in order. 

Description At least one of the X.509 certificates sent by the remote host is not in order. Some certificate authorities publish 

certificate bundles that are in descending instead of ascending order, which is incorrect according to RFC 4346, 

Section 7.4.2. 

Some SSL implementations, often those found in embedded devices, cannot handle unordered certificate chains. 

See also: 



Plugin 

output The certificate chain sent by the remote host is not in order : 

|-Subject : C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3 

|-Issuer : C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 

| 

|--Subject : CN=www.takti.co.il 

|--Issuer : C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA 

Solution Reorder the certificates in the certificate chain.


Status 

Plugin 


"SSL / TLS Versions Supported" 

Category 

"General " 


Synopsis The remote service encrypts communications. 

Description This plugin detects which SSL and TLS versions are supported by the remote service for encrypting 

communications. 


Plugin 

output 

This port supports TLSv1.0/TLSv1.1/TLSv1.2.


Status 

Plugin 



Category 

"General " 






Plugin 

output 

This port supports SSLv2/SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.


Status 

Plugin 



Category 

"General " 






Plugin 

output 

This port supports SSLv2/SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.


Status 

Plugin 


"SSL Perfect Forward Secrecy Cipher Suites Supported" 

Category 

"General " 


Synopsis The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if 

Description the key is stolen. 

The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher 

suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised. 

See also: 


http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange 

http://en.wikipedia.org/wiki/Perfect_forward_secrecy 


Plugin 

output Here is the list of SSL PFS ciphers supported by the remote server : 

High Strength Ciphers (>= 112-bit key) 

TLSv1 

ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1 

ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1 


ECDHE-RSA-AES128-SHA256 Kx=ECDHE Au=RSA Enc=AES-CBC(128) Mac=SHA256 


TLSv12 

ECDHE-RSA-AES128-SHA256 Kx=ECDHE Au=RSA Enc=AES-GCM(128) Mac=SHA256 

ECDHE-RSA-AES256-SHA384 Kx=ECDHE Au=RSA Enc=AES-GCM(256) Mac=SHA384







{export flag}


Status 

Plugin 



Category 

"General " 






See also: 





Plugin 



TLSv1 

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1 

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1 


DHE-RSA-CAMELLIA128-SHA Kx=DH Au=RSA Enc=Camellia-CBC(128) Mac=SHA1 


DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA256 


TLSv12 

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256

DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384 







{export flag}


Status 

Plugin 



Category 

"General " 






See also: 





Plugin 



TLSv1 




DHE-RSA-CAMELLIA128-SHA Kx=DH Au=RSA Enc=Camellia-CBC(128) Mac=SHA1


DHE-RSA-SEED-SHA Kx=DH Au=RSA Enc=SEED-CBC(128) Mac=SHA1 




ECDHE-RSA-RC4-SHA Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1 





TLSv12 











{export flag}


Status 

Plugin 


"HTTP Server Type and Version" 

Category 

Priority 


"Low Priority 

Synopsis A web server is running on the remote host. 

Description This plugin attempts to determine the type and the version of the remote web server. 


Plugin 

output 

The remote web server type is : 

sw-cp-server


Status 

Plugin 



Category 

Priority 


"Low Priority 




Plugin 

output 


nginx


Status 

Plugin 



Category 

Priority 


"Low Priority 




Plugin 

output 


nginx


Status 

Plugin 


"Web Server Harvested Email Addresses" 

Category 

Priority 


"Low Priority 

Synopsis Email addresses were harvested from the web server. 

Description Nessus harvested HREF mailto: links and extracted email addresses by crawling the remote web server. 


Plugin 

output 

The following email address has been gathered : 

- 'callme@takti.co.il', referenced from : 

/ 

/BuildaGate5/general2/company_search_tree.php


Status 

Plugin 


"Web Server Harvested Email Addresses" 

Category 

Priority 


"Low Priority 

Synopsis Email addresses were harvested from the web server. 

Description Nessus harvested HREF mailto: links and extracted email addresses by crawling the remote web server. 


Plugin 

output 

The following email address has been gathered : 

- 'callme@takti.co.il', referenced from : 

/ 

/BuildaGate5/general2/company_search_tree.php


Status 

Plugin 


"SSL Certificate commonName Mismatch" 

Category 

"General " 


Synopsis The SSL certificate commonName does not match the host name. 

Description This service presents an SSL certificate for which the 'commonName' (CN) does not match the host name on which 

the service listens. 


Plugin 

output The host name known by Nessus is : 



parallels panel 

Solution If the machine has several names, make sure that users connect to the service through the DNS host name that 

matches the common name in the certificate.


Status 

Plugin 


"SSL Certificate commonName Mismatch" 

Category 

"General " 


Synopsis The SSL certificate commonName does not match the host name. 

Description This service presents an SSL certificate for which the 'commonName' (CN) does not match the host name on which 

the service listens. 


Plugin 

output The host name known by Nessus is : 



parallels panel 

Solution If the machine has several names, make sure that users connect to the service through the DNS host name that 

matches the common name in the certificate.


Status 

Plugin 


"SSL Cipher Block Chaining Cipher Suites Supported" 

Category 

"General " 


Synopsis The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with 

Description subsequent ones. 

