类型 端口/服务 安全漏洞及解决方案
提示 www (80/tcp) 开放服务
"WEB"服务运行于该端口
BANNER信息 :
HTTP/1.1 200 OK
Date: Fri, 26 Oct 2007 15:31:32 GMT
Server: Apache/2.2.6 (Win32) PHP/5.2.0
X-Powered-By: PHP/5.2.0
Connection: close
Content-Type: text/html
charset=gbk
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html
charset=gbk" />
<title>论坛 - 维修技术交流 - Powered By SupeSite</
NESSUS_ID : 10330
提示 www (80/tcp) http TRACE 跨站攻击
你的webserver支持TRACE 和/或 TRACK 方式。 TRACE和TRACK是用来调试web服务器连接的HTTP方式。
支持该方式的服务器存在跨站脚本漏洞,通常在描述各种浏览器缺陷的时候,把"Cross-Site-Tracing"简称为XST。
攻击者可以利用此漏洞欺骗合法用户并得到他们的私人信息。
解决方案: 禁用这些方式。
如果你使用的是Apache, 在各虚拟主机的配置文件里添加如下语句:
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
如果你使用的是Microsoft IIS, 使用URLScan工具禁用HTTP TRACE请求,或者只开放满足站点需求和策略的方式。
如果你使用的是Sun ONE Web Server releases 6.0 SP2 或者更高的版本, 在obj.conf文件的默认object section里添加下面的语句:
<Client method="TRACE">
AuthTrans fn="set-variable"
remove-headers="transfer-encoding"
set-headers="content-length: -1"
error="501"
</Client>
如果你使用的是Sun ONE Web Server releases 6.0 SP2 或者更低的版本, 编译如下地址的NSAPI插件:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
参见http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/ar ... h/2003-q1/0035.html
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
http://www.kb.cert.org/vuls/id/867593
风险等级: 中
___________________________________________________________________
The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
"Cross-Site-Tracing", when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your legitimate web users to
give him their credentials.
Solution :
Add the following lines for each virtual host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
See also http://www.kb.cert.org/vuls/id/867593
Risk factor : Medium
BUGTRAQ_ID : 9506, 9561, 11604
NESSUS_ID : 11213
提示 www (80/tcp) 目录扫描器
该插件试图确认远程主机上存在的各普通目录
___________________________________________________________________
The following directories were discovered:
/Install, /Log, /Templates, /admin, /cgi-bin, /class, /css, /data, /html, /images, /include, /install, /log, /styles, /templates, /user
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
NESSUS_ID : 11032
Other references : OWASP:OWASP-CM-006
提示 www (80/tcp) HTTP 服务器类型及版本
发现 HTTP 服务器的类型及版本号.
解决方案: 配置服务器经常更改名称,如:'Wintendo httpD w/Dotmatrix display'
确保移除类似 apache_pb.gif 带有 Apache 的通用标志, 可以设定 'ServerTokens Prod' 为受限
该信息来源于服务器本身的响应首部.
风险等级 : 低
___________________________________________________________________
The remote web server type is :
Apache/2.2.6 (Win32) PHP/5.2.0
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
NESSUS_ID : 10107
提示 ftp (21/tcp) 开放服务
"ftp"服务可能运行于该端口.
NESSUS_ID : 10330
提示 HTTP proxy server (8080/tcp) 开放服务
"HTTP proxy server"服务可能运行于该端口.
NESSUS_ID : 10330
我是说如何隐藏服务器名称,谢谢了!我的是apache2.2.6
加什么代码?
SetEnvIfNoCase Request_Method ^(TRACE|TRACK) IS_TRACE
<Directory /docroot>
Order Allow,Deny
Allow from all
Deny from env=IS_TRACE
</Directory>
这个也没有作用啊!
ServerSignature Off
ServerTokens Prod
真想知道怎么做 大哥们 |
置顶卡
喧嚣卡
变色卡
千斤顶
显身卡
楼主