The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher 

suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if 

used improperly. 

See also: 


http://www.nessus.org/u?cc4a822a 

http://www.openssl.org/~bodo/tls-cbc.txt 


Plugin 

output Here is the list of SSL CBC ciphers supported by the remote server : 


TLSv1 




DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1 

AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1 


CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1 


ECDHE-RSA-AES128-SHA256 Kx=ECDHE Au=RSA Enc=AES-CBC(128) Mac=SHA256


RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256 








{export flag}


Status 

Plugin 



Category 

"General " 







See also: 





Plugin 



TLSv1 









CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1












{export flag}


Status 

Plugin 



Category 

"General " 







See also: 





Plugin 



EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2-CBC(40) Mac=MD5 export 

DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-CBC(56) Mac=SHA1 


SSLv2 

DES-CBC3-MD5 Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=MD5 

IDEA-CBC-MD5 Kx=RSA Au=RSA Enc=IDEA-CBC(128) Mac=MD5 

RC2-CBC-MD5 Kx=RSA Au=RSA Enc=RC2-CBC(128) Mac=MD5 

TLSv1 
























IDEA-CBC-SHA Kx=RSA Au=RSA Enc=IDEA-CBC(128) Mac=SHA1 

SEED-SHA Kx=RSA Au=RSA Enc=SEED-CBC(128) Mac=SHA1 















{export flag}


Status 

Plugin 


"SSL Cipher Suites Supported" 

Category 

Priority 

"General " 

"Low Priority 

Synopsis The remote service encrypts communications using SSL. 

Description This plugin detects which SSL ciphers are supported by the remote service for encrypting communications. 

See also: 

https://www.openssl.org/docs/manmaster/apps/ciphers.html 

http://www.nessus.org/u?7d537016 


Plugin 

output Here is the list of SSL ciphers supported by the remote server : 

Each group is reported per SSL Version. 

SSL Version : TLSv12 














ECDHE-RSA-AES128-SHA256 Kx=ECDHE Au=RSA Enc=AES-GCM(128) Mac=SHA256


RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=SHA256 






















SSL Version : SSLv3 




ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1












{export flag}


Status 

Plugin 



Category 

Priority 

"General " 

"Low Priority 



See also: 




Plugin 

















RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256




































{export flag}


Status 

Plugin 



Category 

Priority 

"General " 

"Low Priority 



See also: 




Plugin 






DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1



























RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 







ECDHE-RSA-AES256-SHA384 Kx=ECDHE Au=RSA Enc=AES-CBC(256) Mac=SHA384





















ADH-AES256-SHA Kx=DH Au=None Enc=AES-CBC(256) Mac=SHA1






















































SEED-SHA Kx=RSA Au=RSA Enc=SEED-CBC(128) Mac=SHA1























AECDH-RC4-SHA Kx=ECDH Au=None Enc=RC4(128) Mac=SHA1












DES-CBC3-MD5 Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=MD5 

IDEA-CBC-MD5 Kx=RSA Au=RSA Enc=IDEA-CBC(128) Mac=MD5 

RC2-CBC-MD5 Kx=RSA Au=RSA Enc=RC2-CBC(128) Mac=MD5 








{export flag}


Status 

Plugin 


"HTTP X-Frame-Options Response Header Usage" 

Category 

"CGI abuses " 


Synopsis The remote web server does not take steps to mitigate a class of web application vulnerabilities. 

Description The remote web server in some responses sets a permissive X-Frame-Options response header or does not set one 

at all. 

The X-Frame-Options header has been proposed by Microsoft as a way to mitigate clickjacking attacks and is currently 

supported by all major browser vendors 

See also: 

http://en.wikipedia.org/wiki/Clickjacking 

http://www.nessus.org/u?399b1f56 


Plugin 

output 

The following pages do not set a X-Frame-Options response header or set a permissive policy: 

- http://www.takti.co.il:8880/sitebuilder/ 

Solution Set a properly configured X-Frame-Options header for all requested resources.


Status 

Plugin 


"HTTP X-Content-Security-Policy Response Header Usage" 

Category 

"CGI abuses " 



Description The remote web server in some responses sets a permissive Content-Security-Policy (CSP) response header or does 

not set one at all. 

The CSP header has been proposed by the W3C Web Application Security Working Group as a way to mitigate crosssite 

scripting and clickjacking attacks. 

See also: 

http://content-security-policy.com/ 

https://www.w3.org/TR/CSP2/ 


Plugin 

output 

The following pages do not set a Content-Security-Policy response header or set a permissive policy: 


Solution Set a properly configured Content-Security-Policy header for all requested resources.


Status 

Plugin 



Category 

"CGI abuses " 







See also: 




Plugin 

output 


- https://www.takti.co.il/ 

- https://www.takti.co.il/BuildaGate5/ 

- https://www.takti.co.il/BuildaGate5/general2/ 

- https://www.takti.co.il/BuildaGate5/general2/company_search_tree.php 

- https://www.takti.co.il/BuildaGate5/portals/ 

- https://www.takti.co.il/BuildaGate5/portals/takti/ 

- https://www.takti.co.il/cal/ 

- https://www.takti.co.il/demo/ 

- https://www.takti.co.il/demo/1.html 



- https://www.takti.co.il/demo/4.html

- https://www.takti.co.il/demo/index.html 

- https://www.takti.co.il/images/ 

- https://www.takti.co.il/test/ 

- https://www.takti.co.il/webalizer/ 



Status 

Plugin 



Category 

"CGI abuses " 







See also: 




Plugin 

output 


- http://www.takti.co.il/ 

- http://www.takti.co.il/BuildaGate5/ 

- http://www.takti.co.il/BuildaGate5/general2/ 

- http://www.takti.co.il/BuildaGate5/general2/company_search_tree.php 

- http://www.takti.co.il/BuildaGate5/portals/ 

- http://www.takti.co.il/BuildaGate5/portals/takti/ 

- http://www.takti.co.il/cal/ 

- http://www.takti.co.il/demo/ 

- http://www.takti.co.il/demo/1.html 



- http://www.takti.co.il/demo/4.html

- http://www.takti.co.il/demo/index.html 

- http://www.takti.co.il/images/ 

- http://www.takti.co.il/test/ 

- http://www.takti.co.il/webalizer/ 



Status 

Plugin 


"TLS NPN Supported Protocol Enumeration" 

Category 

"Misc. " 


Synopsis The remote host supports the TLS NPN extension. 

Description The remote host supports the TLS NPN (Transport Layer Security Next Protocol Negotiation) extension. This plugin 

enumerates the protocols the extension supports. 

See also: 


Plugin 

output 

NPN Supported Protocols: 

http/1.1 

https://tools.ietf.org/id/draft-agl-tls-nextprotoneg-03.html


Status 

Plugin 


"POP3 Service STLS Command Support" 

Category 

"Misc. " 


Synopsis The remote mail service supports encrypting traffic. 

Description The remote POP3 service supports the use of the 'STLS' command to switch from a cleartext to an encrypted 

communications channel. 

See also: 

http://en.wikipedia.org/wiki/STARTTLS 



Plugin 

output 

Here is the POP3 server's SSL certificate that Nessus was able to 

collect after sending a 'STLS' command : 

------------------------------ snip ------------------------------ 

Subject Name: 

Country: US 







Issuer Name: 

Country: US







Serial Number: 55 2B 60 34 

Version: 1 
















49 20 9C D1 98 B8 8E BE E1 D6 72 45 E8 50 20 82 09 4E 8A 0B 


C1 16 3F 24 6A 1F C0 55 10 92 6C 0B 21 0E 41 67 1A 86 EC 9E 


Exponent: 01 00 01




30 76 B1 DA 92 38 E8 CF D6 A3 94 D2 72 10 89 C8 89 60 C4 52 


32 44 6D D2 46 E1 D0 06 DE 8D 2D 82 78 DF 89 32 D2 10 57 73 


6F CB A2 3D 6F DD EA 96 D2 CA 74 61 0D 41 35 1C 38 A2 C1 83 






21 67 C3 68 BF 8B D8 1F 49 D0 EF 1B 57 12 03 70 2A 

------------------------------ snip ------------------------------


Status 

Plugin 


"CGI Generic Injectable Parameter" 

Category 

"CGI abuses " 


Synopsis Some CGIs are candidate for extended injection tests. 

Description Nessus was able to to inject innocuous strings into CGI parameters and read them back in the HTTP response. 

The affected parameters are candidates for extended injection tests like cross-site scripting attacks. 

This is not a weakness per se, the main purpose of this test is to speed up other scripts. The results may be useful for 

a human pen-tester. 


Plugin 


+ The following resources may be vulnerable to injectable parameter : 


/BuildaGate5/general2/company_search_tree.php?FromRec=bpwowf 

-------- output -------- 

 


Status 

Plugin 


"CGI Generic Injectable Parameter" 

Category 

"CGI abuses " 


Synopsis Some CGIs are candidate for extended injection tests. 

Description Nessus was able to to inject innocuous strings into CGI parameters and read them back in the HTTP response. 

The affected parameters are candidates for extended injection tests like cross-site scripting attacks. 

This is not a weakness per se, the main purpose of this test is to speed up other scripts. The results may be useful for 

a human pen-tester. 


Plugin 


+ The following resources may be vulnerable to injectable parameter : 

+ The 'FromRec' parameter of the /BuildaGate5/general2/company_search_tree.php CGI :

BuildaGate5/general2/company_search_tree.php?FromRec=bpwowf 

-------- output -------- 

 


Status 

Plugin 


"SSL/TLS Diffie-Hellman Modulus

SSL/TLS version : SSLv3 

Cipher suite : TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 

Diffie-Hellman MODP size (bits) : 1024 

Logjam attack difficulty : Hard (would require nation-state resources) 


Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA 




Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA 




Cipher suite : TLS1_CK_DHE_RSA_WITH_DES_CBC_SHA 




Cipher suite : TLS1_CK_DHE_RSA_WITH_SEED_CBC_SHA 



SSL/TLS version : TLSv1.0 





Cipher suite : TLS1_CK_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 


Logjam attack difficulty : Easy (could be carried out by individuals)






















Cipher suite : TLS1_CK_DHE_RSA_WITH_SEED_CBC_SHA 





Diffie-Hellman MODP size (bits) : 1024



Cipher suite : TLS1_CK_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 


Logjam attack difficulty : Easy (could be carried out by individuals) 






















Cipher suite : TLS1_CK_DHE_RSA_WITH_SEED_CBC_SHA



Addition 

Information 

CVE: 



Solution Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.


Status 

Plugin 


"SSL RC4 Cipher Suites Supported" 

Category 

"General " 


Synopsis The remote service supports the use of the RC4 cipher. 

Description The remote host supports the use of RC4 in one or more cipher suites. 

The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases 

are introduced into the stream, decreasing its randomness. 

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) 

ciphertexts, the attacker may be able to derive the plaintext. 

See also: 

http://www.nessus.org/u?217a3666 

http://cr.yp.to/talks/2013.03.12/slides.pdf 

http://www.isg.rhul.ac.uk/tls/ 

http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf 

Risk factor CVE-2013-2566 - Low / CVSS BASE SCORE :2.6 CVSS2#(AV:N/AC:H/Au:N/C:P/I:N/A:N), LOW / CVSS BASE SCORE :2.6 

CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N 

Plugin 

output List of RC4 cipher suites supported by the remote server : 


EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export 


SSLv2 


TLSv1 












{export flag} 

Addition 

Information 

CVE: 



BID : 58796, 73684 Other references { osvdb : 91162, 117855 } 

Solution Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM 

suites subject to browser and web server support.


Status 

Plugin 


"HTTP Methods Allowed (per directory)" 

Category 



Synopsis This plugin determines which HTTP methods are allowed on various CGI directories. 

Description By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. 

As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' 

is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported 

if it receives a response code of 400, 403, 405, or 501. 

Note that the plugin output is only informational and does not necessarily indicate the presence of any security 

vulnerabilities. 


Plugin 

output Based on tests of each method : 

- HTTP methods ACL BCOPY BDELETE BMOVE BPROPFIND BPROPPATCH CHECKIN 

CHECKOUT CONNECT COPY DEBUG DELETE GET HEAD INDEX LABEL LOCK 

MERGE MKACTIVITY MKCOL MKWORKSPACE MOVE NOTIFY OPTIONS ORDERPATCH 

PATCH POLL POST PROPFIND PROPPATCH PUT REPORT RPC_IN_DATA 

RPC_OUT_DATA SEARCH SUBSCRIBE UNCHECKOUT UNLOCK UNSUBSCRIBE 

UPDATE are allowed on : 

/admin 

/admin-bak 

/admin-old 

/admin.back 

/admin_

administration 

/administrator 

/adminuser 

/adminweb 

/sitebuilder 

/sitebuildercontent 

/sitebuilderfiles 

/sitebuilderpictures 

- HTTP methods GET HEAD POST are allowed on : 

/ 

/backup 

/images 

/javascript 

- Invalid/unknown HTTP methods are allowed on : 

/admin 

/admin-bak 

/admin-old 

/admin.back 

/admin_ 

/administration 

/administrator 

/adminuser 

/adminweb 

/sitebuilder 

/sitebuildercontent 

/sitebuilderfiles 

/sitebuilderpictures


Status 

Plugin 



Category 











Plugin 

output 

Based on the response to an OPTIONS request : 

- HTTP methods GET HEAD OPTIONS POST are allowed on : 

/BuildaGate5 

/BuildaGate5/portals 

/BuildaGate5/portals/takti 

/cal 

/demo 

/error 

/icons 

/images 

/pipermail 

/test 

/tmp

webalizer 

Based on tests of each method : 


CHECKOUT COPY DEBUG DELETE GET HEAD INDEX LABEL LOCK MERGE 

MKACTIVITY MKCOL MKWORKSPACE MOVE NOTIFY OPTIONS ORDERPATCH PATCH 

POLL POST PROPFIND PROPPATCH PUT REPORT RPC_IN_DATA RPC_OUT_DATA 

SEARCH SUBSCRIBE UNCHECKOUT UNLOCK UNSUBSCRIBE UPDATE 

are allowed on : 

/cgi-bin 

/mailman 


/ 

/BuildaGate5 

/BuildaGate5/general2 



/cal 

/demo 

/error 

/icons 

/images 

/pipermail 

/test 

/tmp 

/webalizer 

- Invalid/unknown HTTP methods are allowed on :

cgi-bin 

/mailman


Status 

Plugin 



Category 











Plugin 

output 

Based on the response to an OPTIONS request : 


/BuildaGate5 



/cal 

/demo 

/error 

/icons 

/images 

/pipermail 

/test 

/tmp

webalizer 

Based on tests of each method : 


CHECKOUT COPY DEBUG DELETE GET HEAD INDEX LABEL LOCK MERGE 

MKACTIVITY MKCOL MKWORKSPACE MOVE NOTIFY OPTIONS ORDERPATCH PATCH 

POLL POST PROPFIND PROPPATCH PUT REPORT RPC_IN_DATA RPC_OUT_DATA 

SEARCH SUBSCRIBE UNCHECKOUT UNLOCK UNSUBSCRIBE UPDATE 

are allowed on : 

/cgi-bin 

/mailman 


/ 

/BuildaGate5 

/BuildaGate5/general2 



/cal 

/demo 

/error 

/icons 

/images 

/pipermail 

/test 

/tmp 

/webalizer 

- Invalid/unknown HTTP methods are allowed on :

cgi-bin 

/mailman


Status 

Plugin 


"Non-compliant Strict Transport Security (STS)" 

Category 



Synopsis The remote web server implements Strict Transport Security incorrectly. 

Description The remote web server implements Strict Transport Security. However, it does not respect all the requirements of 

the STS draft standard. 

See also: 

http://www.nessus.org/u?2fb3aca6 


Plugin 

output The response from the web server listening on port 80 : 

- does not contain a Status-Code of 301. 

- does not contain a Location header field. 

The following are the headers received : 

HTTP/1.1 200 OK Server: nginx Date: Tue, 12 Jul 2016 07:50:54 GMT Content-Type: text/html; charset=utf-8 Transfer- 

Encoding: chunked Connection: keep-alive Expires: Thu, 19 Nov 1981 08:52:00 GMT Pragma: no-cache Cache-Control: 

private, max-age=10800, pre-check=10800 Set-Cookie: PHPSESSID=ao5kq83e9upktblbipmretc8g1; path=/; HttpOnly 

X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-WebKit-CSP: 

default-src 'self' X-Permitted-Cross-Domain-Policies: master-only Strict-Transport-Security: max-age=15768000; 

includeSubDomains MS-Author-Via: DAV


Status 

Plugin 


"Non-compliant Strict Transport Security (STS)" 

Category 



Synopsis The remote web server implements Strict Transport Security incorrectly. 

Description The remote web server implements Strict Transport Security. However, it does not respect all the requirements of 

the STS draft standard. 

See also: 


Plugin 

output 


The Strict-Transport-Security header must not be sent over an 

unencrypted channel.


Status 

Plugin 


"Strict Transport Security (STS) Detection" 

Category 



Synopsis The remote web server implements Strict Transport Security. 

Description The remote web server implements Strict Transport Security (STS). 

The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser. 

All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' 

and to close the connection in the event of potentially insecure situations. 

See also: 


Plugin 

output The STS header line is : 


Strict-Transport-Security: max-age=15768000;includeSubDomains


Status 

Plugin 


"Strict Transport Security (STS) Detection" 

Category 



Synopsis The remote web server implements Strict Transport Security. 

Description The remote web server implements Strict Transport Security (STS). 

The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser. 

All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' 

and to close the connection in the event of potentially insecure situations. 

See also: 


Plugin 

output The STS header line is : 


Strict-Transport-Security: max-age=15768000;includeSubDomains


Status 

Plugin 


"Web Application Cookies Not Marked Secure" 

Category 



Synopsis HTTP session cookies might be transmitted in cleartext. 

Description The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. 

However, there are instances where the application is running over unencrypted HTTP or the cookies are not marked 

'secure', meaning the browser could send them back over an unencrypted link under certain circumstances. As a 

result, it may be possible for a remote attacker to intercept these cookies. 

Note that this plugin detects all general cookies missing the 'secure' cookie flag, whereas plugin 49218 (Web 

Application Session Cookies Not Marked Secure) will only detect session cookies from an authenticated session 

missing the secure cookie flag. 

See also: 

https://www.owasp.org/index.php/SecureFlag 


Plugin 

output The following cookies do not set the secure cookie flag : 

Name : SBSESSION 

Path : / 

Value : 99b565da84db95ade87a5090ef15dcee 

Domain : 

Version : 1 

Expires : 

Comment : 

Secure : 0 

Httponly : 1 

Port :

Name : PHPSESSID 

Path : / 

Value : 4vnvsqdlplj4k261hr7021oec0 

Domain : 

Version : 1 

Expires : 

Comment : 

Secure : 0 

Httponly : 1 

Port : 

Solution Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security 

decision. 

If possible, ensure all communication occurs over an encrypted channel and add the 'secure' attribute to all session 

cookies or any cookies containing sensitive data.


Status 

Plugin 



Category 











See also: 



Plugin 



Path : / 


Domain : 

Version : 1 

Expires : 

Comment : 

Secure : 0 

Httponly : 1 

Port :


Path : / 


Domain : 

Version : 1 

Expires : 

Comment : 

Secure : 0 

Httponly : 1 

Port : 


decision. 




Status 

Plugin 



Category 











See also: 



Plugin 



Path : / 


Domain : 

Version : 1 

Expires : 

Comment : 

Secure : 0 

Httponly : 1 

Port :


Path : / 


Domain : 

Version : 1 

Expires : 

Comment : 

Secure : 0 

Httponly : 1 

Port : 


decision. 




Status 

Plugin 


"Web Application Sitemap" 

Category 

Priority 


"Low Priority 

Synopsis The remote web server hosts linkable content that can be crawled by Nessus. 

Description The remote web server contains linkable content that can be used to gather information about a target. 

See also: 

http://www.nessus.org/u?5496c8d9 


Plugin 

output The following sitemap was created from crawling linkable content on the target host : 


Attached is a copy of the sitemap file.


Status 

Plugin 



Category 

Priority 


"Low Priority 



See also: 



Plugin 


- https://www.takti.co.il/ 

- https://www.takti.co.il/BuildaGate5/ 

- https://www.takti.co.il/BuildaGate5/general2/ 

- https://www.takti.co.il/BuildaGate5/general2/company_search_tree.php 

- https://www.takti.co.il/BuildaGate5/general2/styletakti.css 



- https://www.takti.co.il/BuildaGate5/portals/takti/styleDefs.css 

- https://www.takti.co.il/cal/ 

- https://www.takti.co.il/demo/ 





- https://www.takti.co.il/demo/index.html 

- https://www.takti.co.il/images/ 

- https://www.takti.co.il/test/ 

- https://www.takti.co.il/webalizer/



Status 

Plugin 



Category 

Priority 


"Low Priority 



See also: 



Plugin 


- http://www.takti.co.il/ 

- http://www.takti.co.il/BuildaGate5/ 

- http://www.takti.co.il/BuildaGate5/general2/ 

- http://www.takti.co.il/BuildaGate5/general2/company_search_tree.php 

- http://www.takti.co.il/BuildaGate5/general2/styletakti.css 



- http://www.takti.co.il/BuildaGate5/portals/takti/styleDefs.css 

- http://www.takti.co.il/cal/ 

- http://www.takti.co.il/demo/ 





- http://www.takti.co.il/demo/index.html 

- http://www.takti.co.il/images/ 

- http://www.takti.co.il/test/ 

- http://www.takti.co.il/webalizer/



Status 

Plugin 


"SMTP Server Detection" 

Category "Service detection " 


Synopsis An SMTP server is listening on the remote port. 

Description The remote host is running a mail (SMTP) server on this port. 

Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it. 


Plugin 

output Remote SMTP server banner : 

220 server.takti.co.il ESMTP Postfix 

Solution Disable this service if you do not use it, or filter incoming traffic to this port.


Status 

Plugin 


"SMTP Service STARTTLS Command Support" 

Category 



Synopsis The remote mail service supports encrypting traffic. 

Description The remote SMTP service supports the use of the 'STARTTLS' command to switch from a cleartext to an encrypted 

communications channel. 

See also: 

http://en.wikipedia.org/wiki/STARTTLS 



Plugin 

output 

Here is the SMTP service's SSL certificate that Nessus was able to 

collect after sending a 'STARTTLS' command : 

------------------------------ snip ------------------------------ 

Subject Name: 

Country: US 







Issuer Name: 

Country: US







Serial Number: 55 2B 60 34 

Version: 1 
















49 20 9C D1 98 B8 8E BE E1 D6 72 45 E8 50 20 82 09 4E 8A 0B 


C1 16 3F 24 6A 1F C0 55 10 92 6C 0B 21 0E 41 67 1A 86 EC 9E 


Exponent: 01 00 01




30 76 B1 DA 92 38 E8 CF D6 A3 94 D2 72 10 89 C8 89 60 C4 52 


32 44 6D D2 46 E1 D0 06 DE 8D 2D 82 78 DF 89 32 D2 10 57 73 


6F CB A2 3D 6F DD EA 96 D2 CA 74 61 0D 41 35 1C 38 A2 C1 83 






21 67 C3 68 BF 8B D8 1F 49 D0 EF 1B 57 12 03 70 2A 

------------------------------ snip ------------------------------


Status 

Plugin 


"POP3 Cleartext Logins Permitted" 

Category 

"Misc. " 


Synopsis The remote POP3 daemon allows credentials to be transmitted in cleartext. 

Description The remote host is running a POP3 daemon that allows cleartext logins over unencrypted connections. An attacker 

can uncover user names and passwords by sniffing traffic to the POP3 daemon if a less secure authentication 

mechanism (eg, USER command, AUTH PLAIN, AUTH LOGIN) is used. 

See also: 




Plugin 

output 

The following cleartext methods are supported : 

SASL LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 PLAIN 

USER 

Solution Contact your vendor for a fix or encrypt traffic with SSL / TLS using stunnel.


Status 

Plugin 


"SMTP Service Cleartext Login Permitted" 

Category 



Synopsis The remote mail server allows cleartext logins. 

Description The remote host is running an SMTP server that advertises that it allows cleartext logins over unencrypted 

connections. An attacker may be able to uncover user names and passwords by sniffing traffic to the server if a less 

secure authentication mechanism (i.e. LOGIN or PLAIN) is used. 

See also: 




Plugin 

output 

The SMTP server advertises the following SASL methods over an 

unencrypted channel : 

All supported methods : PLAIN, LOGIN, DIGEST-MD5, CRAM-MD5 

Cleartext methods : PLAIN, LOGIN 

Solution Configure the service to support less secure authentication mechanisms only over an encrypted channel.


Status 

Plugin 


"Nessus SYN scanner" 

Category 

"Port scanners " 


Synopsis It is possible to determine which TCP ports are open. 

Description This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. 

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause 

problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded. 


Plugin 

output 

Port 8880/tcp was found to be open 

Solution Protect your target with an IP filter.


Status 

Plugin 



Category 








Plugin 

output 




Status 

Plugin 



Category 








Plugin 

output 




Status 

Plugin 



Category 








Plugin 

output 




Status 

Plugin 



Category 








Plugin 

output 




Status 

Plugin 


"SMTP Authentication Methods" 

Category 

Priority 


"Low Priority 

Synopsis The remote mail server supports authentication. 

Description The remote SMTP server advertises that it supports authentication. 

See also: 




Plugin 

output 

The following authentication methods are advertised by the SMTP 

server without encryption : 

CRAM-MD5 

DIGEST-MD5 

LOGIN 

PLAIN 

The following authentication methods are advertised by the SMTP 

server with encryption : 

CRAM-MD5 

DIGEST-MD5 

LOGIN 

PLAIN 

Solution Review the list of methods and whether they're available over an encrypted channel.


Status 

Plugin 


"Patch Report" 

Category 

"General " 


Synopsis The remote host is missing several patches. 

Description The remote host is missing one or more security patches. This plugin lists the newest version of each patch to 

install to make sure the remote host is up-to-date. 


Plugin 

output 

. You need to take the following action : 

[ OpenSSL AES-NI Padding Oracle MitM Information Disclosure (91572) ] 

+ Action to take : Upgrade to OpenSSL version 1.0.1t / 1.0.2h or later. 

Solution Install the patches listed below.


Status 

Plugin 


"TLS Next Protocols Supported" 

Category 

"General " 


Synopsis The remote service advertises one or more protocols as being supported over TLS. 

Description This script detects which protocols are advertised by the remote service to be encapsulated by TLS connections. 

Note that Nessus did not attempt to negotiate TLS sessions with the protocols shown. The remote service may be 

falsely advertising these protocols and / or failing to advertise other supported protocols. 

See also: 

http://tools.ietf.org/html/draft-agl-tls-nextprotoneg 

https://technotes.googlecode.com/git/nextprotoneg.html 


Plugin 

output 

The target advertises that the following protocols are 

supported over SSL / TLS : 

http/1.1


Status 

Plugin 


"SSL Certificate Chain Contains Unnecessary Certificates" 

Category 

"General " 


Synopsis The X.509 certificate chain used by this service contains certificates that aren't required to form a path to the CA. 

Description At least one of the X.509 certificates sent by the remote host is not required to form a path from the server's own 

certificate to the CA. This may indicate that the certificate bundle installed with the server's certificate is for 

certificates lower in the certificate hierarchy. 

Some SSL implementations, often those found in embedded devices, cannot handle certificate chains with unused 

certificates. 

See also: 


Plugin 

output 


The following certificates were part of the certificate chain 

sent by the remote host, but are not necessary to building the 

certificate chain. 

|-Country: US 

|-Organization: GeoTrust Inc. 

|-Common Name: RapidSSL SHA256 CA - G3 

Solution Remove unnecessary certificates from the certificate chain.


Status 

Plugin 


"OS Identification Failed" 

Category 

"General " 


Synopsis It was not possible to determine the remote operating system. 

Description Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc), it was possible to gather one or more 

fingerprints from the remote system. Unfortunately, though, Nessus does not currently know how to use them to 

identify the overall system. 


Plugin 

output 

If you think these signatures would help us improve OS fingerprinting, 

please send them to : 

os-signatures@nessus.org 

Be sure to include a brief description of the device itself, such as 

the actual operating system or product / model names. 

HTTP:!:Server: nginx 

SMTP:!:220 server.takti.co.il ESMTP Postfix 

SSLcert:!:i/CN:RapidSSL SHA256 CAi/O:GeoTrust Inc.s/CN:www.takti.co.il 

865c6be84d80b2911150619c0930ef84a7a21a9c 

i/CN:Para 

llels Paneli/O:Parallelsi/OU:Parallels Panels/CN:Parallels Panels/O:Parallelss/OU:Parallels Panel 

8b46c6563e400d0e59071cbf0edf7817746408e8 

i/CN:Parallels Paneli/O:Parallelsi/OU:Parallels Panels/CN:Parallels Panels/O:Parallelss/OU:Parallels Panel 

8b46c6563e400d0e59071cbf0edf7817746408e8


Status 

Plugin 


"smtpscan SMTP Fingerprinting" 

Category 



Synopsis It is possible to fingerprint the remote mail server. 

Description smtpscan is a SMTP fingerprinting tool written by Julien Bordet. It identifies the remote mail server even if the 

banners were changed. 


Plugin 

output This server could be fingerprinted as : 

Postfix 1.1.11


Status 

Plugin 


"Web Server Directory Enumeration" 

Category 



Synopsis It is possible to enumerate directories on the web server. 

Description This plugin attempts to determine the presence of various common directories on the remote web server. By 

sending a request for a directory, the web server response code indicates if it is a valid directory or not. 

See also: 


Plugin 

output 

http://projects.webappsec.org/Predictable-Resource-Location 

The following directories were discovered: 

/admin, /admin-bak, /admin-old, /admin.back, /admin_, /administration, /administrator, /adminuser, /adminweb, 

/backup, /images, /javascript, /sitebuildercontent, /sitebuilderfiles, /sitebuilderpictures, /sitebuilder 

While this is not, in and of itself, a bug, you should manually inspect 

these directories to ensure that they are in compliance with company 

security standards


Status 

Plugin 



Category 






See also: 


Plugin 

output 



/cgi-bin, /demo, /pipermail, /test, /tmp, /webalizer, /error, /icons, /images, /mailman, /cal 



security standards


Status 

Plugin 



Category 






See also: 


Plugin 

output 



/cgi-bin, /demo, /pipermail, /test, /tmp, /webalizer, /error, /icons, /images, /mailman, /cal 



security standards


Status 

Plugin 



Category 

"CGI abuses " 




at all. 



See also: 




Plugin 

output 




- https://www.takti.co.il/webalizer/ 



Status 

Plugin 



Category 

"CGI abuses " 




at all. 



See also: 




Plugin 

output 




- http://www.takti.co.il/webalizer/ 



Status 

Plugin 


"CGI Generic Tests Load Estimation (all tests)" 

Category 

"CGI abuses " 


Synopsis Load estimation for web application tests. 

Description This script computes the maximum number of requests that would be done by the generic web tests, depending on 

miscellaneous options. It does not perform any test by itself. 

The results can be used to estimate the duration of these tests, or the complexity of additional manual tests. 

Note that the script does not try to compute this duration based on external factors such as the network and web 

servers loads. 


Plugin 

output 

Here are the estimated number of requests in miscellaneous modes 

for one method only (GET or POST) : 

[Single / Some Pairs / All Pairs / Some Combinations / All Combinations] 

cross-site scripting (comprehensive test): S=420 SP=6006 AP=6006 SC=4472832 AC=4472832 

cross-site scripting (quick test) : S=220 SP=3146 AP=3146 SC=2342912 AC=2342912 

persistent XSS : S=80 SP=1144 AP=1144 SC=851968 AC=851968 

arbitrary command execution : S=440 SP=6292 AP=6292 SC=4685824 AC=4685824 

web code injection : S=20 SP=286 AP=286 SC=212992 AC=212992 

HTML injection : S=5 SP=5 AP=5 SC=5 AC=5 

arbitrary command execution (time based) : S=120 SP=1716 AP=1716 SC=1277952 AC=1277952 

script injection : S=1 SP=1 AP=1 SC=1 AC=1 

XML injection : S=20 SP=286 AP=286 SC=212992 AC=212992 

unseen parameters : S=700 SP=10010 AP=10010 SC=7454720 AC=7454720 

directory traversal (write access) : S=40 SP=572 AP=572 SC=425984 AC=425984 

SQL injection (2nd order) : S=20 SP=286 AP=286 SC=212992 AC=212992

on site request forgery : S=1 SP=1 AP=1 SC=1 AC=1 

blind SQL injection (4 requests) : S=80 SP=1144 AP=1144 SC=851968 AC=851968 

HTTP response splitting : S=9 SP=9 AP=9 SC=9 AC=9 

directory traversal (extended test) : S=1020 SP=14586 AP=14586 SC=10862592 AC=10862592 

header injection : S=2 SP=2 AP=2 SC=2 AC=2 

cookie manipulation : S=40 SP=572 AP=572 SC=425984 AC=425984 

injectable parameter : S=40 SP=572 AP=572 SC=425984 AC=425984 

local file inclusion : S=80 SP=1144 AP=1144 SC=851968 AC=851968 

directory traversal : S=580 SP=8294 AP=8294 SC=6176768 AC=6176768 

cross-site scripting (extended patterns) : S=7 SP=7 AP=7 SC=7 AC=7 

blind SQL injection : S=240 SP=3432 AP=3432 SC=2555904 AC=2555904 

SQL injection : S=580 SP=8294 AP=8294 SC=6176768 AC=6176768 

SSI injection : S=60 SP=858 AP=858 SC=638976 AC=638976 

format string : S=40 SP=572 AP=572 SC=425984 AC=425984 

All tests : S=4865 SP=69237 AP=69237 SC=51544089 AC=51544089 


for both methods (GET and POST) : 













SQL injection (2nd order) : S=40 SP=572 AP=572 SC=425984 AC=425984 

on site request forgery : S=2 SP=2 AP=2 SC=2 AC=2

lind SQL injection (4 requests) : S=160 SP=2288 AP=2288 SC=1703936 AC=1703936 














Your mode : single, GET or POST, thorough tests, Paranoid. 

Maximum number of requests : 4865


Status 

Plugin 


"CGI Generic Tests Load Estimation (all tests)" 

Category 

"CGI abuses " 


Synopsis Load estimation for web application tests. 

Description This script computes the maximum number of requests that would be done by the generic web tests, depending on 

miscellaneous options. It does not perform any test by itself. 

The results can be used to estimate the duration of these tests, or the complexity of additional manual tests. 

Note that the script does not try to compute this duration based on external factors such as the network and web 

servers loads. 


Plugin 

output 


for one method only (GET or POST) : 













cross-site scripting (extended patterns) : S=7 SP=7 AP=7 SC=7 AC=7

















for both methods (GET and POST) : 














directory traversal (write access) : S=80 SP=1144 AP=1144 SC=851968 AC=851968















Your mode : single, GET or POST, thorough tests, Paranoid. 

Maximum number of requests : 4865


Status 

Plugin 


"SSL/TLS EXPORT_DHE

{export flag} 

Addition 

Information 

CVE: 



Solution Reconfigure the service to remove support for EXPORT_DHE cipher suites.

www.tacti

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?